1. Find the injection point 2. Guess the table name 3. Guess the user and password segment of the field name 4. Guely the user and password 5 get the front desk and background password 6. Get the WebShell7. Upload file 8. Leave the web back door
Http://www.51cnet.com/index.php?op=article&file=Read&aid=46Http://www.51cnet.com/index.php?op=article&file=read&aid=137http://www.sensepost.com/ Misc / sqlinsertion.htmhttp: //hackbase.com/news/59/20040830/7845.htmhttp: //hackbase.com/news/59/20040830/7845.htmhttp://computer.mblogger.cn/sprite/posts/ 14051.aspxhttp://www.net.com.cn/eschool/inforcenter/a20040508307433.html
http://www.cnhacker.cn/asp/list.asp?id=1548