The younger brother wakes up the SQL INJECTION for a while, and found that there is a large number of SQL INJECTION vulnerabilities in China. It seems that there is no need to learn non-learning, deceived "programmers". Not only a lot of vulnerabilities, and the internal structure of the website is also zero ...
About SQL Injection Network SQL injection book can be said to be a very good entry introduction, and there must be some old jackets.
First, it is 1 = 1, 1 = 2 method to test the verification vulnerability, and the characters use 'or 1 = 1 or' 1 '='.
And SQL Server has USER> 0, DB_NAME ()> 0. However, these techniques are just a method of detecting a vulnerability, which is really useful in it.
1. Get all TABLE table names
(Select distinct Top 1 name from sysobjects where xtype = 'U' and status> 0 and name not in (select distinct top i name from sysobjects where xtype = 'U' and status> 0 order by name) order by name)> 0
i is an integer, i Take 1, return the first Table Name (sorted by a table name), 2 Returns the second, so that you are soapped until nothing returns.
2, get the field name after getting the table name (Field Name)
(SELECT TOP 1 Col_name (Object_ID ('TableName'), I) from sysobjects> 0
This sentence returns the name of the i-th field in Tablename
3. Get all the table names and the inner field name, it is estimated that there is a corresponding understanding of the structure of this website. Then how do I get the data in the field?
If it is a string, naturally use> 0 skills, if it is other type, then find a table such as a news, reuse
Update news set caption = (select username from users where id = 9) Where newsid = 100; - Method, the method you want to write out, so that you don't know what you don't know.
I use VB to make a software, automatically get the table name and field name, very fast, instantaneous structure of the entire database is coming out.
Of course, these are just the construction of the SQL statement, there is no too much technology, and this page is also a must-have SQL Server INJECTION http://msdn.microsoft.com/library/default.asp?url=/library/en -US / TSQLREF / TS_TSQLCON_6LYK.ASP