Most of our penetration targets the B/s model and rarely the c/s model.
I made a case
Using System; using System. collections. generic; using System. linq; using System. text; using System. threading. tasks; using System. data. sqlClient; namespace sqltest {class Program {static void Main (string [] args) {SqlConnection conn = new SqlConnection ("server = .; database = test; uid = sa; pwd = 123456 "); conn. open (); while (true) {Console. writeLine ("enter an account"); string uname = Console. readLine (); Console. writeLine ("Enter Password"); string upass = Console. readLine (); string SQL = "select * from users where uname = '" + uname + "' and upass = '" + upass + "'"; try {SqlCommand cmd = new SqlCommand (SQL, conn); SqlDataReader sdr = cmd. executeReader (); sdr. read (); if (sdr. hasRows = true) {Console. writeLine ("Login successful");} else {Console. writeLine ("Logon Failed");} Console. readKey ();} catch (Exception ex) {Console. writeLine ("exception:" + ex); Console. readKey ();}}}}}
To detect security vulnerabilities, we can use single quotes or other detection characters to make them fail.
After an error occurs, we can use the decompilation tool to analyze the source code.
Finally, we can construct statements to bypass some login restrictions or further penetrate.
It is enough to achieve the goal.