Webshell for alternative SQL Injection

SQL Injection, we must all know that, if you fail to use the conventional method, you can win the website shell. What is http: // www.2cto.com/xxx. asp? Similar names of id = 1 can detect the vulnerability through the famous and 1 = 1 and 1 = 2. At that time, I took a website (for security reasons, I will not name it here) And I will replace it with xxx. Sorry. I tried it with and 1 = 1 and 1 = 2 and found that the website has an injection vulnerability and is an access database, and then passed and exists (select * from admin) the admin table is found and two key fields are found: admin and password. When I want to use count (*) to find the table's data records, the following dialog box is displayed: it doesn't matter, because there is at least one piece of data based on experience. Then, start to guess the value of the first data. When the SQL statement and (select top 1 asc (mid (admin,) from admin)> 0, the following dialog box is displayed: it must have been the website that filters some characters. Finally, it was found that all the characters except select, such as update, insert, and delete are filtered. Should I give up here? The answer is, of course, no, there is another function. I don't know if you still have an impression, that is, right () and left (). At that time, I used the left function to find out, the obtained ascii code is always the first character of the retrieved string. Then I used the right () function to guess its field. Here, the length of the admin field is 5, write the following function expression: and (select top 1 asc (right (admin, 1) from admin)> 0 and so on until the field value is guessed. Haha, several minutes later, the user name and password are successfully cracked.