¹È¸èɵ¹ÏʽSQL×¢Éä(Google dorks sql injection)
Google dorks sql injection:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:Play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:Page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:Product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:Preview.php?id=
inurl:loadpsb.php?id=
inurl:Opinions.php?id=
inurl:spr.php?id=
inurl:Pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:Participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?
Ïà¹ØÎĵµ£º
LINQ to sqlËäÈ»½«Êý¾Ý¿â²Ù×÷ºÍÒµÎñÂß¼¸ôÀ뿪À´£¬Ê¹¿ª·¢ÈËÔ±Äܹ»Ê¹Óõ¥Ò»µÄÓïÑÔºÍ֪ʶÄܹ»·½±ãµÄ²Ù×÷Êý¾Ý¿â²¢´¦ÀíÒµÎñÂß¼¡£µ«ÊÇÕâ±Ï¾¹ÊÇ΢ÈíO/R½â¾ö·½°¸µÄµÚÒ»¸ö°æ±¾£¬Ïà±ÈÏà¶Ô³ÉÊìµÄDataSetÊý¾Ý¼¯½â¾ö·½°¸À´Ëµ£¬ÎÒÃÇ»¹ÊÇ¿ÉÒÔ¿´µ½Ò»Ð©²»×ã¡£
¡¡¡¡Ê×ÏÈ£¬ÎÒÃÇ×¢Òâµ½ËùÓеÄÊý¾ÝʵÌ岢ûÓдÓÒ»¸ö»ùÀàÖÐÅÉÉú£¬ÕâʹµÃ¸ø¿ª·¢Í¨Ó ......
*
sql xml ÈëÃÅ:
--by jinjazz
--http://blog.csdn.net/jinjazz
1¡¢xml: ÄÜÈÏʶԪËØ¡¢ÊôÐÔºÍÖµ
2¡¢xpath: Ñ°Ö·ÓïÑÔ£¬ÀàËÆwind ......
1¡¢²éѯ±íÖÐÖظ´Êý¾Ý¡£select * from people
where peopleId in (select peopleId from people group by peopleId having count(peopleId) > 1)
2¡¢É¾³ý±íÖжàÓàµÄÖظ´¼Ç¼£¬Öظ´¼Ç¼ÊǸù¾Ýµ ......
SQL2000µÄÊý¾ÝÀàÐͼ°³¤¶È
==============================
bigint 8
binary 8000
bit 1
char 8000
datetime 8
decimal 17
float 8
image 16
int 4
money 8
nchar 8000
ntext 16
numeric 17
nvarchar 8000
real 4
smalldatetime 4
smallint 2
smallmoney 4
sql_variant 8016
sysname 256
text 16
tim ......
SQLλÔËËã
select 2|8 --10
select 2|8|1 --11
select 10&8 --8,°üº¬,10=8+2
select 10&2 --2,°üº¬,10=2+8
select 10&4 --0,²»°üº¬
select 19&16 --16,°üº¬,19=16+2+1
s ......