SQL°²×°ÎÊÌâ ÎÞ·¨»ñÈ¡ASPNETÕË»§µÄϵͳÕË»§ÐÅÏ¢
°²×°SQL Server2005 ÎÊÌâÐÅÏ¢£º
“SQL Server °²×°³ÌÐòÎÞ·¨»ñÈ¡ ASPNET ÕÊ»§µÄϵͳÕÊ»§ÐÅÏ¢”
½â¾ö°ì·¨£º
ÓÃaspnet_regiisʵÓù¤¾ßжÔغÍÖØа²×°Ò»Ï¾ͿÉÒÔÁË¡£
¾ßÌåµÄ²Ù×÷£º
1¡¢½øÈëCMD£º
C:\windows\microsoft.net\framework\v2.0.50727Îļþ¼ÐÏ£¬ÔËÐÐaspnet_regiis -uжÔØ
È»ºóÔËÐÐaspnet_regiis -i ÖØа²×°£¬ÉÏÊöÎÊÌâ¼´¿É½â¾ö¡£
2¡¢C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -u
CMD:
¿ªÊ¼Ð¶ÔØ ASP.NET (2.0.50727);
ASP.NET (2.0.50727) жÔØÍê±Ï¡£
°²×°³ÌÐò¼ì²âµ½²Ù×÷¹ý³ÌÖгöÏÖÁËһЩ´íÎó¡£ÓйØÏêϸÐÅÏ¢£¬Çë²é¿´°²×°³ÌÐò
DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00000.log
3¡¢C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -i
CMD:
¿ªÊ¼°²×° ASP.NET (2.0.50727);
ASP.NET (2.0.50727)°²×°Íê±Ï¡£
ÔÙ°²×°SQL Server 2005
Ïà¹ØÎĵµ£º
SQL Server£º
Select TOP N * from TABLE Order By NewID()
Select TOP N * from TABLE Order By NewID()
NewID()º¯Êý½«´´½¨Ò»¸ö uniqueidentifier ÀàÐ͵ÄΨһֵ¡£ÉÏÃæµÄÓï¾äʵÏÖЧ¹ûÊÇ´ÓTableÖÐËæ»ú¶ÁÈ¡NÌõ¼Ç¼¡£
Access£º
Select TOP N *&n ......
1¡¢²éѯ±íÖÐÖظ´Êý¾Ý¡£select * from people
where peopleId in (select peopleId from people group by peopleId having count(peopleId) > 1)
2¡¢É¾³ý±íÖжàÓàµÄÖظ´¼Ç¼£¬Öظ´¼Ç¼ÊǸù¾Ýµ ......
for ACCESS :
update a, b set a.name=b.name1 where a.id=b.id
for SQL Server:
"update a set a.name=b.name1 from a,b where a.id=b.id"
update a set a.status=b.status
from table1 a,table2 b
&nbs ......
×î½ü·¢ÏÖÎÒÃǹ«Ë¾µÄASP.NETµÄ´úÂëÓÐÆ´½ÓSQLÓï¾äµÄÏ°¹ß£¡ÕâÊǷdz£Î£Ïյġ£ÒÔÏÂÎÒ¾ÙÀý˵Ã÷Ò»ÏÂ
Àý×Ó1£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱÔʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâ ......
Google dorks sql injection:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:Play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:game ......
