SQL×¢ÈëÒ»ÈÕͨ£¨Ï£©|Findnet.com.cn
Îå¡¢ÉÏ´«ASPľÂí
ËùνASPľÂí£¬¾ÍÊÇÒ»¶ÎÓÐÌØÊ⹦ÄܵÄASP´úÂ룬²¢·ÅÈëWEBÐéÄâĿ¼µÄScriptsÏ£¬Ô¶³Ì¿Í»§Í¨¹ýIE¾Í¿ÉÖ´ÐÐËü£¬½ø¶øµÃµ½ÏµÍ³µÄUSERȨÏÞ£¬ÊµÏÖ¶ÔϵͳµÄ³õ²½¿ØÖÆ¡£ÉÏ´«ASPľÂíÒ»°ãÓÐÁ½ÖֱȽÏÓÐЧµÄ·½·¨£º
1¡¢ÀûÓÃWEBµÄÔ¶³Ì¹ÜÀí¹¦ÄÜ
Ðí¶àWEBÕ¾µã£¬ÎªÁËά»¤µÄ·½±ã£¬¶¼ÌṩÁËÔ¶³Ì¹ÜÀíµÄ¹¦ÄÜ£»Ò²Óв»ÉÙWEBÕ¾µã£¬ÆäÄÚÈÝÊǶÔÓÚ²»Í¬µÄÓû§Óв»Í¬µÄ·ÃÎÊȨÏÞ¡£ÎªÁË´ïµ½¶ÔÓû§È¨Ï޵ĿØÖÆ£¬¶¼ÓÐÒ»¸öÍøÒ³£¬ÒªÇóÓû§ÃûÓëÃÜÂ룬ֻÓÐÊäÈëÁËÕýÈ·µÄÖµ£¬²ÅÄܽøÐÐÏÂÒ»²½µÄ²Ù×÷,¿ÉÒÔʵÏÖ¶ÔWEBµÄ¹ÜÀí£¬ÈçÉÏ´«¡¢ÏÂÔØÎļþ£¬Ä¿Â¼ä¯ÀÀ¡¢ÐÞ¸ÄÅäÖõȡ£
Òò´Ë£¬Èô»ñÈ¡ÕýÈ·µÄÓû§ÃûÓëÃÜÂ룬²»½ö¿ÉÒÔÉÏ´«ASPľÂí£¬ÓÐʱÉõÖÁÄܹ»Ö±½ÓµÃµ½USERȨÏÞ¶øä¯ÀÀϵͳ£¬ÉÏÒ»²½µÄ“·¢ÏÖWEBÐéÄâĿ¼”µÄ¸´ÔÓ²Ù×÷¶¼¿ÉÊ¡ÂÔ¡£
Óû§Ãû¼°ÃÜÂëÒ»°ã´æ·ÅÔÚÒ»ÕűíÖУ¬·¢ÏÖÕâÕÅ±í²¢¶ÁÈ¡ÆäÖÐÄÚÈݱã½â¾öÁËÎÊÌâ¡£ÒÔϸø³öÁ½ÖÖÓÐЧ·½·¨¡£
A¡¢ ×¢Èë·¨£º
´ÓÀíÂÛÉÏ˵£¬ÈÏÖ¤ÍøÒ³ÖлáÓÐÐÍÈ磺
select * from admin where username='XXX' and password='YYY' µÄÓï¾ä£¬ÈôÔÚÕýʽÔËÐд˾ä֮ǰ£¬Ã»ÓнøÐбØÒªµÄ×Ö·û¹ýÂË£¬ÔòºÜÈÝÒ×ʵʩSQL×¢Èë¡£
ÈçÔÚÓû§ÃûÎı¾¿òÄÚÊäÈ룺abc’ or 1=1-- ÔÚÃÜÂë¿òÄÚÊäÈ룺123 ÔòSQLÓï¾ä±ä³É£º
select * from admin where username='abc’ or 1=1 and password='123’ ²»¹ÜÓû§ÊäÈëÈκÎÓû§ÃûÓëÃÜÂ룬´ËÓï¾äÓÀÔ¶¶¼ÄÜÕýÈ·Ö´ÐУ¬Óû§ÇáÒ×ƹýϵͳ£¬»ñÈ¡ºÏ·¨Éí·Ý¡£
B¡¢²Â½â·¨£º
»ù±¾Ë¼Â·ÊÇ£º²Â½âËùÓÐÊý¾Ý¿âÃû³Æ£¬²Â³ö¿âÖеÄÿÕűíÃû£¬·ÖÎö¿ÉÄÜÊÇ´æ·ÅÓû§ÃûÓëÃÜÂëµÄ±íÃû£¬²Â³ö±íÖеÄÿ¸ö×Ö¶ÎÃû£¬²Â³ö±íÖеÄÿÌõ¼Ç¼ÄÚÈÝ¡£
²Â½âËùÓÐÊý¾Ý¿âÃû ³Æ
HTTP://xxx.xxx.xxx/abc.asp?p=YY and (select count(*) from master.dbo.sysdatabases where name>1 and dbid=6) <>0 ÒòΪ dbid µÄÖµ´Ó1µ½5£¬ÊÇϵͳÓÃÁË¡£ËùÒÔÓû§×Ô¼º½¨µÄÒ»¶¨ÊÇ´Ó6¿ªÊ¼µÄ¡£²¢ÇÒÎÒÃÇÌá½»ÁË name>1 (name×Ö¶ÎÊÇÒ»¸ö×Ö·ûÐ͵Ä×ֶκÍÊý×ֱȽϻá³ö´í),abc.asp¹¤×÷Òì³££¬¿ÉµÃµ½µÚÒ»¸öÊý¾Ý¿âÃû£¬Í¬Àí°ÑDBID·Ö±ð¸Ä³É7,8£¬9,10,11,12…¾Í¿ÉµÃµ½ËùÓÐÊý¾Ý¿âÃû¡£
ÒÔϼÙÉèµÃµ½µÄÊý¾Ý¿âÃûÊÇTestDB¡£
²Â½âÊý¾Ý¿âÖÐÓû§Ãû ±íµÄÃû ³Æ
²Â½â·¨£º´
Ïà¹ØÎĵµ£º
1.²éѯµÄÄ£ºýÆ¥Åä
¾¡Á¿±ÜÃâÔÚÒ»¸ö¸´ÔÓ²éѯÀïÃæʹÓà LIKE '%parm1%'—— ºìÉ«±êʶλÖõİٷֺŻᵼÖÂÏà¹ØÁеÄË÷ÒýÎÞ·¨Ê¹Óã¬×îºÃ²»ÒªÓÃ.
½â¾ö°ì·¨:
ÆäʵֻÐèÒª¶Ô¸Ã½Å±¾ÂÔ×ö¸Ä½ø£¬²éѯËٶȱã»áÌá¸ß½ü°Ù±¶¡£¸Ä½ø·½·¨ÈçÏ£º
a¡¢ÐÞ¸Äǰ̨³ÌÐò——°Ñ²éѯÌõ¼þµÄ¹©Ó¦ÉÌÃû³ÆÒ»À¸ÓÉÔÀ´µÄÎı¾ÊäÈë¸ÄΪÏÂÀÁб ......
HO~HO~EXCELÉú³ÉSQL½¨±í´æ´¢¹ý³ÌµÄVBA½Å±¾^_^ÔÞÒ»ÏÂ
2007-12-11 10:39
'+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ È«¾Ö±äÁ¿¶¨Òå
Const MAX_COLUMN_NUM = 50
Dim stOutputPath As String
Dim stOutputFile As String
Dim stDBName As String
Dim stUserName As String
Dim stUserPasswd As ......
Ò»¡¢SQLƴд½¨Òé 1¡¢²éѯʱ²»·µ»Ø²»ÐèÒªµÄÐС¢ÁÐ ÒµÎñ´úÂëÒª¸ù¾Ýʵ¼ÊÇé¿ö¾¡Á¿¼õÉÙ¶Ô±íµÄ·ÃÎÊÐÐÊý£¬×îС»¯½á¹û¼¯£¬ÔÚ²éѯʱ£¬²»Òª¹ý¶àµØʹÓÃͨÅä·ûÈ磺select * from table1Óï¾ä£¬ÒªÓõ½¼¸ÁоÍÑ¡Ôñ¼¸ÁУ¬È磺select col1,col2 from table1;ÔÚ¿ÉÄܵÄÇé¿öϾ¡Á¿ÏÞÖƽá¹û¼¯ÐÐÊýÈ磺se ......
Óï¾ä£ºselect rank() over(Order By ±íµÄÖ÷¼ü Desc) As UID ,ÆäËûÁÐ from ±í
˵Ã÷£ºrankº¯Êý
×÷Óãº
·µ»ØÖ¸¶¨Ôª×éÔÚÖ¸¶¨¼¯ÖеÄÅÅÃû£¨ÅÅÃû´Ó 1 ¿ªÊ¼£©
Rank(Tuple_Expression, Set_Expression [ ,Numeric Expression ] )
²ÎÊý£º
Tuple_Expression
Ò»¸öÓÐЧµÄ¶àά±í´ïʽ (MDX) Ôª ......
Ëæ×ÅB/SģʽӦÓÿª·¢µÄ·¢Õ¹£¬Ê¹ÓÃÕâÖÖģʽ±àдӦÓóÌÐòµÄ³ÌÐòÔ±Ò²Ô½À´Ô½¶à¡£µ«ÊÇÓÉÓÚ³ÌÐòÔ±µÄˮƽ¼°¾ÑéÒ²²Î²î²»Æ룬Ï൱´óÒ»²¿·Ö³ÌÐòÔ±ÔÚ±àд´úÂëµÄʱºò£¬Ã»ÓжÔÓû§ÊäÈëÊý¾ÝµÄºÏ·¨ÐÔ½øÐÐÅжϣ¬Ê¹Ó¦ÓóÌÐò´æÔÚ°²È«Òþ»¼¡£Óû§¿ÉÒÔÌá½»Ò»¶ÎÊý¾Ý¿â²éѯ´úÂ룬¸ù¾Ý³ÌÐò·µ»ØµÄ½á¹û£¬»ñµÃijЩËûÏëµÃÖªµÄÊý¾Ý£¬Õâ¾ÍÊÇËùνµÄSQL Inj ......
