5±¾¾µäSQLµç×ÓÊé
SQL±¦µä
SQL±ØÖª±Ø»áµÚÈý°æ
SQLÈëÞµäµÚËÄ°æ
Sams Teach Yourself SQL in 10 Minutes Third Edition
SQL The Complete Reference
Ïà¹ØÎĵµ£º
1¡¢ ÓóÌÐòÖУ¬±£Ö¤ÔÚʵÏÖ¹¦ÄܵĻù´¡ÉÏ£¬¾¡Á¿¼õÉÙ¶ÔÊý¾Ý¿âµÄ·ÃÎÊ´ÎÊý£»Í¨¹ýËÑË÷²ÎÊý£¬¾¡Á¿¼õÉÙ¶Ô±íµÄ·ÃÎÊÐÐÊý,×îС»¯½á¹û¼¯£¬´Ó¶ø¼õÇáÍøÂ縺µ££»Äܹ»·Ö¿ªµÄ²Ù×÷¾¡Á¿·Ö¿ª´¦Àí£¬Ìá¸ßÿ´ÎµÄÏìÓ¦Ëٶȣ»ÔÚÊý¾Ý´°¿ÚʹÓÃSQLʱ£¬¾¡Á¿°ÑʹÓõÄË÷Òý·ÅÔÚÑ¡ÔñµÄÊ×ÁУ»Ëã·¨µÄ½á¹¹¾¡Á¿¼òµ¥£»ÔÚ²éѯʱ£¬²»Òª¹ý¶àµØʹÓà ......
×î½ü·¢ÏÖÎÒÃǹ«Ë¾µÄASP.NETµÄ´úÂëÓÐÆ´½ÓSQLÓï¾äµÄÏ°¹ß£¡ÕâÊǷdz£Î£Ïյġ£ÒÔÏÂÎÒ¾ÙÀý˵Ã÷Ò»ÏÂ
Àý×Ó1£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱÔʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâ ......
SQLλÔËËã
select 2|8 --10
select 2|8|1 --11
select 10&8 --8,°üº¬,10=8+2
select 10&2 --2,°üº¬,10=2+8
select 10&4 --0,²»°üº¬
select 19&16 --16,°üº¬,19=16+2+1
s ......
Google dorks sql injection:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:Play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:game ......
ÔÚ³ÌÐòÖÐÓÐЩ²éѯÓï¾äÏà¶Ô½Ï³¤£¬¿ÉÒÔ½«Óï¾äµ¥¶ÀдÔÚÒ»¸öXXX.sqlÎļþÖУ¬ÔÚ³ÌÐòÖжÁÈ¡SQLÎļþ
¾ßÌåÉæ¼°µ½
import java.io.File;
import org.apache.commons.io.FileUtils;
import java.net.URL;
URL resourceUrl = XXXX.class.getClassLoader().getResource(SQL_PATH+sqlName);//SQL_PATH¾ßÌåSQLÎļþ´æÔÚ·¾¶£¬sqlName¼ ......
