SQLServer2000注入防护大全(二) 传统查询构造:select*FROMnewswhereid=...ANDtopic=...AND.....admin'and1=(selectcount(*)from[user]whereusername='victim'andright(left(userpass,01),1)='1')anduserpass<>'select123;--;usemaster;--:a'ornamelike'fff%';--显示有一个叫ffff的用户哈。'and1<>(selectcount(email)from[user]);--;up...
http://www.jb51.net//article/6887.htm
共有:1/10,当前1/1页
[首页] [上一页]
1
[下一页] [尾页]
转到: