日志
转载“SQL注入测试用例”
|
Drop table. Guess table name and drop it, note the next flowing SQL language
Select * from A where A.a = ‘testdata’; drop table A---’; |
2. 2. If a field only allow number, give it a String or others
3. Use ‘OR 1=1’, get all records in query function
Select * from A where A.a = ‘testdata’ OR ‘1’=’1’; |
4. 3. In login function, give user name field like ‘username’--’, “--’ and A.password = ‘’” is commented
Select * from user A where A.username = ‘username’--’ and A.password = ‘’; |
5. 4. Adding records function, if there is 4 fields in this table, add 5 fields, eg.
Normal: Insert into table A values(‘’,’’,’’,’’); Test Data: Insert into table A values(‘’,’testdata’,’’,’’,’’); |
6. 5. Input test data in or out of this field data
7. 6. Add single quotation marks and semicolon, and break off string splicing, this is similar with point 4
Update table A set A.a = ‘testdata’;--’ |
Yellow partis test data we input
全部作者的其他最新日志
- • jmeter 全局变量
- • jmeter 连接数据库
- • jmeter 创建场景
- • RF 模板套件
- • RF 关键字
- • RF读取Excel表格