1.準備工具:SQL SERVER ，Visual Studio

2.數據庫腳本和.net代碼(c#)

3.SqlServer Profiler

SQL腳本代碼:

USE MASTER GO--檢索SQLTMP數據庫是否存在IF EXISTS(SELECT * FROM SYSDATABASES WHERE name = 'SQLTMP')--刪除SQLTMP數據庫DROP DATABASE SQLTMPGO--創建數據庫CREATE DATABASE SQLTMPGO--使用SQLTMP數據庫USE SQLTMPGO-------------創建一張表用來驗證SQL注入漏洞------------------檢索表是否存在IF EXISTS(SELECT * FROM SYSOBJECTS WHERE name = 'admin')--刪除表DROP TABLE adminGO--創建表CREATE TABLE admin(id INT PRIMARY KEY IDENTITY(1,1),--設置主鍵name VARCHAR(20) NOT NULL,--用戶名pass VARCHAR(20) NOT NULL--密碼)-------------插入一條測試數據---------------------------INSERT INTO admin VALUES('admin','admin')--查詢插入數據SELECT * FROM admin

下面是一段驗證用戶名密碼的C#代碼:

<font size="3" color="#ff00ff">using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Data;using System.Data.SqlClient;namespace SQLTmp{class Program{//數據庫連接字符串public static String strCon = "Data Source=.;Initial Catalog=SQLTMP;Integrated Security=True";//創建數據庫連接對象static SqlConnection SqlCon = new SqlConnection(strCon);static void Main(string[] args){Console.WriteLine("請輸入用戶名:");String name = Console.ReadLine();Console.WriteLine("請輸入密碼:");String pass = Console.ReadLine();try{Program p = new Program();//打開數據庫連接p.Open();string sql = "SELECT COUNT(*) FROM admin WHERE name = '"+name+"'AND pass = '"+pass+"'";SqlCommand sqlcom = new SqlCommand(sql, SqlCon);int i = (int)sqlcom.ExecuteScalar();if (i > 0){Console.WriteLine("登錄成功！");}else{Console.WriteLine("登錄失敗!");}Console.ReadLine();}catch (Exception){throw;}finally {//關閉數據庫連接pass.Clone();}}//打開數據庫連接public void Open(){//關閉狀態下打開數據庫連接if (SqlCon.State == ConnectionState.Closed){SqlCon.Open();}//中斷情況下打開數據庫連接if (SqlCon.State == ConnectionState.Broken){//關閉SqlCon.Close();SqlCon.Open();}}//關閉數據庫連接public void Close() {if (SqlCon.State == ConnectionState.Open || SqlCon.State == ConnectionState.Broken){SqlCon.Close();}}}}</font>

我們來測試一下

輸入正確的賬號密碼:

admin admin

登錄成功

輸入錯誤的賬號密碼:

test test

登錄失敗

我們在用戶名輸入:' or 1=1--

密碼:123