利用SQL Server的注入漏洞实现猜解数据库名，表名，字段名及记录的信息，由于网速的原因，目前限制了只能同时猜解前5个字段值的记录信息。另外实现了三种方式执行系统命令，同时可回显显示。,SQL Server to use loopholes in the realization of the injection solution to guess database name, table name, field names and records of the information, because of speed reasons, the current limiting solution can only guess at the same time five field values before the record information. Another way to achieve the implementation of three system commands, at the same time, show a significant return.