├── CMakeLists.txt ├── LICENSE ├── README.md ├── SQLITE-LICENSE ├── clean.sh ├── lemon ├── addopcodes.awk ├── lemon ├── lemon.c ├── lempar.c └── parse.y ├── sqli_test.c ├── src ├── CMakeLists.txt ├── hash.h ├── include │ └── sqli_detect.h ├── keywordhash.h ├── os.h ├── os_common.h ├── os_unix.c ├── parse.h ├── printf.c ├── sqli_debug.h ├── sqli_detect.c ├── sqliteInt.h ├── tokenize.c └── util.c ├── test.sh └── tests └── sql-injection-payload-list ├── detect ├── GenericBlind.txt ├── Generic_ErrorBased.txt ├── Generic_SQLI.txt ├── Generic_TimeBased.txt ├── Generic_UnionSelect.txt ├── MSSQL │ ├── MSSQL.txt │ └── MSSQL_blind.txt ├── MySQL │ ├── MySQL.txt │ └── MySQL_MSSQL.txt ├── NoSQL │ └── no-sql.txt ├── Oracle │ └── oracle.txt └── xPlatform │ └── xplatform.txt ├── exploit ├── Auth_Bypass.txt ├── DB2 │ └── db2-enumeration.txt ├── MSSQL │ └── ms-sql-enumeration.txt ├── MySQL │ ├── mysql-injection-login-bypass.txt │ └── mysql-read-local-files.txt └── PostgresSQL │ └── postgres-enumeration.txt └── payloads-sql-blind ├── MSSQL ├── payloads-sql-blind-MSSQL-INSERT.txt └── payloads-sql-blind-MSSQL-WHERE.txt └── MySQL ├── payloads-sql-blind-MySQL-INSERT.txt ├── payloads-sql-blind-MySQL-ORDER_BY.txt └── payloads-sql-blind-MySQL-WHERE.txt /CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/CMakeLists.txt -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/README.md -------------------------------------------------------------------------------- /SQLITE-LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/SQLITE-LICENSE -------------------------------------------------------------------------------- /clean.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/clean.sh -------------------------------------------------------------------------------- /lemon/addopcodes.awk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/lemon/addopcodes.awk -------------------------------------------------------------------------------- /lemon/lemon: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/lemon/lemon -------------------------------------------------------------------------------- /lemon/lemon.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/lemon/lemon.c -------------------------------------------------------------------------------- /lemon/lempar.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/lemon/lempar.c -------------------------------------------------------------------------------- /lemon/parse.y: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/lemon/parse.y -------------------------------------------------------------------------------- /sqli_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/sqli_test.c -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/hash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/hash.h -------------------------------------------------------------------------------- /src/include/sqli_detect.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/include/sqli_detect.h -------------------------------------------------------------------------------- /src/keywordhash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/keywordhash.h -------------------------------------------------------------------------------- /src/os.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/os.h -------------------------------------------------------------------------------- /src/os_common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/os_common.h -------------------------------------------------------------------------------- /src/os_unix.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/os_unix.c -------------------------------------------------------------------------------- /src/parse.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/parse.h -------------------------------------------------------------------------------- /src/printf.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/printf.c -------------------------------------------------------------------------------- /src/sqli_debug.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/sqli_debug.h -------------------------------------------------------------------------------- /src/sqli_detect.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/sqli_detect.c -------------------------------------------------------------------------------- /src/sqliteInt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/sqliteInt.h -------------------------------------------------------------------------------- /src/tokenize.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/tokenize.c -------------------------------------------------------------------------------- /src/util.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/src/util.c -------------------------------------------------------------------------------- /test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | find tests/ -name "*.txt" | xargs -L 1 ./sqli_test 4 | -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/GenericBlind.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/GenericBlind.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/Generic_ErrorBased.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/Generic_ErrorBased.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/Generic_SQLI.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/Generic_SQLI.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/Generic_TimeBased.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/Generic_TimeBased.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/Generic_UnionSelect.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/Generic_UnionSelect.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/MSSQL/MSSQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/MSSQL/MSSQL.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/MSSQL/MSSQL_blind.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/MSSQL/MSSQL_blind.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/MySQL/MySQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/MySQL/MySQL.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/MySQL/MySQL_MSSQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/MySQL/MySQL_MSSQL.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/NoSQL/no-sql.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/NoSQL/no-sql.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/Oracle/oracle.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/Oracle/oracle.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/detect/xPlatform/xplatform.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/detect/xPlatform/xplatform.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/Auth_Bypass.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/Auth_Bypass.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/DB2/db2-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/DB2/db2-enumeration.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/MSSQL/ms-sql-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/MSSQL/ms-sql-enumeration.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/MySQL/mysql-injection-login-bypass.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/MySQL/mysql-injection-login-bypass.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/MySQL/mysql-read-local-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/MySQL/mysql-read-local-files.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/exploit/PostgresSQL/postgres-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/exploit/PostgresSQL/postgres-enumeration.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/payloads-sql-blind/MSSQL/payloads-sql-blind-MSSQL-INSERT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/payloads-sql-blind/MSSQL/payloads-sql-blind-MSSQL-INSERT.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/payloads-sql-blind/MSSQL/payloads-sql-blind-MSSQL-WHERE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/payloads-sql-blind/MSSQL/payloads-sql-blind-MSSQL-WHERE.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-INSERT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-INSERT.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-ORDER_BY.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-ORDER_BY.txt -------------------------------------------------------------------------------- /tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-WHERE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/peter-cui1221/sqlinjection-detect/HEAD/tests/sql-injection-payload-list/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-WHERE.txt --------------------------------------------------------------------------------