CGI-IDS
view release on metacpan or search on metacpan
7 => "'/1/1='",
8 => " aa'/1 or '1",
9 => " aa1' * \@a or '1 '/1 regexp '0",
10 => " ' / 1 / 1 ='",
11 => " '/1='",
12 => " aa'&0+1 = 'aa",
13 => " aa'&+1='aa",
14 => " aa'&(1)='aa",
15 => " aa'^0+0 = '0",
16 => " aa'^0+0+1-1 = (0)-- -a",
17 => " aa'^+-3 or'1",
18 => " aa'^0!='1",
19 => " aa'^(0)='0",
20 => " aa' < (3) or '1",
21 => " aa' <<3 or'1",
22 => " aa'-+!1 or '1",
23 => " aa'-!1 like'0",
24 => " aa' % 1 or '1",
25 => " aa' / '1' < '3",
26 => " aa' / +1 < '3",
27 => " aa' - + ! 2 != + - '1",
28 => " aa' - + ! 1 or '1",
29 => " aa' / +1 like '0",
30 => " ' / + (1) / + (1) ='",
31 => " aa' & +(0)-(1)='aa",
32 => " aa' ^+ -(0) + -(0) = '0",
33 => " aa' ^ + - 3 or '1",
34 => " aa' ^ +0!='1",
35 => " aa' < +3 or '1",
36 => " aa' % +1 or '1",
37 => "aa'or column*0 like'0",
38 => "aa'or column*0='0",
39 => "aa'or current_date*0",
40 => "1'/column is not null - ' ",
41 => "1'*column is not ".'\N'." - ' ",
42 => "1'^column is not null - ' ",
43 => "'is".'\N'." - '1",
44 => "aa' is 0 or '1",
45 => "' or MATCH username AGAINST ('+admin -a' IN BOOLEAN MODE); -- -a",
46 => "' or MATCH username AGAINST ('a* -) -+ ' IN BOOLEAN MODE); -- -a",
47 => "1'*\@a or '1",
48 => "1'*null or '1",
49 => "1'*UTC_TIME or '1",
50 => "1'*null is null - '",
51 => "1'*\@a is null - '",
52 => "1'*\@\@version*-0%20=%20'0",
53 => "1'*current_date rlike'0",
54 => "aa'/current_date in (0) -- -a",
55 => "aa' / current_date regexp '0",
56 => "aa' / current_date != '1",
57 => "1' or current_date*-0 rlike'1",
58 => "0' / current_date XOR '1",
60 => "'or not false #aa",
61 => "1' * id - '0",
62 => "1' *id-'0",
);
my %testSQLIList6 = (
0 => "asd'; shutdown; ",
1 => "asd'; select null,password,null from users; ",
2 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user OPEN tablecursor ",
3 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b
where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user
OPEN tablecursor FETCH NEXT FROM tablecursor INTO \@a,\@b WHILE(\@a != null)
\@query = null+null+null+null+ ' UPDATE '+null+\@a+null+ ' SET id=null,\@b = \@payload'
BEGIN EXEC sp_executesql \@query
FETCH NEXT FROM tablecursor INTO \@a,\@b END
CLOSE tablecursor DEALLOCATE tablecursor;
and some text, to get pass the centrifuge; and some more text.",
4 => "\@query = null+null+null+ ' UPDATE '+null+\@a+ ' SET[ '+null+\@b+ ' ] = \@payload'",
5 => "asd' union distinct(select null,password,null from users)--a ",
6 => "asd' union distinct ( select null,password,(null)from user )-- a ",
7 => "'DECLARE%20\@S%20CHAR(4000);SET%20\@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6...
8 => "asaa';SELECT[asd]FROM[asd]",
9 => "asd'; select [column] from users ",
10 => "0x31 union select @"."@"."version,username,password from users ",
11 => "1 order by if(1<2 ,uname,uid) ",
12 => "1 order by ifnull(null,userid) ",
13 => "2' between 1 and 3 or 0x61 like 'a",
14 => "4' MOD 2 like '0",
15 => "-1' /ID having 1< 1 and 1 like 1/'1 ",
16 => "2' / 0x62 or 0 like binary '0",
17 => "0' between 2-1 and 4-1 or 1 sounds like binary '1 ",
18 => "-1' union ((select (select user),(select password),1/1 from mysql.user)) order by '1 ",
19 => "-1' or substring(null/null,1/null,1) or '1",
20 => "1' and 1 = hex(null-1 or 1) or 1 /'null ",
21 => "AND CONNECTION_ID()=CONNECTION_ID()",
22 => "AND ISNULL(1/0)",
23 => "MID(\@\@hostname, 1, 1)",
24 => "CHARSET(CURRENT_USER())",
25 => "DATABASE() LIKE SCHEMA()",
26 => "COERCIBILITY(USER())",
27 => "1' and 0x1abc like 0x88 or '0",
28 => "'-1-0 union select (select `table_name` from `information_schema`.tables limit 1) and '1",
29 => "null''null' find_in_set(uname, 'lightos' ) and '1",
30 => "(case-1 when mid(load_file(0x61616161),12, 1/ 1)like 0x61 then 1 else 0 end) ",
31 => CGI::IDS::urldecode('%27sounds%20like%281%29%20union%19%28select%191,group_concat%28table_name%29,3%19from%19information_schema.%60tables%60%29%23%28'),
32 => "0' '1' like (0) and 1 sounds like a or true#1",
);
my %testDTList = (
0 => '../../etc/passwd',
1 => '\\\%windir%\\\cmd.exe',
2 => '1;cat /e*c/p*d',
3 => '%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00',
4 => '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd',
5 => '/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini',
6 => 'C:\\boot.ini',
7 => '../../../../../../../../../../../../localstart.asp%00',
8 => '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini',
9 => '<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->',
10 => '../../../../../../../../conf/server.xml',
11 => '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd',
12 => 'dir/..././..././folder/file.php ',
);
my %testURIList = (
0 => 'firefoxurl:test|"%20-new-window%20file:\c:/test.txt',
1 => 'firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"',
2 => 'aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"',
3 => 'navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+...
4 => 'res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210',
5 => 'mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat',
);
my %testRFEList = (
0 => ';phpinfo()',
1 => '@phpinfo()',
( run in 1.794 second using v1.01-cache-2.11-cpan-cdf2f3d4e48 )