CGI-IDS
view release on metacpan or search on metacpan
57 => "1' or current_date*-0 rlike'1",
58 => "0' / current_date XOR '1",
60 => "'or not false #aa",
61 => "1' * id - '0",
62 => "1' *id-'0",
);
my %testSQLIList6 = (
0 => "asd'; shutdown; ",
1 => "asd'; select null,password,null from users; ",
2 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user OPEN tablecursor ",
3 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b
where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user
OPEN tablecursor FETCH NEXT FROM tablecursor INTO \@a,\@b WHILE(\@a != null)
\@query = null+null+null+null+ ' UPDATE '+null+\@a+null+ ' SET id=null,\@b = \@payload'
BEGIN EXEC sp_executesql \@query
FETCH NEXT FROM tablecursor INTO \@a,\@b END
CLOSE tablecursor DEALLOCATE tablecursor;
and some text, to get pass the centrifuge; and some more text.",
4 => "\@query = null+null+null+ ' UPDATE '+null+\@a+ ' SET[ '+null+\@b+ ' ] = \@payload'",
5 => "asd' union distinct(select null,password,null from users)--a ",
6 => "asd' union distinct ( select null,password,(null)from user )-- a ",
7 => "'DECLARE%20\@S%20CHAR(4000);SET%20\@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6...
8 => "asaa';SELECT[asd]FROM[asd]",
9 => "asd'; select [column] from users ",
10 => "0x31 union select @"."@"."version,username,password from users ",
11 => "1 order by if(1<2 ,uname,uid) ",
12 => "1 order by ifnull(null,userid) ",
( run in 0.259 second using v1.01-cache-2.11-cpan-4d50c553e7e )