CGI-IDS

 view release on metacpan or  search on metacpan

t/01-ids.t  view on Meta::CPAN

    57  => "1' or current_date*-0 rlike'1",
    58  => "0' / current_date XOR '1",
    60  => "'or not false #aa",
    61  => "1' * id - '0",
    62  => "1' *id-'0",
);

my %testSQLIList6 = (
    0 => "asd'; shutdown; ",
    1 => "asd'; select null,password,null from users; ",
    2 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user OPEN tablecursor ",
    3 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b
                where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user
                OPEN tablecursor FETCH NEXT FROM tablecursor INTO \@a,\@b WHILE(\@a != null)
                \@query  = null+null+null+null+ ' UPDATE '+null+\@a+null+ ' SET id=null,\@b = \@payload'
                BEGIN EXEC sp_executesql \@query
                FETCH NEXT FROM tablecursor INTO \@a,\@b END
                CLOSE tablecursor DEALLOCATE tablecursor;
                and some text, to get pass the centrifuge; and some more text.",
    4 => "\@query  = null+null+null+ ' UPDATE '+null+\@a+ ' SET[  '+null+\@b+ ' ]  = \@payload'",
    5 => "asd' union distinct(select null,password,null from users)--a ",
    6 => "asd' union distinct ( select null,password,(null)from user )-- a ",
    7 => "'DECLARE%20\@S%20CHAR(4000);SET%20\@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6...
    8 => "asaa';SELECT[asd]FROM[asd]",
    9 => "asd'; select [column] from users ",
    10 => "0x31 union select @"."@"."version,username,password from users ",
    11 => "1 order by if(1<2 ,uname,uid) ",
    12 => "1 order by ifnull(null,userid) ",



( run in 0.235 second using v1.01-cache-2.11-cpan-4d50c553e7e )