mirror of
https://github.com/danielmiessler/SecLists.git
synced 2026-07-16 22:32:40 +00:00
feat(docs): Added documentation for the classified SQLi payloads list from SQLMap
Related to #1320 Co-authored-by: 0xBassia <med.bassia@gmail.com>
This commit is contained in:
@@ -1,3 +1,5 @@
|
||||
# SQL Injection wordlists
|
||||
> [!CAUTION]
|
||||
> Many of these wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. For more information see [issue #1011](https://github.com/danielmiessler/SecLists/issues/1011)
|
||||
> Many of these wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. For more information see [issue #1011](https://github.com/danielmiessler/SecLists/issues/1011)
|
||||
|
||||
For a safer starting set, see [`sqlmap-risk-classified/`](sqlmap-risk-classified/).
|
||||
@@ -1,5 +1,34 @@
|
||||
This directory contains payloads from [the sqlmap project](https://github.com/sqlmapproject/sqlmap) which are sorted automatically by a script (located at the `.bin` directory in the head of this repository).
|
||||
This directory contains payloads from [the sqlmap project](https://github.com/sqlmapproject/sqlmap) which are sorted automatically by a script (located at the `.bin` directory at the base of this repository).
|
||||
|
||||
All payloads are divided into three risk levels. The default value is 1 which is innocuous for the majority of SQL injection points. Risk value 2 adds to the default level the tests for heavy query time-based SQL injections and value 3 adds also OR-based SQL injection tests.
|
||||
From [the SQLMap documentation](https://github.com/sqlmapproject/sqlmap/wiki/Usage#risk):
|
||||
|
||||
In some instances, like a SQL injection in an UPDATE statement, injecting an OR-based payload can lead to an update of all the entries of the table, which is certainly not what the attacker wants. For this reason and others this option has been introduced: the user has control over which payloads get tested, the user can arbitrarily choose to use also potentially dangerous ones. As per the previous option, the payloads used by sqlmap are specified in the textual file xml/payloads.xml and you are free to edit and add your owns.
|
||||
> All payloads are divided into three risk levels. The default value is 1 which is innocuous for the majority of SQL injection points. Risk value 2 adds to the default level the tests for heavy query time-based SQL injections and value 3 adds also OR-based SQL injection tests.
|
||||
>
|
||||
> In some instances, like a SQL injection in an UPDATE statement, injecting an OR-based payload can lead to an update of all the entries of the table, which is certainly not what the attacker wants. For this reason and others this option has been introduced: the user has control over which payloads get tested, the user can arbitrarily choose to use also potentially dangerous ones.
|
||||
|
||||
In this directory, the risk levels are named as follows:
|
||||
- Risk level 1 = `Low-Risk-Payloads/`
|
||||
- Risk level 2 = `Medium-Risk-Payloads/`
|
||||
- Risk level 3 = `High-Risk-Payloads/`
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The classified payloads still contain sqlmap placeholders. Before being sent into any automated tool, the placeholders should be replaced.
|
||||
|
||||
| Placeholder | Replace with |
|
||||
| --- | --- |
|
||||
| `[RANDNUM]`, `[RANDNUM1]`, `[RANDNUM2]` | any integer |
|
||||
| `[RANDSTR]` | any short alphanumeric string |
|
||||
| `[ORIGVALUE]` | the legitimate value of the param |
|
||||
| `[SLEEPTIME]` | seconds for time-based payloads, e.g. 5 |
|
||||
| `[INFERENCE]` | a boolean expression like `1=1` |
|
||||
| `[GENERIC_SQL_COMMENT]` | `-- -` |
|
||||
| `[DELIMITER_START]`, `[DELIMITER_END]` | any short unique tokens |
|
||||
<br>
|
||||
|
||||
> [!NOTE]
|
||||
> From the original repository, the payloads from `union_query.xml` are not included here as those are built from a column-count range at runtime.
|
||||
|
||||
---
|
||||
|
||||
All payloads in this directory are licensed under the SQLMap project license, the [GPL v2](https://github.com/sqlmapproject/sqlmap/blob/master/LICENSE).
|
||||
Reference in New Issue
Block a user