2025-02-13 02:44:00 +08:00
|
|
|
# Test Cases
|
|
|
|
|
|
|
|
|
|
## 1. Basic test cases
|
|
|
|
|
|
|
|
|
|
[Good] `SELECT _ FROM users WHERE id = 1`
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE id = 1 OR 1=1`
|
|
|
|
|
|
|
|
|
|
## 2. Authentication bypass cases
|
|
|
|
|
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE username = 'admin' --`
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE username = 'admin' #`
|
|
|
|
|
[Bad] `SELECT \* FROM users WHERE username = 'admin' OR '1'='1'`
|
|
|
|
|
|
|
|
|
|
## 3. Union based injection cases
|
|
|
|
|
|
|
|
|
|
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT null, 'hacker'`
|
|
|
|
|
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT 1, 'hacked' FROM dual`
|
|
|
|
|
[Bad] `SELECT database() UNION SELECT 1`
|
|
|
|
|
|
|
|
|
|
## 4. Error based injection cases
|
|
|
|
|
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE id = 1 AND (SELECT 1 FROM users WHERE id=2)=1`
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE id = (SELECT COUNT(\*) FROM users)`
|
|
|
|
|
|
|
|
|
|
## 5. Blind SQL injection cases
|
|
|
|
|
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE id = 1; WAITFOR DELAY '00:00:10' --`
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE username = 'admin' AND 1=1`
|
|
|
|
|
|
|
|
|
|
## 6. Hex and Base64 encoded injection cases
|
|
|
|
|
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE username = 0x61646D696E`
|
|
|
|
|
[Bad] `SELECT _ FROM users WHERE username = 'YWRtaW4='`
|
|
|
|
|
|
|
|
|
|
## 7. False positives cases
|
|
|
|
|
|
|
|
|
|
[Good] `SELECT _ FROM users WHERE id = 5`
|
|
|
|
|
[Good] `SELECT users.name, orders.amount FROM users JOIN orders ON users.id = orders.user_id`
|
|
|
|
|
[Good] `SELECT _ FROM users WHERE username = ? AND password = ?`
|
|
|
|
|
|
|
|
|
|
## 8. Edge cases
|
|
|
|
|
|
|
|
|
|
[Good] `""`
|
|
|
|
|
[Bad] `'; --`
|
|
|
|
|
[Good] `12345`
|
|
|
|
|
[Good] `asdkjhasdkjh`
|
