length
Length + handler like
LiKe select
SeleCT sleep
SLEEp database
DATABASe delete having or
oR as
As -~ BENCHMARK limit
LimIt left
Left select
SELECT insert
insERT
INSERT right # --+ INFORMATION -- ; ! % + xor <> ( > < ) . ^ = AND
ANd BY
By CAST COLUMN
COlumn COUNT
Count CREATE END case '1'='1 when admin' " length + REVERSE ascii
ASSIC
ASSic select database left right union
UNIon
UNION " & && || oorr / // //* */* /**/ anandd GROUP HAVING IF INTO JOIN LEAVE LEFT LEVEL sleep LIKE NAMES NEXT NULL OF ON | infromation_schema user OR ORDER ORD SCHEMA SELECT SET TABLE THEN UNION UPDATE USER USING VALUE VALUES WHEN WHERE ADD AND prepare set update delete drop inset CAST COLUMN CONCAT GROUP_CONCAT group_concat CREATE DATABASE DATABASES alter DELETE DROP floor rand() information_schema.tables TABLE_SCHEMA %df concat_ws() concat LIMIT ORD ON extractvalue order CAST() by ORDER OUTFILE RENAME REPLACE SCHEMA SELECT SET updatexml SHOW SQL TABLE THEN TRUE instr benchmark format bin substring ord UPDATE VALUES VARCHAR VERSION WHEN WHERE /* ` , users %0a
%0A %0b mid for BEFORE REGEXP RLIKE in sys schemma SEPARATOR XOR CURSOR FLOOR sys.schema_table_statistics_with_buffer INFILE count %0c from %0d %a0 = @ else
%27
%23
%22
%20
配合burpsuite使用,已經算是比較全的了