Space Bypass
Comment Variations
Case Manipulation
Quote Bypass
No Quotes — Hex
No Quotes — CHAR()
Double Quotes
Keyword Bypass
UNION Blocked
SELECT Blocked
OR / AND Blocked
Comma Blocked
Equals Blocked
Encoding
URL Encoding
Double URL Encoding
Unicode
Hex Encoding
String Concatenation
MySQL
MSSQL
PostgreSQL
Oracle
Alternative Functions
| Blocked | Alternative |
|---|---|
SUBSTRING | MID(), SUBSTR(), LEFT(), RIGHT() |
ASCII | ORD(), HEX() |
SLEEP | BENCHMARK(10000000,SHA1('x')) |
IF | CASE WHEN ... THEN ... END |
GROUP_CONCAT | CONCAT_WS(), subquery with LIMIT |
information_schema | mysql.innodb_table_stats (MySQL 5.6+) |
HTTP Parameter Pollution
Chunked Transfer Encoding
JSON / XML Injection
JSON Body
XML Body
Quick Reference
| Filter | Bypass |
|---|---|
| Spaces | /**/, +, %09, %0a |
| UNION | UN/**/ION, UNiOn, /*!UNION*/ |
| Quotes | 0x hex, CHAR(), double quotes |
| Commas | JOIN, FROM x FOR y, LIMIT 1 OFFSET 0 |
| Equals | LIKE, IN(), BETWEEN, REGEXP |
| Encoding | Double URL, Unicode, Hex |