sqli注入fuzz字典---waf fuzz测试，ctf

看到网上有字典，但是不是很全面，花了几个小时整理了一下自己收集的字典，可能有一些我还没有见过能利用的函数 ||更新一下

length 
+
handler
like
select 
sleep
database
delete
having
or
as
-~
BENCHMARK
limit
left
select
insert
sys.schema_auto_increment_columns
join
right
#
&
&&
\
handler
-- -
--
--+
INFORMATION
--
;
!
%
+
xor
<>
(
>
<
)
.
^
=
AND
BY
CAST
COLUMN
COUNT
CREATE
END
case
'1'='1
when
admin'
"
length 
+
length
REVERSE

ascii
select 
database
left
right
'
union
||
oorr
/
//
//*
*/*
/**/
anandd
GROUP
HAVING
IF
INTO
JOIN
LEAVE
LEFT
LEVEL
sleep
LIKE
NAMES
NEXT
NULL
OF
ON
|
infromation_schema
user
OR
ORDER
ORD
SCHEMA
SELECT
SET
TABLE
THEN
UPDATE
USER
USING
VALUE
VALUES
WHEN
WHERE
ADD
AND
prepare
set
update
delete
drop
inset
CAST
COLUMN
CONCAT
GROUP_CONCAT
group_concat
CREATE
DATABASE
DATABASES
alter
DELETE
DROP
floor
rand()
information_schema.tables
TABLE_SCHEMA
%df
concat_ws()
concat
LIMIT
ORD
ON
extractvalue
order 
CAST()
by
ORDER
OUTFILE
RENAME
REPLACE
SCHEMA
SELECT
SET
updatexml
SHOW
SQL
TABLE
THEN
TRUE
instr
benchmark
format
bin
substring
ord

UPDATE
VALUES
VARCHAR
VERSION
WHEN
WHERE
/*
`
  
,
users
%0a
%0b
mid
for
BEFORE
REGEXP
RLIKE
in
sys schemma
SEPARATOR
XOR
CURSOR
FLOOR
sys.schema_table_statistics_with_buffer
INFILE
count
%0c
from
%0d
%a0
=
@
else