Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can someone give me some basic XSS and sql injection scripts? (not what it seems)

Tags:

security

sql

php

xss

I am testing out my scripts to see if they will prevent xss and sql injections. Can someone provide me with some basic but good scripts that would "hack" into my programs. I want to test my scripts before it goes online.

EDIT: Thank you all for those links, they contain loads and loads of information. But for a beginner to security, is there a recommended site that's? I'm not sure if I am ready to dive straight into in-dept security issues. I like the links waiwai933 recommended.

like image 338
ggfan Avatar asked May 08 '10 02:05

ggfan

People also ask

Is SQL injection the same as XSS?

What is the difference between XSS and SQL injection? XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.

Why would a hacker use SQL injection attack?

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

What are examples of SQL injection attacks?

Some common SQL injection examples include: Retrieving hidden data, where you can modify an SQL query to return additional results. Subverting application logic, where you can change a query to interfere with the application's logic. UNION attacks, where you can retrieve data from different database tables.

Do hackers use SQL injection?

If a web application or website uses SQL databases like Oracle, SQL Server, or MySQL, it is vulnerable to an SQL injection attack. Hackers use SQL injection attacks to access sensitive business or personally identifiable information (PII), which ultimately increases sensitive data exposure.

1 Answers

Each situation requires different scripts, so there is no 'one size fits all' that anyone could provide. The list of scripts that would need to be tested goes into the thousands before you can be certain that your site is safe.

You may want to check Firefox or Chrome plugins which allow you to test SQL injections. I suggest this one, but you may want to look for others as well: https://addons.mozilla.org/en-US/firefox/addon/6727. What this does is that it allows you to provide a list of injection scripts, which it probably provides a few by default, and then once you activate it, it bombards your site with these scripts and lets you see where the vulnerabilities are.

I suggest this site for some example XSS scripts: http://ha.ckers.org/xss.html

like image 103
waiwai933 Avatar answered Sep 22 '22 10:09

waiwai933
Sign in to Comment

Related questions

Add custom field to Laravel queued job records?
How to set HTML code in "srcdoc" attribute of iframe?
COALESCE in laravel
Laravel : App::setLocale doesn't work
Error: Cannot use object of type Symfony\Component\HttpFoundation\Request as array upgrading to symfony 3.0
How to create Helper Methods on Laravel not a Facade
WordPress map custom url to a function
composer phpunit psr-4 autoload class not found
Adding the ZeroMQ PHP extension to XAMPP on Windows 10 and PHP7
Save the result of Whoops PrettyPageHandler
Laravel customized session.lifetime at user level
Abstract function parameter type hint overriding in PHP 7
How to add a literal quote in Laravel's .env file?
Generating ZIP files with PHP + Apache on-the-fly in high speed?
Does someone have a PHP function to properly capitalize people names?
define my own BASE_PATH vs. set_include_path?
mysql multiple limit in one sql statement
How to add OpenID to a php site?
imap_search limit the number of messages returned
PHP Based Project Management Application (Scrum/Agile) [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!