Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Do you have any SQL Injection Testing "Ammo"?

When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.

A string that could be thrown into a website database to black box check if that field is safe or not. (going to do a large test on a few inhouse tools)

Rough example, wondering if you guys know of more?

"a' or '1'='1"

"center'> < script>alert('test')< /script>"

EDIT: Found a nice XSS question on SO

like image 259
Ólafur Waage Avatar asked Nov 08 '08 12:11

Ólafur Waage


2 Answers

I've found some nice firefox addons that do the trick.

XSS Me

SQL Inject Me

like image 184
Ólafur Waage Avatar answered Nov 03 '22 16:11

Ólafur Waage


https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet has lots of examples for testing SQL injection.

like image 21
JimmyJ Avatar answered Nov 03 '22 14:11

JimmyJ