When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.
A string that could be thrown into a website database to black box check if that field is safe or not. (going to do a large test on a few inhouse tools)
Rough example, wondering if you guys know of more?
"a' or '1'='1"
"center'> < script>alert('test')< /script>"
EDIT: Found a nice XSS question on SO
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet has lots of examples for testing SQL injection.
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Includes versions for most DBs, including Hex tricks that bypass standard escaping.
Honestly there are some tools that are pretty good a testing for SQL Injection, but honestly they don't fully replace manual testing and code review ideally.
To use your example there are situations where "or (1=1)" doesn't work but "or/**/ (1=1);--" does.
Sometimes tweaking certain strings will provide different results, depending on things like character encoding and general creativity. It also bears mentioning that sometimes you aren't safe from 3rd party tools in your web application as well. Never underestimate the creativity of people, especially if you have a public website.
This is a pretty good cheatsheet.
To do my testing I use Paros, it has an interesting website scanning tool that you can also run that finds some problems as well.
This question bears the repeating of this SQL Injection cartoon.
See the OWASP site for examples.
来源:https://stackoverflow.com/questions/274659/do-you-have-any-sql-injection-testing-ammo