更新时间:2022-09-19 22:08:31
Related articles: SQL Injection Cheat Sheet
We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.
Character(s) | Details |
NULL or null | Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway. |
{' , " , ; , <!} | Breaks an SQL string or query; used for SQL, XPath and XML Injection tests. |
{– , = , + , "} | These characters are used to craft SQL Injection queries. |
{‘ , &, ! , ¦ , < , >} | Used to find command execution vulnerabilities. |
"><script>alert(1)</script> | Used for basic Cross-Site Scripting Checks. |
{%0d , %0a} | Carriage Return Line Feed (new line); all round bad. |
{%7f , %ff} | byte-length overflows; maximum 7- and 8-bit values. |
{-1, other} | Integer and underflow vulnerabilities. |
Ax1024+ | Overflow vulnerabilities. |
{%n , %x , %s} | Testing for format string vulnerabilities. |
../ | Directory Traversal Vulnerabilities. |
{% , _, *} | Wildcard characters can sometimes present DoS issues or information disclosure. |
These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.