你有任何 SQL 注入测试“弹药"吗? [英] Do you have any SQL Injection Testing "Ammo"?
问题描述
在阅读 SQL 注入和 XSS 时,我想知道你们是否有一个字符串可以用来识别这些漏洞和其他漏洞.
When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.
一个可以被扔进网站数据库的字符串,用于黑盒检查该字段是否安全.(打算对一些内部工具进行大型测试)
A string that could be thrown into a website database to black box check if that field is safe or not. (going to do a large test on a few inhouse tools)
粗略的例子,想知道你们是否知道更多?
Rough example, wondering if you guys know of more?
"a' 或 '1'='1"
"a' or '1'='1"
"center'> "
"center'> < script>alert('test')< /script>"
在 SO 上发现了一个不错的 XSS 问题
Found a nice XSS question on SO
推荐答案
我发现了一些不错的 firefox 插件可以解决这个问题.
I've found some nice firefox addons that do the trick.
这篇关于你有任何 SQL 注入测试“弹药"吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!