你有任何 SQL 注入测试“弹药"吗? [英] Do you have any SQL Injection Testing "Ammo"?

问题描述

在阅读 SQL 注入和 XSS 时，我想知道你们是否有一个字符串可以用来识别这些漏洞和其他漏洞.

When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.

一个可以被扔进网站数据库的字符串，用于黑盒检查该字段是否安全.(打算对一些内部工具进行大型测试)

A string that could be thrown into a website database to black box check if that field is safe or not. (going to do a large test on a few inhouse tools)

粗略的例子，想知道你们是否知道更多?

Rough example, wondering if you guys know of more?

"a' 或 '1'='1"

"a' or '1'='1"

"center'> "

"center'> < script>alert('test')< /script>"

在 SO 上发现了一个不错的 XSS 问题

Found a nice XSS question on SO

推荐答案

我发现了一些不错的 firefox 插件可以解决这个问题.

I've found some nice firefox addons that do the trick.

XSS Me

SQL 注入我

这篇关于你有任何 SQL 注入测试“弹药"吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！