SQL Injection Walkthrough part V 1( input validation)
Input Validation Cheat Sheet
Related articles: SQL Injection Cheat Sheet
We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.Character(s) Details
NULL or null Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.
{' , " , ; , Breaks an SQL string or query; used for SQL,
XPath and XML Injection tests.
{– , = , + , "} These characters are used to craft SQL
Injection queries.
{‘ , &, ! , ¦ , < , >} Used to find command execution
vulnerabilities.
"> Used for basic Cross-Site Scripting Checks.
{%0d , %0a} Carriage Return Line Feed (new line); all
round bad.
{%7f , %ff} byte-length overflows; maximum 7- and
8-bit values.
{-1, other} Integer and underflow vulnerabilities.
Ax1024+ Overflow vulnerabilities.
{%n , %x , %s} Testing for format string vulnerabilities.
../ Directory Traversal Vulnerabilities.
{% , _, *} Wildcard characters can sometimes present
DoS issues or information disclosure.
Character(s) Details NULL or null
Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.
These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.
References:
- Mike Shema - Hack Notes
- w3schools
Labels: SQL TUTORIAL