SQL Injection Walkthrough part V 1( input validation)

Input Validation Cheat Sheet

Related articles: SQL Injection Cheat Sheet

We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.

Character(s) Details
NULL or null Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.

{' , " , ; ,       Breaks an SQL string or query; used for SQL,
               XPath and XML Injection tests.
{– , = , + , "}      These characters are used to craft SQL
                Injection queries.
{‘ , &, ! , ¦ , < , >}       Used to find command execution
               vulnerabilities.
">        Used for basic Cross-Site Scripting Checks.
{%0d , %0a}       Carriage Return Line Feed (new line); all
               round bad.
{%7f , %ff}        byte-length overflows; maximum 7- and
                8-bit values.
{-1, other}       Integer and underflow vulnerabilities.
Ax1024+         Overflow vulnerabilities.
{%n , %x , %s}        Testing for format string vulnerabilities.
../            Directory Traversal Vulnerabilities.
{% , _, *}           Wildcard characters can sometimes present
             DoS issues or information disclosure.

Character(s) Details NULL or null
Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.



These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.

References:

• Mike Shema - Hack Notes
• w3schools