Related articles: SQL Injection Cheat Sheet
We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.
| Character(s) | Details |
| NULL or null | Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway. |
| {' , " , ; , <!} | Breaks an SQL string or query; used for SQL, XPath and XML Injection tests. |
| {– , = , + , "} | These characters are used to craft SQL Injection queries. |
| {‘ , &, ! , ¦ , < , >} | Used to find command execution vulnerabilities. |
| "><script>alert(1)</script> | Used for basic Cross-Site Scripting Checks. |
| {%0d , %0a} | Carriage Return Line Feed (new line); all round bad. |
| {%7f , %ff} | byte-length overflows; maximum 7- and 8-bit values. |
| {-1, other} | Integer and underflow vulnerabilities. |
| Ax1024+ | Overflow vulnerabilities. |
| {%n , %x , %s} | Testing for format string vulnerabilities. |
| ../ | Directory Traversal Vulnerabilities. |
| {% , _, *} | Wildcard characters can sometimes present DoS issues or information disclosure. |
These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.
References:
- Mike Shema – Hack Notes
- w3schools
