Do you have any SQL Injection Testing “Ammo”?

Question

When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.

A string that

Answer 1

Honestly there are some tools that are pretty good a testing for SQL Injection, but honestly they don't fully replace manual testing and code review ideally.

To use your example there are situations where "or (1=1)" doesn't work but "or/**/ (1=1);--" does.

Sometimes tweaking certain strings will provide different results, depending on things like character encoding and general creativity. It also bears mentioning that sometimes you aren't safe from 3rd party tools in your web application as well. Never underestimate the creativity of people, especially if you have a public website.

This is a pretty good cheatsheet.

To do my testing I use Paros, it has an interesting website scanning tool that you can also run that finds some problems as well.

This question bears the repeating of this SQL Injection cartoon.