Skip to main content

Table 4 The test plan

From: A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

S/N Attack type Sample injection code
1 Boolean-based SQLi ’ OR “ = “; #
2 Boolean-based SQLi ‘ OR ‘1’=’1’; #
3 Boolean-based SQLi ‘ OR ‘3’! =’8’ ;#
4 Boolean-based SQLi ‘ OR ‘a’<>’b’ ;#
5 Boolean-based SQLi aa’ OR ‘2 + 3’ < = ‘7’ ;#
6 Like-based SQLi a‘ OR username LIKE ‘S%’;#
7 Like-based SQLi ‘ OR password LIKE ‘%2%’;#
8 Like-based SQLi ‘ OR username LIKE ‘%e’;#
9 Union-based SQLi ‘UNION select * from users; #
10 Union-based SQLi ‘UNION select cardNo, pin from customer; #
11 Error-based SQLi ‘ convert( int, (select * from users LIMIT 1))
12 Error-based SQLi ‘ convert( int, ”aaaa”)
13 Error-based SQLi ‘ round((select username from users), 3)
14 Batch query SQLi ‘ ; drop table users ; #
15 Batch query SQLi ‘ ; delete * from customer ; #
16 Batch query SQLi ‘ ; insert into users values (‘Bala’, ‘1234’) ; #
17 Batch query SQL injection ‘ ; update table users set username = ‘Bala’, password =’123’ ; #
18 Encoded cross-site scripting <script> alert(&#34; XSS &#34;) </script>
19 Encoded SQL injection & # x39 &  # x85 &  # x78 &  # x73 &  # x79
& # x78 &  # x32 &  # x83 &  # x69 &  # x76
& # x69 &  # x67 &  # x84 &  # x32 &  # x
42 &  # x32 &  # x70 &  # x82 &  # x79 &  # x77
& # x32 &  # x117 &  # x115 &  # x101
& # x114 &  # x115 &  # x45 &  # x45
20 Cross-site scripting <script> alert(‘XSS‘) </script>
21 Cross-site scripting <script>myFunction( );</script>