Table 4 The test plan
S/N | Attack type | Sample injection code |
|---|---|---|
1 | Boolean-based SQLi | ’ OR “ = “; # |
2 | Boolean-based SQLi | ‘ OR ‘1’=’1’; # |
3 | Boolean-based SQLi | ‘ OR ‘3’! =’8’ ;# |
4 | Boolean-based SQLi | ‘ OR ‘a’<>’b’ ;# |
5 | Boolean-based SQLi | aa’ OR ‘2 + 3’ < = ‘7’ ;# |
6 | Like-based SQLi | a‘ OR username LIKE ‘S%’;# |
7 | Like-based SQLi | ‘ OR password LIKE ‘%2%’;# |
8 | Like-based SQLi | ‘ OR username LIKE ‘%e’;# |
9 | Union-based SQLi | ‘UNION select * from users; # |
10 | Union-based SQLi | ‘UNION select cardNo, pin from customer; # |
11 | Error-based SQLi | ‘ convert( int, (select * from users LIMIT 1)) |
12 | Error-based SQLi | ‘ convert( int, ”aaaa”) |
13 | Error-based SQLi | ‘ round((select username from users), 3) |
14 | Batch query SQLi | ‘ ; drop table users ; # |
15 | Batch query SQLi | ‘ ; delete * from customer ; # |
16 | Batch query SQLi | ‘ ; insert into users values (‘Bala’, ‘1234’) ; # |
17 | Batch query SQL injection | ‘ ; update table users set username = ‘Bala’, password =’123’ ; # |
18 | Encoded cross-site scripting | <script> alert(" XSS ") </script> |
19 | Encoded SQL injection | & # x39 & # x85 & # x78 & # x73 & # x79 & # x78 & # x32 & # x83 & # x69 & # x76 & # x69 & # x67 & # x84 & # x32 & # x 42 & # x32 & # x70 & # x82 & # x79 & # x77 & # x32 & # x117 & # x115 & # x101 & # x114 & # x115 & # x45 & # x45 |
20 | Cross-site scripting | <script> alert(‘XSS‘) </script> |
21 | Cross-site scripting | <script>myFunction( );</script> |