Do you have any SQL Injection Testing "Ammo"?

Ólafur Waage picture Ólafur Waage · Nov 8, 2008 · Viewed 11.4k times · Source

When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others.

A string that could be thrown into a website database to black box check if that field is safe or not. (going to do a large test on a few inhouse tools)

Rough example, wondering if you guys know of more?

"a' or '1'='1"

"center'> < script>alert('test')< /script>"

EDIT: Found a nice XSS question on SO

Answer

&#211;lafur Waage picture Ólafur Waage · Nov 8, 2008

I've found some nice firefox addons that do the trick.

XSS Me

SQL Inject Me