Vomitblood/cspj-application
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
cspj-application/server-ml/README.md

47 lines
1.4 KiB
Markdown
Raw Blame History

# Test Cases
## 1. Basic test cases
[Good] `SELECT _ FROM users WHERE id = 1`
[Bad] `SELECT _ FROM users WHERE id = 1 OR 1=1`
## 2. Authentication bypass cases
[Bad] `SELECT _ FROM users WHERE username = 'admin' --`
[Bad] `SELECT _ FROM users WHERE username = 'admin' #`
[Bad] `SELECT \* FROM users WHERE username = 'admin' OR '1'='1'`
## 3. Union based injection cases
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT null, 'hacker'`
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT 1, 'hacked' FROM dual`
[Bad] `SELECT database() UNION SELECT 1`
## 4. Error based injection cases
[Bad] `SELECT _ FROM users WHERE id = 1 AND (SELECT 1 FROM users WHERE id=2)=1`
[Bad] `SELECT _ FROM users WHERE id = (SELECT COUNT(\*) FROM users)`
## 5. Blind SQL injection cases
[Bad] `SELECT _ FROM users WHERE id = 1; WAITFOR DELAY '00:00:10' --`
[Bad] `SELECT _ FROM users WHERE username = 'admin' AND 1=1`
## 6. Hex and Base64 encoded injection cases
[Bad] `SELECT _ FROM users WHERE username = 0x61646D696E`
[Bad] `SELECT _ FROM users WHERE username = 'YWRtaW4='`
## 7. False positives cases
[Good] `SELECT _ FROM users WHERE id = 5`
[Good] `SELECT users.name, orders.amount FROM users JOIN orders ON users.id = orders.user_id`
[Good] `SELECT _ FROM users WHERE username = ? AND password = ?`
## 8. Edge cases
[Good] `""`
[Bad] `'; --`
[Good] `12345`
[Good] `asdkjhasdkjh`
Reference in a new issue View git blame Copy permalink