[OWASP-Bangalore] Payloads for manual pen test

us1903 sharu89 at gmail.com
Mon Mar 18 10:21:40 UTC 2013


If you are just looking for payloads and attack vectors then I'm guessing
you are fuzzing.

Here's OWASP list for fuzz testing:
https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors

For SQL injection:
http://pentestlab.wordpress.com/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/

There are some cheatsheets on: *ha*.*ckers*.org

Do a web search with <attack name> cheatsheet...you will find many :)

Cheers!
Sharath


On Mon, Mar 18, 2013 at 3:33 PM, Kannan, Vinod K <
vinod.k.kannan at jpmorgan.com> wrote:

>   Hi all,****
>
> ** **
>
> I need a list of payloads that can be used during a manual web pen test.
> For example I looking for use cases like ‘OR 1=1’ that we type in to check
> for SQL injections vulnerabilities. I need the whole list of usages like
> this for various vulnerabilities. Any help is highly appreciated.****
>
> ** **
>
> Regards,****
>
> Vinod  ****
>
> This email is confidential and subject to important disclaimers and
> conditions including on offers for the purchase or sale of securities,
> accuracy and completeness of information, viruses, confidentiality, legal
> privilege, and legal entity disclaimers, available at
> http://www.jpmorgan.com/pages/disclosures/email.
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20130318/475200b4/attachment.html>


More information about the OWASP-Bangalore mailing list