[OWASP-Bangalore] Payloads for manual pen test

Kannan, Vinod K vinod.k.kannan at jpmorgan.com
Mon Mar 18 11:30:28 UTC 2013

Thanks a lot Sharath..

From: owasp-bangalore-bounces at lists.owasp.org [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of us1903
Sent: Monday, March 18, 2013 3:52 PM
To: OWASP Bangalore Mailing List
Subject: Re: [OWASP-Bangalore] Payloads for manual pen test

If you are just looking for payloads and attack vectors then I'm guessing you are fuzzing.

Here's OWASP list for fuzz testing: https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors

For SQL injection: http://pentestlab.wordpress.com/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/

There are some cheatsheets on: ha.ckers.org

Do a web search with <attack name> cheatsheet...you will find many :)


On Mon, Mar 18, 2013 at 3:33 PM, Kannan, Vinod K <vinod.k.kannan at jpmorgan.com<mailto:vinod.k.kannan at jpmorgan.com>> wrote:
Hi all,

I need a list of payloads that can be used during a manual web pen test. For example I looking for use cases like 'OR 1=1' that we type in to check for SQL injections vulnerabilities. I need the whole list of usages like this for various vulnerabilities. Any help is highly appreciated.


This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy and completeness of information, viruses, confidentiality, legal privilege, and legal entity disclaimers, available at http://www.jpmorgan.com/pages/disclosures/email.

OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org<mailto:OWASP-Bangalore at lists.owasp.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20130318/3d71d706/attachment.html>

More information about the OWASP-Bangalore mailing list