Entry points for injections are get- and post-requests, forms, search fields, cookie values and browser environment variables
|
Char
|
URL
|
Description
|
|
'
|
%27
|
Apostrophe or tick, used for SQL injection testing (errors)
|
|
"
|
%34
|
Quotes, used for quoting
|
|
;
|
%3b
|
Semicolon, command separator, line termination in scripts
|
|
NULL
|
%00
|
NULL, string separator for file access, command separator
|
|
RETURN
|
%0a
|
Return, command separator
|
|
+
|
%2b
|
Plus, represents space on url, sql injection
|
|
<
|
%3c
|
Opening html tag
|
|
>
|
%3e
|
Closing html tag
|
|
%
|
%25
|
Percent, double-decode, search fields, asp/jsp
|
|
?
|
%3f
|
Question mark, php
|
|
=
|
%3d
|
Equal, place multiple in url parameter
|
|
(
|
%28
|
Opening parenthesis, sql injection
|
|
)
|
%29
|
Closing parenthesis, sql injection
|
|
SPACE
|
%20
|
Space, necessary for longer scripts
|
|
.
|
%2e
|
Dot, directory traversal, file access
|
|
/
|
%2f
|
Slash, directory traversal, file access
|
|
--SPACE
|
--%20
|
Terminates SQL query
|
|
/*
|
%2f*
|
SQL Comment
|
