Results 1 to 7 of 7

Thread: XSS/SQL Fuzzing Lists

Hybrid View

  1. #1
    Member
    Join Date
    May 2007
    Posts
    202

    Default XSS/SQL Fuzzing Lists

    Hi

    Can anybody link me to (or possibly upload) some good fuzzing lists for SQL Injection or XSS testing?

    I'm playing with web application testing at the moment, and would like some good, comprehensive, long, lists that I can feed into tools like Burp.

    Thanks

  2. #2
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318
    Don't eat yellow snow :rolleyes:

  3. #3
    Member
    Join Date
    May 2007
    Posts
    202

    Default

    Yep, exactly like that

    Managed to find that one yesterday, but that was the only one that I could find

  4. #4
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Does BackTrack3 have Burp? What other software on BackTrack3 can these types of lists for SQL injections can you plug this into?

  5. #5
    Member
    Join Date
    May 2007
    Posts
    202

    Default

    Doubt very much that BT3 would have burp, I wouldn't have thought that the licencing conditions would allow it.

    It should run in BT3 though, provided that the Java version is sufficiently new.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Isn't Burp commercial? Or is that only Burp Pro?

    You can do custom injections in Firefox using TamperData (though I don't think there's a way to do a list of them). Maybe w3af?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •