XSS/SQL Fuzzing Lists

**loftrat** · 09-10-2008, 02:33 PM

Hi

Can anybody link me to (or possibly upload) some good fuzzing lists for SQL Injection or XSS testing?

I'm playing with web application testing at the moment, and would like some good, comprehensive, long, lists that I can feed into tools like Burp.

Thanks

**hawaii67** · 09-11-2008, 12:44 AM

Sth. like this:

http://www.neurofuzz.com/modules/wfd...hp?cid=2&lid=9 ??

**loftrat** · 09-11-2008, 02:03 AM

Yep, exactly like that

Managed to find that one yesterday, but that was the only one that I could find

**>Dart>** · 09-11-2008, 09:48 AM

Does BackTrack3 have Burp? What other software on BackTrack3 can these types of lists for SQL injections can you plug this into?

**loftrat** · 09-11-2008, 10:51 AM

Doubt very much that BT3 would have burp, I wouldn't have thought that the licencing conditions would allow it.

It should run in BT3 though, provided that the Java version is sufficiently new.

**thorin** · 09-11-2008, 01:09 PM

Isn't Burp commercial? Or is that only Burp Pro?

You can do custom injections in Firefox using TamperData (though I don't think there's a way to do a list of them). Maybe w3af?

**loftrat** · 09-11-2008, 01:32 PM

Yep, Burp is a commercial product which is why I thought it unlikely to be distributed in BT3 (or 4, or 5, or whatever).

Anyway.....back to the sources of those lists

BackTrack Linux - Penetration Testing Distribution

Thread: XSS/SQL Fuzzing Lists

Thread Tools

Search Thread

Display

XSS/SQL Fuzzing Lists

Posting Permissions