Home > Cloud Computing > Cloud Security

XSS, SQL Injection and Fuzzing Barcode Cheat

Source: Internet
Author: User
Tags sql injection attack
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

I was listening to an episodePauldotcom, And Mick mentioned something about attacks on systems via barcode. because of the nature of barcodes, developers may not be expecting attacks from that vector and thus don't sanitize their inputs properly. I had previusly written"XSS, Command and SQL Injection vectors: Beyond the Form"So this was right up my alley. I constructed this page that lets you make barcodes in Code 93, Code 39, Code 39ext and Code 128A, B and C. I got the PHP librariesFrom these folks, Which seem to be free for non profit use. if you dont give input to the form, the page just shows barcodes that can be useful for sort of "fuzzing" a system to see if the input is properly sanitized. if you have problems getting them to scan, adjust the bar size. the default tests are as follows:

<Script> alert ("test") </script> This is of course the canonical XSS attack, for more interesting ones asp-top-5-louisville ">See here
Or 1 = 1 -- The canonical SQL injection attack
Just a single quote to see if SQL queries break
-- Common SQL comment to see if queries break
" Just a normal quote to see if SQL queries break
> Lets see if HTML breaks
< Same as abve, but opposite .:)
Cant print this ASCII characters 31-16 for fuzzing to see what breaks
Cant print this ASCII characters 15-0

Please only use on your own barcode reading system. by the way, please just ignore Clippy if you see him, he has to do with my IDS testing from before. if you want to make your own custom barcodes type in your string in the text area below, choose your options, and hit submit. if you just want to recode my bar codes leave the text area blank, choose your options, and hit submit. you can also type the decimal equivalent ASCII values as comma separated string, and it will ignore what is in the textarea.
If you want to just play around with individual characters, checkout ourASCII barcode chart.

Text Block:

Ascii dec (comma separated ):

Barcode Size: 1 2 3URL Encode it: Return a more printable version:

Code 93

Code 39(Always URL encoded, or double encoded, otherwise it cant make the characters)

Code 39 Extended

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sql injection vs xss php sql injection cheat sheet blind sql injection cheat sheet sql injection testing cheat sheet sql injection login cheat sheet xss injection owasp cheat sheet xss
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More