Payload

Applies to ReadyAPI 3.9, last modified on July 16, 2021

With this test, you fill up the contents of an element with a massive payload trying to cause unexpected behavior of the service.

For example, you know that the maximum length of a username is 25 characters. Try to enter 26 characters.

<login>
    <username>smartbear smartbear smartbear e</username>
    <password>ReaDyAP1R0ck5</password>
</login>

Also, try to use 24 and 25 characters and compare the results. To do this, clone the test and change the message.

If the service handles this input correctly, try to cause a payload overload by adding a considerably bigger number of characters.

<login>
    <username>
           smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear smartbear
        </username>
    <password> ReaDyAP1R0ck5</password>
</login>

Tip: This payload is the small one.

For example, you get the following response after sending the above request:

13:54:21,706 [Servlet.Engine.Transports : 0] FATAL WebService.CustomerService.

Login – Description: java.rmi.ServerException: RemoteException occurred in server thread;

nested exception is:

java.rmi.RemoteException: Error; nested exception is:

java.rmi.RemoteException: Problem with Query; nested exception is:

   java.sql.SQLException: Could not insert new row into the table. Context:

DataBaseRemote.getCusstomerData, customer=456789 Identity: smartbear

Details: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is: To Long UserName, must be Maximum 24 Bytes

It contains sensitive information about both the database and the application server, as well as information about the ERP system built, and the name of the used stored procedure. This test makes the application server halt, which makes it vulnerable for attacks.

See Also

Sample Login Tests

Highlight search results