mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
Added alternate quote variation
Added the OR bypass for when the quotes are " instead of '
This commit is contained in:
parent
b3d436d8dc
commit
3d4dea6911
|
@ -201,7 +201,9 @@ $q = '/usuarios/usuario[cuenta="' . $_POST['user'] . '" and passwd="' . $_POST['
|
|||
|
||||
```text
|
||||
' or '1'='1
|
||||
" or "1"="1
|
||||
' or ''='
|
||||
" or ""="
|
||||
string(//user[name/text()='' or '1'='1' and password/text()='' or '1'='1']/account/text())
|
||||
|
||||
Select account
|
||||
|
|
Loading…
Reference in a new issue