0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

Added alternate quote variation

Browse source 
Added the OR bypass for when the quotes are " instead of '
This commit is contained in:
Reelix 2021-08-23 00:07:02 +02:00 committed by GitHub
parent b3d436d8dc
commit 3d4dea6911
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/xpath-injection.md
View file

@ -201,7 +201,9 @@ $q = '/usuarios/usuario[cuenta="' . $_POST['user'] . '" and passwd="' . $_POST['
```text
' or '1'='1
" or "1"="1
' or ''='
" or ""="
string(//user[name/text()='' or '1'='1' and password/text()='' or '1'='1']/account/text())
Select account