Skip to content
logo
Red team
SQL injection: authentication
  • Green team
  • Blue team
  • Purple team
  • Indigo team
  • Broomstick Brief
  • Ty Myrddin
Initializing search
      • IN: Where the falcons and foxes roam
        • Swoop like falcons, silent, precise, and lethally patient
        • Mapping the lay of the land
        • Fox hunting through the digital wilds
        • A canopy of apple-blossom
          • Field notes from the fragrant branches of web app exploitation
          • Portswigger Academy labs: Controlled burn
          • Root-me: Orchard foraging
            • Root-Me Web client challenges
            • Root-Me Web server challenges
              • Insecure code management
              • Directory traversal
              • File upload: null byte
              • PHP assert()
              • PHP Filters
              • PHP Register globals
              • JWT Introduction
              • JWT (not) revoked token
              • JWT weak secret
              • Python: Server-side Template Injection Introduction
              • Command injection: filter bypass
              • Java: Server-side Template Injection (SSTI)
              • Local file inclusion
              • Local file inclusion: double encoding
              • PHP preg_replace
              • PHP type juggling
              • SQL injection: authentication
                • Resources
              • SQL injection: string
              • XSLT code execution
              • PHP path truncation
              • PHP serialisation
              • SQL injection: numeric
              • SQL injection: routed
              • SQL truncation
              • XPath injection: authentication
              • SQL injection: time-based
          • Petals and pentesting priorities
        • Getting a foothold in the top of the world tree
        • Hack the planet? Nah, just hold the door for me
        • Where wild boars plough through endpoints
        • Wolverines do not ask for permissions
        • Riches in the ground
      • THROUGH: Where the raccoons burrow and rummage
      • OUT: Where squirrels swipe the crown jewels
    • Resources

    SQL injection: authentication¶

    root-me challenge: Authentication v 0.01: Retrieve the administrator password.

    username: admin'--

    SQL authentification

    Resources¶

    • Injection SQL

    • Blackhat Europe 2009 - Advanced SQL injection whitepaper

    • Guide to PHP security : chapter 3 SQL injection

    • Blackhat US 2006 : SQL Injections by truncation

    • Manipulating SQL server using SQL injection

    Last update: 2025-05-19 17:27
    Back to top
    Previous PHP type juggling
    Next SQL injection: string
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7