Manual SQL Injection

So you suspect a page might be vulnerable to SQL Injection but before you run it through SQLmap, you can try the following statements to manually test the input:

The intention is for this post to grow over time and become a repository of all the sucessful manual injection points  I use.

admin' or '1'-'1
admin' or 1='1

Try variations in quote placement.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s