XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.We are gonna...

Broken Authentication and Session Management is on number 2 in OWASP Top 10 vulnerability list 2013. In mutillidae , it contain three subsection.Authentication BypassPrivilege EscalationUsername EnumerationWe have already covered Username enumeration in last article & we got valid username list which exist in database....

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.or 1=1or 1=1--or 1=1#or 1=1/*admin' --admin' #admin'/*admin'...