# login bypass

## Burp Intruder SQLi

* [iamkashz/ctf-scripts/auth-bypass-sqli.txt](https://github.com/iamkashz/ctf-scripts/blob/main/auth-bypass-sqli.txt)

## Empty Password Array

* [doyler.net/bypassing-php-strcmp-abctf2016](https://www.doyler.net/security-not-included/bypassing-php-strcmp-abctf2016)

```bash
# try sending password= as empty array via burp
password[]=
password[]=""
```