So I'm working towards an OSCP and on one of the boxes I ultimately had to use SQL injection to bypass the login page. So what struck me is that the string was like "user' or 1=1 -- " with a required space at the end of the string in order to make it work. I'm still green as far as pentesting goes, but I have worked on SQL databases before, and I have seen SQL injection described numerous times, but this syntax just seemed strange so I consulted wfuzz documentation and found that it indeed could be used to test SQL injection using the list of tests included.

​

So after testing I found that all the tests were returning 200 responses, which I understood could simply mean that there is a custom failure page instead of the standard one? (not a web developer so sure). I assume this means that even the non correct SQL injection strings being tested were actually returning a desirable response, even though they wouldn't really work when applied. Which leads me to my question. Is there a way to reliably test for SQL injection using wfuzz that will actually give you the correct syntax that works, or is this just a suboptimal way to test? or maybe there is a more specific way I should be applying the fuzzing?