Home > other >  SQL injection to drop/empty table
SQL injection to drop/empty table

Time:03-13

I am trying to drop/empty table using user inputs.

My SQL code is $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'";

I am typing or 1=1# to login without username and password which works perfectly!

Any idea how can I drop/empty the contain of table (users)?

I have tried so may ways like:

or DROP TABLE users; or DROP TABLE users; or DROP TABLE users

CodePudding user response:

The SQL injection that you are trying to do use the closing of the request, by closing the argument with '. So, you should begin by closing the actual ' before trying to do something else.

For example :

SELECT * FROM users WHERE username = ''; here do what you want;'';

Here, the name was '; here do what you want;'. Composed of:

  • ' closing WHERE section
  • ; closing the request that is sensitive to SQL injection
  • You SQL request, for you DROP TABLE users;
  • ' to re-open what we closed at the begin

CodePudding user response:

I found the solution: I used query() instead of multi_query()

multi_query() can take more than one queries at one time.

Page link:https//www.codepudding.com/other/333384.html

Prev:Bulk insert csv file with semicolon as delimiter
Next:i want to print index of all elements without using forEach or filter or map
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding