What does drop table SQL injection do?

982    Asked by Aashishchaursiya in SQL Server , Asked on Jan 5, 2022

I used some vulnerability scanners to check a site of mine, and an instance of blind SQL injection was returned. However, when I try to exploit this vulnerability by entering the following into the address bar, nothing happens: http://www.example.com/articles.php?id=-1' or 68 = '66; DROP ALL TABLES; -- I don't see why this isn't working. What is the correct text I must enter into the address bar to drop all the tables ? 

Answered by Alan Taylor 
  The vast majority of web applications do not allow query stacking. The Drop table SQL injection application can allow for query stacking if you use the mysqli::multi_query()or mysqli_multi_query() functions.

You can exploit these systems using sub-select, union-selects, blind sql injection, into outfile, or loadfile(). SQLMap and Havij are both tools that automate the exploitation of SQL Injection. SQLMap is a great tool with a wide range of features, and supports a wide verity of injections and DBMS'es.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com