search

❌Delete Query Injection

hashtag
❗ Information IMPORTANT ❗

hashtag
Use When your action you are performing if that is removing something in the database then it should be the Delete Query injection type.

hashtag
You can achieve this using the following Injections: 1. Xpath Injection 2. Sub Query Injection 3. Blind Injection Both Techniques.

hashtag
-------------------------------------------------------------

hashtag
Exploitation using XPATH injection:

hashtag
It will work when the developer have inserted the error function over there. else only blind will work

hashtag
Query:


delete from products where product_id="$product_id"
delete from products where product_id='$product_id'

hashtag
Injection:

hashtag
Now lets see what will the query passed. For the above given Query first injection will work:

hashtag
So actually the above query will output the data in form of error. for rest of Exploitation using XPATH Injection

hashtag
-------------------------------------------------------------

hashtag
Exploitation using Sub-Query Injection:

hashtag
Query:

hashtag
Injection:

hashtag
Now lets see what will the query passed. For the above given Query Second injection will work:

hashtag
So actually the above query will output the data in form of error. for rest of Exploitation using Sub Query Injection.

hashtag
-------------------------------------------------------------

hashtag
Exploitation using Blind Injection:

hashtag
first we need to find the right injection string to know what query is being used inside the application.

we can not use those other testing methods because they can delete the whole database at once if worked. so testing will be a little different.

hashtag
Query:

hashtag
We are using this type of injection so that we will only delete one row at a time:

hashtag
After each you gotta check if product or anything which you wanted to delete is deleted that means your injection worked, in our case 4th one will work:

hashtag
okay that means we are commenting out the rest of query

hashtag
let us start by checking the length of database(). Quering if the length of database() is equal to 10

hashtag
if it delete the given product ID that means you are on your way else try another number then you can try checking other number and you can always use the greater and smaller than symbols to make the process faster. Once you know the length of database() you can start collecting information by testing like Blind Injection. Read Blind SQL injection or rest of the Exploitation. Just change 'or' with 'and'.

hashtag
-------------------------------------------------------------

PreviousLogin CheatsheetNextUpdate Query Injection

Last updated