注入简介
Delete型注入即注入点在Delete的SQL语句中,例如:以下语句用于向指定的数据表删除数据信息,如果此处的id值来自用户且未经过滤处理,则存在SQL注入攻击风险
delete from table where id=$_GET['id'];
漏洞代码
漏洞示例代码如下所示:
<?php
/**
* Created by runner.han
* There is nothing new under the sun
*/
$SELF_PAGE = substr($_SERVER['PHP_SELF'],strrpos($_SERVER['PHP_SELF'],'/')+1);
if ($SELF_PAGE = "sqli_del.php"){
$ACTIVE = array('','','','','','','','','','','','','','','','','','','','',''