[QwyZ]
01.11.2009, 16:16
короч нашел на одном интересном сайте как я понимаю инжект в скулю.дело в том что скульинж я плохо понимаю так как со скулью неработаю.вобщем посоветуте ЧТО и каким образом можно извлечь из вот такого варнинга:
« MODx Parse Error »MODx encountered the following error while attempting to parse the requested resource:
« Execution of a query to the database failed - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\">%' OR sc.longtitle LIKE '%\\">\\'>sc\\">%' OR sc.description LIKE '%\\">\\'>' at line 1 »
SQL: SELECT DISTINCT sc.id, sc.pagetitle, sc.longtitle, sc.description FROM `uХХХХХХХ_main`.`ХХХ_site_content` sc LEFT JOIN `uХХХХХХ_main`.`ХХХ_site_tmplvar_contentv alues` stc ON sc.id = stc.contentid WHERE (sc.pagetitle LIKE '%\\">\\'>sc\\">%' OR sc.longtitle LIKE '%\\">\\'>sc\\">%' OR sc.description LIKE '%\\">\\'>sc\\">%' OR sc.content LIKE '%\\">\\'>sc\\">%' OR stc.value LIKE '%\\">\\'>sc\\">%') AND sc.privateweb=0 AND sc.published=1 AND sc.searchable=1 AND sc.deleted=0;
вводил в поле поиска - ">'>sc"><
« MODx Parse Error »MODx encountered the following error while attempting to parse the requested resource:
« Execution of a query to the database failed - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\">%' OR sc.longtitle LIKE '%\\">\\'>sc\\">%' OR sc.description LIKE '%\\">\\'>' at line 1 »
SQL: SELECT DISTINCT sc.id, sc.pagetitle, sc.longtitle, sc.description FROM `uХХХХХХХ_main`.`ХХХ_site_content` sc LEFT JOIN `uХХХХХХ_main`.`ХХХ_site_tmplvar_contentv alues` stc ON sc.id = stc.contentid WHERE (sc.pagetitle LIKE '%\\">\\'>sc\\">%' OR sc.longtitle LIKE '%\\">\\'>sc\\">%' OR sc.description LIKE '%\\">\\'>sc\\">%' OR sc.content LIKE '%\\">\\'>sc\\">%' OR stc.value LIKE '%\\">\\'>sc\\">%') AND sc.privateweb=0 AND sc.published=1 AND sc.searchable=1 AND sc.deleted=0;
вводил в поле поиска - ">'>sc"><