14.01.2009, 15:38
|
|
Reservists Of Antichat - Level 6
Регистрация: 05.12.2006
Сообщений: 195
С нами:
10227206
Репутация:
2163
|
|
webspell cms 4.01.02 dev
articles.php:
Код:
...
$title = $_POST['title'];
$message = $_POST['message'];
$link1 = $_POST['link1'];
$url1 = $_POST['url1'];
$window1 = $_POST['window1'];
$link2 = $_POST['link2'];
$url2 = $_POST['url2'];
$window2 = $_POST['window2'];
$link3 = $_POST['link3'];
$url3 = $_POST['url3'];
$window3 = $_POST['window3'];
$link4 = $_POST['link4'];
$url4 = $_POST['url4'];
$window4 = $_POST['window4'];
$comments = $_POST['comments'];
$articlesID = $_POST['articlesID'];
safe_query("UPDATE ".PREFIX."articles SET
title='".mysql_escape_string($title)."',
content='".mysql_escape_string($message)."',
link1='".mysql_escape_string($link1)."',
url1='".mysql_escape_string($url1)."',
window1='".mysql_escape_string($window1)."',
link2='".mysql_escape_string($link2)."',
url2='".mysql_escape_string($url2)."',
window2='".mysql_escape_string($window2)."',
link3='".mysql_escape_string($link3)."',
url3='".mysql_escape_string($url3)."',
window3='".mysql_escape_string($window3)."',
link4='".mysql_escape_string($link4)."',
url4='".mysql_escape_string($url4)."',
window4='".mysql_escape_string($window4)."',
saved='1', comments='$comments' WHERE articlesID='$articlesID'");
whoisonline.php:
$sort = $_GET['sort'];
$type = $_GET['type'];
...
$ergebnis = safe_query("SELECT * FROM ".PREFIX."whoisonline ORDER BY $sort $type");
dork:
inurl:site=whoisonline inurl:desc
шелл заливается либо через squads:
либо через шаблоны |
|
|