13.11.2009, 15:41
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
Провел на форуме:
3202832
Репутация:
1588
|
|
M1Ks продолжаем тему... ребята вообще тут идет такая лажа как на video.antichat.ru
когда в поле поиск вбивали кавычку и оно выдавало ошибку (все идет из-за бажного поисковика) может есть какие то способы крутить такие скули
http://rcc-penza.ru/advanced_search/
импульс на ковычку
Код:
Fatal error: Uncaught <div style="font-family: tahoma, arial; font-size: 14px; line-height: 1.5em; "><b style="color: #f00; font-size: 14px; ">Database Query Exception</b><br/><b>Message</b>: SELECT * FROM `rcc_product` WHERE (`name` LIKE '%'%' OR `code` LIKE '%'%') AND `is_group` != 1 AND (`is_hide` IS NULL OR `is_hide` = 0) AND `quantity` > 0 ORDER BY pid, name. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' OR `code` LIKE '%'%') AND `is_group` != 1 AND (`is_hide` IS NULL OR `is_hide`' at line 1<br/><b>File</b>: /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.php <b>Line</b>: 176 <br/><a href="javascript:void(0);" onclick="javascript:var st=document.getElementById('stBlock');st.style.display=(st.style.display=='none')?'block':'none';">Stack trace</a><div id="stBlock" style="display: none; margin: 0; ">0 /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.php(32): in /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.php on line 176
импульс на XSS ( "><script>alert('XSS');</script> )
Код:
Fatal error: Uncaught <div style="font-family: tahoma, arial; font-size: 14px; line-height: 1.5em; "><b style="color: #f00; font-size: 14px; ">Database Query Exception</b><br/><b>Message</b>: SELECT * FROM `rcc_product` WHERE `name` LIKE '%"><script>alert('XSS');</script>%' AND `is_group` = 1 AND (`is_hide` IS NULL OR `is_hide` = 0) AND `quantity` > 0 ORDER BY pid, name. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'XSS');</script>%' AND `is_group` = 1 AND (`is_hide` IS NULL OR `is_hide` = 0) AN' at line 1<br/><b>File</b>: /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.php <b>Line</b>: 176 <br/><a href="javascript:void(0);" onclick="javascript:var st=document.getElementById('stBlock');st.style.display=(st.style.display=='none')?'block':'none';">Stack trace</a><div id="stBlock" style="display: none; margin: 0; ">0 /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.p in /var/www/rcc-penza/data/www/rcc-penza.ru/req/db/drivers/mysql/MySqlConnection.class.php on line 176
|
|
|