chicco_10 Posted April 28, 2010 Report Share Posted April 28, 2010 Am o intrebare, am vazut ca pentru MySQLi trebuie ca url sa fie de forma http://targethost.com/expoit.php?id=1.Dar exista site-uri(majoritatea),care se termina in format .htm sau .html. Acestea cum pot fi sparte? Quote Link to comment Share on other sites More sharing options...
Ethereal Posted April 28, 2010 Report Share Posted April 28, 2010 cu ciocanul. Quote Link to comment Share on other sites More sharing options...
sevex Posted April 28, 2010 Report Share Posted April 28, 2010 uite ce faci:1. IEI UN BAROS2.SCRII PE EL SQL INJECTION3.II FUTI UNA LA DISPLAY4.AI SPART TOT INTERNETUL5.FI FERICIT Quote Link to comment Share on other sites More sharing options...
Vlachs Posted April 28, 2010 Report Share Posted April 28, 2010 Am o intrebare, am vazut ca pentru MySQLi trebuie ca url sa fie de forma http://targethost.com/expoit.php?id=1.Dar exista site-uri(majoritatea),care se termina in format .htm sau .html. Acestea cum pot fi sparte?html-ul respectiv poate fi un .asp sau .php, vezi daca contin ceva dupa ele, un ?, daca da poti incerca diferite metode specifice aplicatilor web daca nu trebuie sa iei acces printr-un alt site de pe acelasi host Quote Link to comment Share on other sites More sharing options...
Fitty Posted April 28, 2010 Report Share Posted April 28, 2010 Benny are dreptate...multi admini se folosesc de apache handlers, de ochii lumii Si nu numai .htm am vazut...Sau poate e doar mod_rewrite... Quote Link to comment Share on other sites More sharing options...
Naaraxi Posted April 28, 2010 Report Share Posted April 28, 2010 http://rstcenter.com/forum/22190-prostia-loveste-din-nou.rst < loldaca e vreun formular pe pagina poti incerca si acolo . pt sqli nu e nevoie de GET , neaparat . e doar mai usor Quote Link to comment Share on other sites More sharing options...
Vlachs Posted April 28, 2010 Report Share Posted April 28, 2010 http://rstcenter.com/forum/22190-prostia-loveste-din-nou.rst < loldaca e vreun formular pe pagina poti incerca si acolo . pt sqli nu e nevoie de GET , neaparat . e doar mai usormda, de ce ma faceti sa va vorbesc urat, cate sqli-uri ai exploatat tu in form-uri inafara de cele de login(doar in 10% din cazuri cred ca merge) Quote Link to comment Share on other sites More sharing options...
strike Posted April 29, 2010 Report Share Posted April 29, 2010 Atentie, nu il faceti pe benny sa vorbeasca urat mare atentie. Quote Link to comment Share on other sites More sharing options...
Naaraxi Posted April 29, 2010 Report Share Posted April 29, 2010 mda, de ce ma faceti sa va vorbesc urat, cate sqli-uri ai exploatat tu in form-uri inafara de cele de login(doar in 10% din cazuri cred ca merge)Alea 10% N-am spus ca merg toate , doar ca e posibil Quote Link to comment Share on other sites More sharing options...
chicco_10 Posted May 6, 2010 Author Report Share Posted May 6, 2010 @Ethereal si @sevex: daca tot sunteti asa de buni la dat sfaturi,luati ciocanul si barousl si dati-va in cap cu ele.Si dupa aia ia vedeti castigati la loto?Pentru ceilalti, multumesc pentru raspuns:) Quote Link to comment Share on other sites More sharing options...
