|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| |
|
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145
People Online:
Visitors: 576
Members: 0
Total: 576
|
|
|
|
|
|
PacketStorm News |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
UNION... how to |
|
Posted: Mon May 17, 2004 9:39 pm |
|
|
guesty |
Beginner |
|
|
Joined: May 17, 2004 |
Posts: 3 |
|
|
|
|
|
|
|
When SQL inj. is available and UNION works, what options do I have? I mean, only SELECT after union? Because I tried UPDATE, DELETE and nothing worked.
Code: | $result=$db->sql_query("
SELECT lid, url, title, description, date, hits, downloadratingsummary, totalvotes,
totalcomments, filesize, version, homepage
FROM ".$prefix."_downloads_downloads
WHERE sid=$sid
order by $orderby
limit $min,$perpage
"); |
And here for example. After pasting UNION... 0,0,some_var... could you explain, how these variables are being assigned to the vars from first SELECT? Because I don't quite understand this. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|