Secure Room

m!nus · Post by **m!nus** » Sat Feb 21, 2009 11:35 pm

What is the query to the mysql server? i'm a little confused with sometimes getting errors when there shouldnt be one.
and why does -- not work? ('-- in the name field)

m!nus · Post by **m!nus** » Sat Feb 21, 2009 11:52 pm

"edit":
this:

Code: Select all

http://www.adum.com/secureroom/index.php?name=%27%20UNION%20SELECT%20concat(substr(@@version,1,1),%27*/AND%20password%20=%20%27,0x27,%27x%27)%20/*&password=5*/AND%20password%20=%20%27x

gives: Unknown column 'password' in 'field list'
to me, i have no fuckin idea why. the original query used exactly the same :/

osterlaus · Post by **osterlaus** » Sun Feb 22, 2009 9:39 am

Don't you need a table name for UNION?