Page 1 of 1
Secure Room
Posted: Sat Feb 21, 2009 11:35 pm
by m!nus
What is the query to the mysql server? i'm a little confused with sometimes getting errors when there shouldnt be one.
and why does -- not work? ('-- in the name field)
Posted: Sat Feb 21, 2009 11:52 pm
by m!nus
"edit":
this:
Code: Select all
http://www.adum.com/secureroom/index.php?name=%27%20UNION%20SELECT%20concat(substr(@@version,1,1),%27*/AND%20password%20=%20%27,0x27,%27x%27)%20/*&password=5*/AND%20password%20=%20%27x
gives: Unknown column 'password' in 'field list'
to me, i have no fuckin idea why. the original query used exactly the same :/
Posted: Sun Feb 22, 2009 9:39 am
by osterlaus
Don't you need a table name for UNION?