Hey, Im sitting and playing around on a website, and i tryed to do a sql injection attack (just for fun), and I found a vulnerability on the site.
And it returns a MySql error (I know, It's a really smart server thats outputs the query.. ):
http://website.com/45' ORDER BY 1--
are I doing it wrong?
Unknown column '20ORDER' in 'where clause'
SELECT some1 FROM rand1 WHERE type=0 AND t=45' ORDER BY 1--
the query should be:
SELECT some1 FROM rand1 WHERE type=0 AND t=45 ORDER BY 1--