today i visited securityfocus.com to see if there where any exploits for the script where i made a big addon for (total conversion) and i was pritty surprised when i saw my script there :S
http://www.securityfocus.com/bid/15912/info
so now i want to fix that exploit (that`s not a problem) but i also want to know how the **** you abuse exploits like that... i tried serveral things like this:
http://www.example.com/pafiledb.php...c ... id="DELETE FROM pafiledb_comments WHERE news_id = 5
with the quotes on all different kind of places and without quotes but nothing gets deleted in the database... so i`m really wondering how those exploits work...
NOTE!! this is not to abuse!! this is to learn from and make my script exploit free (as free as possible)
so.. how do i use that exploit that it actually DELETES something from the database... or alters something.. i just can`t get it working so to me it looks like the script is safe because i can`t delete a thing
Help would be verry nice.
Thanx Alot.