Query failed: You have an error in your SQL syntax; check the manual corresponds to your MySQL server did version for the right syntax to use near 'AND can_sesion =' c552de646b04ee4514c06cc3d22c744 '' at line 1
But the error only Appears if you change the value of the cookie, example: PHPSESSID: c552 ** .... and i changed for PHPSESSID: C543 ** ... The error work, i try to add some values ??‹??‹before PHPSESSID: [] C543 ** .. and appers to be a sqli, but if i try other commands like + union + select + 1--, do not appers nothing.
I read a few tutorials, and maybe this is a xss?, Can any one help me "documents, videos or links" to know how to exploit did type of vul? and if this is sqli xss or, thx.
Bearbeitet von saske46, 21 September 2014 - 23:47 Uhr.