Взгляните пожалуйста на код Переменные $fla_ads_username и $fla_ads_password не имеют фильтрации Но попытки из серии admin') OR 1=1+--+ успеха не приносят PHP: function fla_ads_Login(){ global $fla_ads_tbl_clients; global $fla_ads_username, $fla_ads_password, $fla_ads_cookiecheck; global $strPasswordWrong; global $session_id; //echo $fla_ads_username."<br>"; if (fla_ads_SuppliedCredentials()) { if ($session_id != $fla_ads_cookiecheck) { // Cookiecheck failed $session_id = fla_ads_SessionStart(); fla_ads_LoginScreen("You need to enable cookies before you can use Flapoint Ads", $session_id); } // HEmtemp if (fla_ads_isAdmin($fla_ads_username, $fla_ads_password)) { // User is Administrator return (array ("usertype" => fla_ads_Admin, "loggedin" => "true", "username" => $fla_ads_username, "password" => $fla_ads_password, "stats_compact" => "false", "stats_view" => "all", "stats_order" => "banner_id") ); } else {$query = "SELECT client_id,permissions,language FROM $fla_ads_tbl_clients WHERE (BINARY client_user_name = BINARY '$fla_ads_username') AND (BINARY client_password = BINARY '$fla_ads_password')"; $res = db_query($query) or mysql_die();////echo $query;////echo "#" . mysql_num_rows($res) . "#";////exit; if (mysql_num_rows($res) > 0 && $fla_ads_username != "" && $fla_ads_password != "") { // User found with correct password $row = mysql_fetch_array($res); return (array ("usertype" => fla_ads_Client, "loggedin" => "true", "username" => $fla_ads_username, "password" => $fla_ads_password, "client_id" => $row['client_id'], "permissions" => $row['permissions'], "language" => $row['language'], "stats_compact" => "false", "stats_view" => "all", "stats_order" => "banner_id") ); } else { // Password is not correct or user is not known // Set the session ID now, some server do not support setting a cookie during a redirect $session_id = fla_ads_SessionStart(); fla_ads_LoginScreen($strPasswordWrong, $session_id); } } } else { // User has not supplied credentials yet // Set the session ID now, some server do not support setting a cookie during a redirect $session_id = fla_ads_SessionStart(); fla_ads_LoginScreen('', $session_id); }}
Code: admin') -- 1 admin') AND 1=1 -- 1 blabla') OR 1=1 LIMIT 0,1 -- 1 Пароль не должен быть пустым. Дальнейшей логики не видно, возможно, есть ещё какие-нибудь чеки переданных данных.