http://www.idg.se/2.1085/1.76762
Edit:
Om man tittar på den catchade sidan så ser man koden:
mysql_connect("213.204.177.242","root","optww729f" ); mysql_select_db("ssu",$db); /* include("include/initvar.inc"); include("include/session.inc"); include("include/mainfunc.inc"); */ if(!isset($_GET[id])) { $id = 0; } else { $id = $_GET[id]; } $lvs_sql = "SELECT im_data, im_type FROM t_ssuimg WHERE im_id = '".$id."'"; $lax_result = mysql_query($lvs_sql, $db); while($row = mysql_fetch_object($lax_result)) { $type = $row->im_type; $buf=$row->im_data; } // $lax_row = mysql_fetch_array($lax_result); Header("Content-type: Image/GIF"); echo($buf); flush(); exit; ?>
Härligt att man inte kontrollerar inmatningar i koden...
|