-<page xmlns:xsp="http://apache.org/xsp" xmlns:xspdoc="http://apache.org/cocoon/XSPDoc/v1" xmlns:esql="http://apache.org/cocoon/SQL/v2" xmlns:xsp-request="http://apache.org/xsp/request/2.0">
-<resources>
<resource type="file" href="database.xml?cocoon-view=pretty-content">Descriptor</resource>
<resource type="file" href="../schema.sql">Schema</resource>
<resource type="doc" href="userdocs/actions/database-actions.html">Actions</resource>
<resource type="doc" href="userdocs/xsp/esql.html">ESQL</resource>
</resources>
<title>user-list</title>
-<content>
<h1>Modular Database Actions</h1>
<hr/>
<p>The intention is to factor out those parts that are dependent on the utilised DBMS as well as the methods used to obtain the values and communicate results. Therefore three classes of modules exist:</p>
-<ol>
<li>Input Modules read data from some source (e.g. the request object or session attributes or whatever)</li>
<li>Output Modules send the data to an arbitrary destination. Again, this could be request attributes or anything else. When the database transaction finishes, it is signalled to them whether the transaction succeeded or failed.</li>
<li>Database Modules determine the value of a key attribute column in a database if it's is of auto increment type. This could be by querying the database, reading from an arbitrary source (e.g. request object) or just skipping the column when inserting a row and querying the database afterwards. This needs to be done e.g. for Informix's SERIAL or HSQLDB's IDENTITY column types.</li>
</ol>
<hr/>
<h2>Current database content</h2>
-<p>
-<sqltbl>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="4"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="4"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="140"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="140"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ' ORDER BY 999999999999; -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="62"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="62"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '', (SELECT CONCAT('GWEa4', 'GWEa4')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="276"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="276"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '', (SELECT CONCAT('_Lmnk', '_Lmnk')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="64"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="64"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '+ </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="144"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="144"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '+(SELECT CONCAT('Tqcyc', 'f7trz'))+' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="53"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="53"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '+(SELECT CONCAT('mbsPr', 'MRVVn'))+' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="262"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="262"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', add-group = (SELECT CONCAT('DzitI', 'LBwo6')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="270"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="270"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', add-group = (SELECT CONCAT('aT9mT', '63Bgo')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="59"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="59"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', add-user-groups = (SELECT CONCAT('0SDNx', 'Pb4se')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="263"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="263"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', add-user-groups = (SELECT CONCAT('865Sf', 'fVV68')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="54"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="54"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', del-group = (SELECT CONCAT('GScdv', 'g6I6D')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="269"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="269"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', del-user = (SELECT CONCAT('ahJQN', 'dbRg5')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="60"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="60"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', del-user = (SELECT CONCAT('kId6_', '_R3ad')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="272"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="272"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', groups.gid = (SELECT CONCAT('pFhTx', '2BVfM')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="271"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="271"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', groups.gname = (SELECT CONCAT('Hf4qB', '0ZPaq')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="264"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="264"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', groups.gname = (SELECT CONCAT('fB8tV', 'AkbAk')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="55"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="55"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', upd-group = (SELECT CONCAT('Tqoqp', 'Waliq')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="266"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="266"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.firstname = (SELECT CONCAT('LpcNY', 'KSNyo')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="273"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="273"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.firstname = (SELECT CONCAT('vmTnm', 'bp4BF')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="61"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="61"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.name = (SELECT CONCAT('JgfH2', 'KMqjz')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="58"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="58"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.name = (SELECT CONCAT('vduj7', 'fTIP5')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="268"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="268"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.uid = (SELECT CONCAT('DW93o', 'xbByN')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="57"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="57"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user.uid = (SELECT CONCAT('Vd1EP', 'qjbN3')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="267"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="267"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user_groups.gid = (SELECT CONCAT('l8UGZ', 'TjW5S')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="56"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="56"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ', user_groups.gid = (SELECT CONCAT('m6EiZ', 'ZlPZN')) -- ' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="265"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="265"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> ','') #' </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="63"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="63"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> '|| </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="141"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="141"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> /0 </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="142"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="142"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> IsNHIvHDio </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="11"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="11"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> </name>
<firstname> </firstname>
<uname> _QSETSoqyi </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="180"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="180"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ".exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="356"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="356"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ".exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="355"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="355"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ";exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="352"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="352"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ";exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="351"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="351"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> &ping -n 25 127.0.0.1& </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="366"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="366"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> &set& </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="345"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="345"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> '.exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="358"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="358"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> '.exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="357"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="357"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ';exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="354"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="354"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ';exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="353"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="353"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ../../../../../../../../../../../../../../../usr/bin/env| </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="487"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="487"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> /e </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="348"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="348"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ;env; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="339"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="339"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ;exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="360"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="360"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> ;exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="359"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="359"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a);env; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="342"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="342"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a;env; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="341"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="341"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a;exit(md5('w4p1t1_md5'));# </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="350"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="350"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a;exit(md5('w4p1t1_md5'));// </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="349"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="349"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a;sleep 60; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="364"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="364"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a`)` </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="362"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="362"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a`sleep 60` </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="363"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="363"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> alice </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="277"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="277"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> alice env; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="344"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="344"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> alice;env; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="343"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="343"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> a|sleep 60; </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="365"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="365"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> data:;base64,PD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA/Pg== </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="361"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="361"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> env </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="347"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="347"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> set </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="346"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="346"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<sqltblrow>
<name> alice </name>
<firstname> alice </firstname>
<uname> |env </uname>
-<action>
-<form action="edit-groups">
<input type="hidden" name="user.uid" value="340"> </input>
<input type="submit" name="edit-user" value="edit"/>
</form>
-<form>
<input type="hidden" name="user.uid" value="340"> </input>
<input type="submit" name="del-user" value="delete"/>
</form>
</action>
</sqltblrow>
-<form method="Get">
-<sqltblrow>
-<name>
<input type="text" name="user.name" size="20" maxsize="20" value=""> </input>
</name>
-<firstname>
<input type="text" name="user.firstname" size="20" maxsize="20" value=""> </input>
</firstname>
-<uname>
<input type="text" name="user.uname" size="20" maxsize="20" value=""> </input>
</uname>
-<action>
-<select multiple="1" name="user_groups.gid" size="4">
<option value="34"> ' ORDER BY 999999999999; -- ' </option>
<option value="212"> '', (SELECT CONCAT('uPP4f', 'uPP4f')) -- ' </option>
<option value="36"> '', (SELECT CONCAT('wLKlv', 'wLKlv')) -- ' </option>
<option value="198"> '+(SELECT CONCAT('5to4A', 'SJJV2'))+' </option>
<option value="25"> '+(SELECT CONCAT('qlgQD', 'niD_h'))+' </option>
<option value="206"> ', add-group = (SELECT CONCAT('1yxIG', 'ETOfo')) -- ' </option>
<option value="31"> ', add-group = (SELECT CONCAT('n8Mxs', 'yDerr')) -- ' </option>
<option value="26"> ', add-user-groups = (SELECT CONCAT('K0If7', 'JuzJP')) -- ' </option>
<option value="199"> ', add-user-groups = (SELECT CONCAT('d4fYA', '9IjTc')) -- ' </option>
<option value="205"> ', del-group = (SELECT CONCAT('E3ANe', 'xar3l')) -- ' </option>
<option value="32"> ', del-user = (SELECT CONCAT('SMOpA', 'wL0fT')) -- ' </option>
<option value="208"> ', del-user = (SELECT CONCAT('rOOtx', 'oTp2i')) -- ' </option>
<option value="207"> ', groups.gid = (SELECT CONCAT('vUTsY', '1iF0E')) -- ' </option>
<option value="201"> ', upd-group = (SELECT CONCAT('yUdO7', 'Lsobh')) -- ' </option>
<option value="209"> ', user.firstname = (SELECT CONCAT('8mAHp', 'xyYOh')) -- ' </option>
<option value="33"> ', user.firstname = (SELECT CONCAT('x6HSQ', 'hgh4f')) -- ' </option>
<option value="204"> ', user.name = (SELECT CONCAT('NRhWI', 'jwRjr')) -- ' </option>
<option value="30"> ', user.name = (SELECT CONCAT('suXG9', 'PVR6G')) -- ' </option>
<option value="202"> ', user.uid = (SELECT CONCAT('NAvqz', 'bSNVS')) -- ' </option>
<option value="29"> ', user.uid = (SELECT CONCAT('mF3nl', 'c_tp4')) -- ' </option>
<option value="203"> ', user.uname = (SELECT CONCAT('2u_MH', 'PB5zB')) -- ' </option>
<option value="28"> ', user.uname = (SELECT CONCAT('v1u7S', 'jFyml')) -- ' </option>
<option value="200"> ', user_groups.gid = (SELECT CONCAT('Jpi7A', 'joVLT')) -- ' </option>
<option value="27"> ', user_groups.gid = (SELECT CONCAT('krB7_', 'Rq2YL')) -- ' </option>
<option value="35"> ','') #' </option>
<option value="127"> '|| </option>
<option value="128"> /0 </option>
<option value="172"> 3UDX0ZRCGE </option>
<option value="5"> qasl4tNeGW </option>
</select>
<input type="submit" name="add-user-groups" value="new user"/>
</action>
</sqltblrow>
</form>
</sqltbl>
</p>
-<p>
-<sqltbl>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="' ORDER BY 999999999999; -- '"> </input>
<input type="hidden" name="groups.gid" value="34"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="'', (SELECT CONCAT('uPP4f', 'uPP4f')) -- '"> </input>
<input type="hidden" name="groups.gid" value="212"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="'', (SELECT CONCAT('wLKlv', 'wLKlv')) -- '"> </input>
<input type="hidden" name="groups.gid" value="36"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="'+(SELECT CONCAT('5to4A', 'SJJV2'))+'"> </input>
<input type="hidden" name="groups.gid" value="198"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="'+(SELECT CONCAT('qlgQD', 'niD_h'))+'"> </input>
<input type="hidden" name="groups.gid" value="25"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', add-group = (SELECT CONCAT('1yxIG', 'ETOfo')) -- '"> </input>
<input type="hidden" name="groups.gid" value="206"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', add-group = (SELECT CONCAT('n8Mxs', 'yDerr')) -- '"> </input>
<input type="hidden" name="groups.gid" value="31"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', add-user-groups = (SELECT CONCAT('K0If7', 'JuzJP')) -- '"> </input>
<input type="hidden" name="groups.gid" value="26"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', add-user-groups = (SELECT CONCAT('d4fYA', '9IjTc')) -- '"> </input>
<input type="hidden" name="groups.gid" value="199"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', del-group = (SELECT CONCAT('E3ANe', 'xar3l')) -- '"> </input>
<input type="hidden" name="groups.gid" value="205"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', del-user = (SELECT CONCAT('SMOpA', 'wL0fT')) -- '"> </input>
<input type="hidden" name="groups.gid" value="32"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', del-user = (SELECT CONCAT('rOOtx', 'oTp2i')) -- '"> </input>
<input type="hidden" name="groups.gid" value="208"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', groups.gid = (SELECT CONCAT('vUTsY', '1iF0E')) -- '"> </input>
<input type="hidden" name="groups.gid" value="207"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', upd-group = (SELECT CONCAT('yUdO7', 'Lsobh')) -- '"> </input>
<input type="hidden" name="groups.gid" value="201"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.firstname = (SELECT CONCAT('8mAHp', 'xyYOh')) -- '"> </input>
<input type="hidden" name="groups.gid" value="209"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.firstname = (SELECT CONCAT('x6HSQ', 'hgh4f')) -- '"> </input>
<input type="hidden" name="groups.gid" value="33"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.name = (SELECT CONCAT('NRhWI', 'jwRjr')) -- '"> </input>
<input type="hidden" name="groups.gid" value="204"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.name = (SELECT CONCAT('suXG9', 'PVR6G')) -- '"> </input>
<input type="hidden" name="groups.gid" value="30"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.uid = (SELECT CONCAT('NAvqz', 'bSNVS')) -- '"> </input>
<input type="hidden" name="groups.gid" value="202"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.uid = (SELECT CONCAT('mF3nl', 'c_tp4')) -- '"> </input>
<input type="hidden" name="groups.gid" value="29"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.uname = (SELECT CONCAT('2u_MH', 'PB5zB')) -- '"> </input>
<input type="hidden" name="groups.gid" value="203"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user.uname = (SELECT CONCAT('v1u7S', 'jFyml')) -- '"> </input>
<input type="hidden" name="groups.gid" value="28"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user_groups.gid = (SELECT CONCAT('Jpi7A', 'joVLT')) -- '"> </input>
<input type="hidden" name="groups.gid" value="200"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="', user_groups.gid = (SELECT CONCAT('krB7_', 'Rq2YL')) -- '"> </input>
<input type="hidden" name="groups.gid" value="27"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="','') #'"> </input>
<input type="hidden" name="groups.gid" value="35"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="'||"> </input>
<input type="hidden" name="groups.gid" value="127"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="/0"> </input>
<input type="hidden" name="groups.gid" value="128"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="3UDX0ZRCGE"> </input>
<input type="hidden" name="groups.gid" value="172"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<form>
-<sqltblrow>
-<gname>
<input type="text" name="groups.gname" value="qasl4tNeGW"> </input>
<input type="hidden" name="groups.gid" value="5"> </input>
<input type="submit" name="upd-group" value="update"/>
<input type="submit" name="del-group" value="delete"/>
</gname>
</sqltblrow>
</form>
-<sqltblrow>
-<gname>
-<form>
<input type="text" name="groups.gname" size="20" maxsize="20" value=""> </input>
<input type="submit" name="add-group" value="new group"/>
</form>
</gname>
</sqltblrow>
</sqltbl>
</p>
-<p>
-<form>
-<sqltbl>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="356"> </input>
".exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="355"> </input>
".exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="352"> </input>
";exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="351"> </input>
";exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="366"> </input>
&ping -n 25 127.0.0.1&
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="345"> </input>
&set&
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="358"> </input>
'.exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="357"> </input>
'.exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="354"> </input>
';exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="353"> </input>
';exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="487"> </input>
../../../../../../../../../../../../../../../usr/bin/env|
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="348"> </input>
/e
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="339"> </input>
;env;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="360"> </input>
;exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="359"> </input>
;exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="342"> </input>
a);env;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="341"> </input>
a;env;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="350"> </input>
a;exit(md5('w4p1t1_md5'));#
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="349"> </input>
a;exit(md5('w4p1t1_md5'));//
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="364"> </input>
a;sleep 60;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="362"> </input>
a`)`
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="363"> </input>
a`sleep 60`
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="277"> </input>
alice
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="344"> </input>
alice env;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="343"> </input>
alice;env;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="365"> </input>
a|sleep 60;
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="361"> </input>
data:;base64,PD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA/Pg==
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="347"> </input>
env
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="346"> </input>
set
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
-<form action="edit-groups">
-<sqltblrow>
-<uname>
<input type="hidden" name="user.uid" value="340"> </input>
|env
</uname>
<gname>qasl4tNeGW</gname>
-<action>
<input value="edit groups" type="submit"/>
</action>
</sqltblrow>
</form>
</sqltbl>
</form>
</p>
<hr/>
-<p>
<h2>Status Information</h2>
</p>
-<p>
<h3>Request Attributes</h3>
</p>
-<p>
-<table border="0">
<tbody> </tbody>
</table>
</p>
-<p>
<h3>Request Parameters</h3>
</p>
-<p>
-<table border="0">
-<tbody>
-<tr>
<td align="right">cocoon-view[0]</td>
<td>="pretty-content"</td>
</tr>
</tbody>
</table>
<br/>
</p>
<hr/>
</content>
</page>