hey guys... i'm in need for some help here i found this website with a php index page, and there's a mysql database behind it there's a search box in it and i tried some script but it didn't work , but i was able to make an iframe and i could see the square 200x200 on screen i mean, now that i can use iframe in this site, what can i do with it /? i mean so is this some kind of a vulnerability ? and if so, what can i do to this site i swear i have no black intentions, just testing my skills
You can iframe even google's search engine. If the IFramed part of that website does not contain/lead to any viruses is ok. If you want to use that search form , you can make a form in your website and post to that form then depending on how that form returns answers you can use an iframe or some code to retrieve results.
... thanx Alex.Gabriel if i may ask you sth else... what about the site's database ? i mean, how can i get to it, sql statements i tried gave me some weird output, i have no idea what kind of query that developer wrote, but i was able to get the full path of query-processor file inside server what should i learn to dump the database ?
You cant dump database if you don't have access to phpmyadmin(with user/password) or to an internal file writen with database info / login password/ database. If you have access to these info you can easily export database tables