You can make a UNION SELECT here. Only problem is to match the columns from messages but you can guess those by adding columns until it fits:

SELECT * FROM messages WHERE unread = 1 LIMIT 
    1 UNION SELECT mail,password,1,1,1 FROM users

Just keep adding ,1 until you get the correct column count. Also you need to match the column type. Try null instead of 1.

If you can see MySql errors that would help big time here. Otherwise you got a lot of trying.

Also see owasp.org Testing for SQL Injection for some details.

You can make a UNION SELECT here. The only problem is to match the columns from messages, but you can guess those by adding columns until it fits:

SELECT * FROM messages WHERE unread = 1 LIMIT 
    1 UNION SELECT mail,password,1,1,1 FROM users

Just keep adding ,1 until you get the correct column count. Also, you need to match the column type. Try null instead of 1.

If you can see MySQL errors that would help big time here. Otherwise you got a lot of trying.

Also see Testing for SQL Injection at owasp.org for some details.

You can make a UNION SELECT here. Only problem is to match the columns from messages but you can guess those by adding columns until it fits:

SELECT * FROM messages WHERE unread = 1 LIMIT 
    1 UNION SELECT mail,password,1,1,1 FROM users

Just keep adding ,1.

If you can see MySql errors that would help big time here.

You can make a UNION SELECT here. Only problem is to match the columns from messages but you can guess those by adding columns until it fits:

SELECT * FROM messages WHERE unread = 1 LIMIT 
    1 UNION SELECT mail,password,1,1,1 FROM users

Just keep adding ,1 until you get the correct column count. Also you need to match the column type. Try null instead of 1.

If you can see MySql errors that would help big time here. Otherwise you got a lot of trying.

Also see owasp.org Testing for SQL Injection for some details.