use scripting attack,sql-injection or other
find the whole of website.
this goal is can create/change user and permission in mysql and can explain how to do it.
test in private server (debian+apache open ssl)
for more information, please see my username
*i can reply only 1 msg in the freelancer account