Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 54
3 years ago
hyrax
I am trying to bypass a filter that works in this way: str_ireplace("script", "", $content); I know the <img src="x" onerror="jscode" /> method but is there another way to bypass that to inject js?
Forum: XSS Info
3 years ago
hyrax
I found a sqli that force all the query to uppercase, this cause no problem to get stuff from information_schema, but there are some tables that are mixed upper and lowecase and for those the query would fail cause its forced to uppercase. For example: ...com/?param=1' UNION SELECT ALL 1, 2, 3 FROM Table -- or '1'='1 gets transformed to: ...com/?param=1' UNION SELECT ALL 1, 2, 3 FROM
Forum: SQL and Code Injection
3 years ago
hyrax
1' LIKE '1' and ASCII(substring((DATABASE()),0,1))>100 -- OR '1' LIKE '1 That did the job
Forum: SQL and Code Injection
3 years ago
hyrax
I have been pentesting a php script, and I found that in a page if I try: url.com/?id=1' LIKE '1 the page opens fine, but when trying url.com/?id=1' LIKE '2 the page doesn't show an error but it also doesn't open the normal content. Could this be injectable? sqlmap says it is but it coulnd't exctact any data.
Forum: SQL and Code Injection
4 years ago
hyrax
lol nice finding
Forum: SQL and Code Injection
4 years ago
hyrax
4 years ago
hyrax
Does mysql.user user exists? if it does try getting the pwd hashes. About document_root, im not sure if theres a specific method to get it on Win and without the url is hard to tell how you could get it, but try causing some error in the site and maybe it will be displayed.
Forum: SQL and Code Injection
4 years ago
hyrax
Maybe this can help: http://hakipedia.com/index.php/SQL_Injection#addslashes.28.29_.26_magic_quotes_gpc http://eleves.ec-lille.fr/~couprieg/post/Bypass-addslashes-with-UTF-8-characters
Forum: SQL and Code Injection
4 years ago
hyrax
Here it is. hxxp://www.lv/list.php ?id=-1/**/IntO/**/OUtFilE/**/%27/usr/www/users/alexgi/previews/temp/x%27-- It's not the one I was checking when I first posted the question but it has the same error.
Forum: SQL and Code Injection
4 years ago
hyrax
Sorry if you felt I was disrespectful with you, it wasn't my intention. Anyway, there's no problem anymore, even when the website shows "File already exists" the file was created successfully. So I am guessing maybe the query gets executed twice in the page and the second one is the one that prints error (or union info) on screen. btw, i guess you are not this topsat13 http://www.c
Forum: SQL and Code Injection
4 years ago
hyrax
VMw4r3 Wrote: ------------------------------------------------------- > hyrax Wrote: > -------------------------------------------------- > ----- > > LOL! why you always want the url?! > > > > I try not to post urls here, because stupid ppl > > will always deface them. > > > your right not to post the url's but every server > is different
Forum: SQL and Code Injection
4 years ago
hyrax
You can use site like twitter or any other social networks, and post your bot commands with a custom encription tag that bots would be able to find and recognize. For example, you add day/month/year (encrypted) to your command and you post it on twitter, then the bots can encrypt day/month/year and see if theres something that contains that on twitter and if they find something they decrypt the co
Forum: Projects
4 years ago
hyrax
I think you could use IFNULL, with SUBSTRING @@version = 4 or 5 but i dont know if you can use queries for the results of IFNULL. Check the manual http://dev.mysql.com/doc/refman/5.0/en/control-flow-functions.html#function_ifnull or maybe CASE will do the job http://dev.mysql.com/doc/refman/5.0/en/case-statement.html But I think you may need to code a script for this.
Forum: SQL and Code Injection
4 years ago
hyrax
LOL! why you always want the url?! I try not to post urls here, because stupid ppl will always deface them.
Forum: SQL and Code Injection
4 years ago
hyrax
TopSaT13 Wrote: ------------------------------------------------------- > lik bro :) > to intect shell you must floder chmod 777 lik > uploads/ , img/ > if you not find floder chmod 777 you can't intect > shell > > exemple: > upload is chmod 777 > hxxt://google.com/web.php?id=-1 union select > 1,2,'test',4,5 into outfile > '/home/google/pub/upload/ts
Forum: SQL and Code Injection
4 years ago
hyrax
Nevermind, found an LFI vuln in the site, and even if the INTO OUTFILE shows File already exists, when I include the file with the LFI it loads correctly.
Forum: SQL and Code Injection
4 years ago
hyrax
Im trying an INTO OUTFILE query, if I use the site path i get "Can't create/write to file '/path/file' (Errcode: 2)" And if I use /tmp/anyfilename I get: "File '/tmp/anyfilename' already exists" I tried tons of weird filenames and it says they all exists, why could this happen?
Forum: SQL and Code Injection
4 years ago
hyrax
Don't have one right now, I haven't saved it, but i've seen this error several times already. The error is the normal "Access denied for user 'username'@'%' (using password: YES)" for sql, if you browse around for some time you will find one for sure. The url looked like this: hxxp://domain.com/page.php?id=1 UNION SELECT 1,2,3,4 INTO OUTFILE '/path/to/images/folder/x'-- Anyway
Forum: SQL and Code Injection
4 years ago
hyrax
When i get Access denied for user... when using INTO OUTFILE, is because the user doesn't have permission for that folder or for using INTO OUTFILE?
Forum: SQL and Code Injection
4 years ago
hyrax
VMw4r3 Wrote: ------------------------------------------------------- > lightos Wrote: > -------------------------------------------------- > ----- > > You can still extract information from > load_file() > > using blind sql. > > lightoswhats the best/quickest way to get > load_file() data from blind? > > I read this > http://h.ackack.net/in
Forum: SQL and Code Injection
4 years ago
hyrax
i dont think those are hashes, maybe someone with more experience can tell you but i've never seen hashes like that. At first glance they look like hex encoding but if you decode it you get crap.
Forum: SQL and Code Injection
4 years ago
hyrax
I found today that in websites hosted on theplanet.com, if you visit hxxp://IP/DOMAIN.tld it redirects you to hxxp://IP/~username/ (IP being the ip of the site you want to get the username) This doesn't work on the site you are working on but I just wanted to share it.
Forum: SQL and Code Injection
4 years ago
hyrax
the_storm Wrote: ------------------------------------------------------- > so is there a way to find a writeable directories Some scripts show the path on errors, if you can trigger an error on a php file you could see it there.
Forum: SQL and Code Injection
4 years ago
hyrax
lightos Wrote: ------------------------------------------------------- > You can still extract information from load_file() > using blind sql. Do you have some paper about this or could you give me some hints to find more info about it? regards
Forum: SQL and Code Injection
4 years ago
hyrax
Nice, thanks for the lists, I didn't had the one from reiluke tools. I found that INTO OUTFILE works on this site, but I am still trying to figure out full path and then a writeable one, cause UNION doesn't seem to print anything so I can't use load_file.
Forum: SQL and Code Injection
4 years ago
hyrax
Does someone has a tables/columns names list? Anyway I suspect they have uppercase so its looking very hard to guess :/
Forum: SQL and Code Injection
4 years ago
hyrax
VMw4r3 Wrote: ------------------------------------------------------- > I know. lol, Sorry, > I was was just saying that after i make sure that > a site only has blind sqli v4 I check for > mysql.user. > > hxxxp://www.fernandezgarrido.com/precios.php3?marc > a=2 and (select 1 from usuario limit 0,1)=1 <-- > returns true > > Tables and columns are i
Forum: SQL and Code Injection
4 years ago
hyrax
hxxxp://www.fernandezgarrido.com/precios.php3?marca=2 and (select 1 from mysql.user limit 0,1)=1 <- doesnt returns neither true or false, it gives error :(
Forum: SQL and Code Injection
4 years ago
hyrax
A friend just told me how to "LIMIT" the query using: ' UNION ALL SELECT columnName FROM (SELECT TOP (1) * FROM (SELECT TOP 1 * FROM tableName ORDER BY columnName ASC) AS tbl2 ORDER BY columnName DESC) AS tbl3;-- But I still coulnd't figure out how to get more columns on columnName.
Forum: SQL and Code Injection
4 years ago
hyrax
1st question: I am trying to retrieve data from a MSSQL db, I can get one column using ' UNION ALL SELECT columnName FROM tableName;-- But I want to get all the columns for each row, I tried: ' UNION ALL SELECT columnName FROM tableName UNION ALL SELECT columnName2 FROM tableName;-- Doesn't work, it doesn't show an error but it only prints columnName and not ColumnName2. I also trie
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2