Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Current Page: 1 of 1
Results 1 - 18 of 18
3 years ago
stuckinphp
id and security through obscurity, Seinfeld ad skits take two?? In regards to linux/bsd based phone, have you seen http://meego.com/ I believe it can run on a couple of nokia phones too. Is not BSD though, it's a mix of various: http://meego.com/about/licensing-policy
Forum: Mobile Devices
4 years ago
stuckinphp
this is really nagging me now.
Forum: SQL and Code Injection
4 years ago
stuckinphp
lightos Wrote: ------------------------------------------------------- > Instead of trying with OR 1=1, you should test it > with > > AND 1=1 > AND 1=2 +1 insightful
Forum: SQL and Code Injection
4 years ago
stuckinphp
https://blogs.apache.org/infra/entry/apache_org_04_09_2010 I wonder who did it?
Forum: News and Links
4 years ago
stuckinphp
ID Password 1 o!q}da~ Sorry thrill, maybe I should have capitalized the first letter in the first instance of the word "password" to lessen the confusion. --stuckinphp - because only very smart people see the 'Posted by:' tags.
Forum: SQL and Code Injection
4 years ago
stuckinphp
Wow thanks for the info. Good stuff. I'm quite amazed, I really just figured the guys doing this stuff just did it with bank accounts in their own name and dodged, read bribed, cops in what ever corrupt nation they reside.. (possibly anywhere in reality but just using it to illustrate the point) Thanks.
Forum: OMG Ponies
4 years ago
stuckinphp
Get firefox with the firebug addon installed, allows you to edit client side any part of the dom in real time, making it easy to bypass javascript filters and input what you decide into these sorts of forms. Your other option is to write a small p (php, python, perl) script to perform automated tests. (often used for fuzzing)
Forum: SQL and Code Injection
4 years ago
stuckinphp
Those passwords look more like passwords than any password hashes I've seen.
Forum: SQL and Code Injection
4 years ago
stuckinphp
Note, I do not condone carrying out illegal acts for personal gain I just want to understand some more about the 'biz'. Hacking for profit. Do you do it? What are the safest ways to monetize your operation without leaving a money/paper trail? Are money/paper trails avoidable? I've basically been looking for a way to do it 'safely' and the only thing I can come up with is live somewh
Forum: OMG Ponies
4 years ago
stuckinphp
Er wtf. I didn't make this thread?
Forum: News and Links
4 years ago
stuckinphp
d4rw1n Wrote: ------------------------------------------------------- > I suggest that you use NULL instead of numeric to > avoid errors complaining about the the type of > field. > > So, in barbarianbob's example you can put: > detail_id=14' and 1=0 union all select NULL -- - > detail_id=14' and 1=0 union all select NULL,NULL > -- - > detail_id=14' and 1=0 un
Forum: SQL and Code Injection
4 years ago
stuckinphp
http://blogs.technet.com/mmpc/archive/2010/02/07/are-you-from-an-internet-cafe.aspx
Forum: News and Links
4 years ago
stuckinphp
your target site is running an IIS server and hosts a multitude of .asp files. PHP will not work on this web server. Sorry, you'll need an asp backdoor. Are you sure you even uploaded the file?
Forum: SQL and Code Injection
4 years ago
stuckinphp
heh just saw your other post from the other day and the webmasters address. Looks like you're already aware. :P
Forum: SQL and Code Injection
4 years ago
stuckinphp
heh, yea tested myself, doesn't work. Have you explored other potential attack surfaces? like the remote file inclusion issues on: load_file.asp - just grep the page source could prove useful however I didn't have enough time to check the lfi security. http://google.com loaded fine in the frame though. -stuck
Forum: SQL and Code Injection
4 years ago
stuckinphp
and the username..
Forum: SQL and Code Injection
4 years ago
stuckinphp
Try MONTHS=12;--comment\n<inject your query here>
Forum: SQL and Code Injection
Current Page: 1 of 1