Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 

Current Page: 1 of 1
Results 1 - 16 of 16
2 years ago
johndoe
hello guys i just found out by my own how to include html within javascript... a working link with vulnerable formmail is here: http://apo rre alo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert%28123%29;alert%28document.write.value=%3Ch1%3EHello%20%3C/h1%3E%29; notice URL encoding... the original formmail javascript injection was h
Forum: CSRF and Session Info
2 years ago
johndoe
HELLO GUYS I WAS EXPERIMENTING AND TAMPERING AROUND WITH A PICTURE AND DOING IMAGE INJECTION.I TOOK OF A HALO PICTURE I SHOT THEN I USED HXD HEX EDITOR AND EMBEDDED PHPINFO CODE INSIDE PIC, AFTER JPEG HEADER, I SAVED IT AS ,PHP,JPEG. THEN I USED GIMP AND CONVERTED THE PICTURE TO BLACK AND WHITE, i saved the file as .php.jpeg,in gimp FUNNY THING IS GIMP OPENS THE FILE AFTER I INSERTED THE PHP COD
Forum: News and Links
2 years ago
johndoe
Hi guys i was reading about the Gateway time out errors and how they are produced, is it possible to make a request to these php functions and overload a specific website so it would crash and/or freeze? I was thinking about the following: 1.-making a very big request in those webpages, the logical consecuence will be that the server could not fulfill the request and come to a halt 2.- Use pi
Forum: DoS
2 years ago
johndoe
sorry guys im new to the forum, not to forums, im not familiar with the way how the forum is displayed.
Forum: SQL and Code Injection
2 years ago
johndoe
Hello guys sorry if ive been replying in other posts, i didnt see the create new topic until today, its usually below in forums... Well i found the following vulnerabilities in this site: www. aporr ealos.com/forum links: 1-- http://aporrealos.com/forum/memberlist.php?mode[]= Errors shown: Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/aporrea/
Forum: SQL and Code Injection
2 years ago
johndoe
but id have to be registered or not??
Forum: SQL and Code Injection
2 years ago
johndoe
I GOT 2 OR 3 INECTABLE TABLES!! Here are the links, could you please help me to obtain the users passwords please? and how do i go to /etc/password? 1.- http://www.aporrealos.com/~aporrea/forum/viewtopic.php?t=21703&start=-1&postdays=-&postorder=asc&highlight= Could not obtain post/user information. DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax;
Forum: SQL and Code Injection
2 years ago
johndoe
if you recall the filter it for me post i commented in i found the phpinfo file using linux terminal, id like to know how can i upload it here, also i found sql injections in memberlist.php and groupcp.php Using deduction i guessed that the forum version is around 2.0.20 here are the links with forums and error messages: ITS A FULL PATH DISCLOSURE CAN YOU HELP ME TO OBTAIN USERS PASSWORD
Forum: SQL and Code Injection
2 years ago
johndoe
www.globovision.com i just found via burp proxy, not firefox, that by adding single quote in some pages it gives sql errors.. http://www.globovision.com/channel.php? is an example.. where do i go afterwards from here?
Forum: SQL and Code Injection
2 years ago
johndoe
im having problems pasting source code here...
Forum: SQL and Code Injection
2 years ago
johndoe
guys ive been searchinf on security sites and reading source code from web site, also ive used burp suite, by myself i found a possible sql injection in memberlist.php, ive been able to do an order by there.. ill put some examples: http:// aporrealos. com /forum/memberlist.php THE SITE DISPLAYS THE REGISTERED USERS ACCORDING TO FIRST REGISTER AND SO ON, I AM SUSPICIOUS THIS PAGE COULD BE
Forum: SQL and Code Injection
2 years ago
johndoe
thanks!!! is it possible to xss a forum using any webpage that accepts post method??like for example, privatemessage.php, signature under your comments, or upload form?
Forum: SQL and Code Injection
2 years ago
johndoe
i have a similar problem but i managed to upload shells in 2 or 3 serves but give me same errors, i did it through search box here is the post: http://sla.ckers.org/forum/read.php?16,40512 i posted pics of how it was done.
Forum: SQL and Code Injection
2 years ago
johndoe
hi guys ve been learning more and been finding some nice things to do in .pl and .cgi scripts, they tend to be executable and/or use other commands in same url.. well today i managed to find 2 sites, which i could upload a php shell "through" the search box. one of the sites i listed lets you do a LFI: www.panorama.com.ve through the search box well i managed to upload c999, c
Forum: SQL and Code Injection
2 years ago
johndoe
i found sql, mysql version 5.0.92-50
Forum: SQL and Code Injection
2 years ago
johndoe
hi mates im new here and im learning about sql injection, html and javascript.. ok i have 2 working links which give sql errors and one which i used nikto.pl and gave me sites vulnerabilities.. http://aporrealos.com/forum/viewforum.php?f=-11?ref=1+and+%28select+1+from%28select+count%28*%29,concat%28%28select+concat%28email,0x3a,password%29+from+sexdating_users+limit+0,1%29,floor%28Rand%280%2
Forum: SQL and Code Injection
Current Page: 1 of 1