Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Current Page: 1 of 1
Results 1 - 3 of 3
1 year ago
cfx_
Nope, comments not working.
Forum: SQL and Code Injection
2 years ago
cfx_
It filters the words union,select no matter what. Even if it is something like this "UYGEYUVFUHEWBnW$%^&YUI(**%%%select%%%%**----^^union^^-----)" it swill still filter the words.
Forum: SQL and Code Injection
2 years ago
cfx_
So there is this site that has WAF. It's kinda different from your usual WAF and not easy to bypass. Whenever you put UNION, SELECT it returns "u n i o n" and "s e l e c t"(it adds spaces which makes 'union' and 'select' useless). It does this only with these 2 words. I tried all kinds of bypass methods and encoding. An example: index.php?id=-1 union select 1,2,3-- return
Forum: SQL and Code Injection
Current Page: 1 of 1