Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 

Current Page: 1 of 1
Results 1 - 4 of 4
1 year ago
Sr.Gr33n
I have tried injections like that one and (select 1 from usuarios limit 0,1)=1-- so as to identify tables in the current db but it's impossible because and (select 1)=1-- doesn't work. I don't know how to inject the web, i have read about 2xBased injection but i'm absolutley lost.
Forum: SQL and Code Injection
1 year ago
Sr.Gr33n
modesunizares/noticia_completaphp?id=14 9 columns, version 4.0.2-standard log, database 0x676D652D676D65. I've tried error 2xBased SQLi by following this guide ~> wwwvaibsin/error-based-double-query-injection/ But i think that my web isn't vulnerable. I have found lots of guides about error 2xBased SQLi but in no one it's explaied the theory about the vulnerability... any link?
Forum: SQL and Code Injection
1 year ago
Sr.Gr33n
I haven't found anything about this kind of attacks in the forum so I wan't to post some information abaut XSS Tunneling. ~> What's a XSS tunnel? Ok, XSST is a HTTP connection that you can stablish with a victim trhow a XSS usually attack. ~> What offers this attack? This kind of attacks offers you a shell based on JS and allows you to execute some commands in victim's PC but the
Forum: XSS Info
1 year ago
Sr.Gr33n
Hi everybody, I'm having seriusly problems so as to make an SQLi. I'm versus MYSQL 4.0.2 so it's a blind SQLi... and I'm trying to know table names.. 1 and (/*!50000 Select*/ 1) = 1-- seems to be functional but i have tried 1 and (/*!50000 Select count(*) from*/ COLLATION) = 1 -- and I can't see the webpage... and It's strange because COLLATION is a table that ever exists... so I
Forum: SQL and Code Injection
Current Page: 1 of 1