Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 33
26 days ago
mpour
hi bro... i wanna inject a command to an url but i cannot becasue i cannot add "&" to the url. also i used "%26" instead of "&" but it was not accepted. what can i do?
Forum: SQL and Code Injection
7 months ago
mpour
Hi can u help me . I want to insert a new password to a database for a "admin" user. I use the syntax: insert into members values('admin',,,,'admin@localhost',,,,'','pass','admin','') but no result returns. I also use the following syntax: "select @@version" and i get a valuable result. also the mysql version is 5.0.67 .
Forum: SQL and Code Injection
9 months ago
mpour
Hi I scaned a server and i found the port# 6000(X11) is open but it is accessed denied. i have a quiestion that can i hacked it?
Forum: Networking
2 years ago
mpour
Hi, on a website i find some info like sa,... . i'm not a sa user but i want to be it on a server.the port #1433 is filtered on this server. now is there any idea about how i can get a 'sa' privilege?
Forum: SQL and Code Injection
2 years ago
mpour
i found it. another question.... i wanted to connect to a sql server by port no 1433.but this port is filtered.now, how i can connect to server? i don't have any idea.
Forum: SQL and Code Injection
2 years ago
mpour
hi, how i'd find out an ip add of a website that i found is valid or not?
Forum: SQL and Code Injection
2 years ago
mpour
i could find dbo and master in my target. now what can i do? and what is that command?
Forum: SQL and Code Injection
2 years ago
mpour
hi i have a problem in using stored procedures query in ms sqli. i used master..sysdatabases query for finding db names,but i just found master. please guide me....
Forum: SQL and Code Injection
2 years ago
mpour
i find the answer. :D if we want to enumerate all db names , we can use below query: convert(int,db_name(0))-- :)
Forum: SQL and Code Injection
2 years ago
mpour
hi how i get db-names by convert query in sqli? i found two db on a website but i want to know are there any db on that website? So, how i can get it by convert query? (or any other query)
Forum: SQL and Code Injection
2 years ago
mpour
hi I've a problem in "group by" column . i bypass a login page by "having..." string. i find that ste has 4 column(till now), but when i use "group by columns-name" the site make a bellow error: " Unclosed quotation mark after the character string ''. " does it mean there are only 4 columns or not? the qury that i use is : ( 'group by C1,C2,
Forum: SQL and Code Injection
2 years ago
mpour
Hi Bro, ia there any one who know about file download injection attack? i search online but i've just found one document about it. if anyone knows about this kind of injection, helps other.
Forum: SQL and Code Injection
2 years ago
mpour
ok thanks i read owasp, but i wanna test it on a login page that i don't register in it. i scaned the page by acuntix and it showed it has a csrf vuln. now, how can i use this vulnerability? i think till i don't register on it, i can't exam it.can i? and i don't want to use social engineering.
Forum: CSRF and Session Info
2 years ago
mpour
14. sqlmap
hi, i have a question about sqlmap. i wanted to inject a site(base 64 ulr), but i couldn't. would i scan base64-url by sqlmap? if i'd, pls tell me how.
Forum: SQL and Code Injection
2 years ago
mpour
thanks you mean, csrf attack can be occure when user log-in to a website?
Forum: CSRF and Session Info
2 years ago
mpour
Hi, I searched about CSRF attack,I watched many tutorial video ( all of them like each other).I can't understand the CSRF. please guide me about CSRF.
Forum: CSRF and Session Info
2 years ago
mpour
Hi few days ago i found a site that i could upload a file(jpg,....). i had to encode my shell code and then uploaded,because the site checks files and it can diagnose a content of files. so I uploaded(by encoding my shell).now i don't know how i can use my shell.is there any way to bypass it?
Forum: Obfuscation
2 years ago
mpour
Thanks :)
Forum: SQL and Code Injection
2 years ago
mpour
yeah, for example it's a id for news, but when i remove it and send a ' , the page redirects to index page.could it be a sqli?
Forum: SQL and Code Injection
2 years ago
mpour
hi today, i found a url that it's like following: id=365b158b-a0ca-41ca-9337-2f6ed2e6e3bb i don't know what it is?! Please help me. is it a kind of encoding or not?
Forum: SQL and Code Injection
2 years ago
mpour
21. XSS
hi I don't know how I can use xss attack in the following sites: http://petition.adliran.ir/ and http://adliran.ir/default_.aspx (I think it doesn't have a xss attack-but not sure) pls guide me
Forum: XSS Info
2 years ago
mpour
Hi this site is vulnerable but i can't do it. please giude me.... http://www.signal4you.com/index.php?option=com_content&task=view&id=926
Forum: SQL and Code Injection
2 years ago
mpour
HI, I want to inject to below link: http://adliran.ir/TrmBill/Bill.aspx?CtrlId=Search please guide me how i can do it.
Forum: SQL and Code Injection
2 years ago
mpour
version: 5.0.51b-community-nt you can use: -97+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48+from+information_schema.tables-- :)
Forum: SQL and Code Injection
2 years ago
mpour
no i cant use it.
Forum: SQL and Code Injection
2 years ago
mpour
I've a problem with Microsoft JET Database. in below target , each command that i insert i get same error. I REALLY need help. i get crazyyyy!!! target : http://www.farslabour.ir/news_item.asp?NewsID=1155 error: Microsoft JET Database Engine error '80040e14' Syntax error (missing operator) in query expression 'tblNews.News_ID ='. /news/news_iteminc.asp, line 44
Forum: SQL and Code Injection
2 years ago
mpour
Hi, i've a problem in below target.i bypassed it (+/*!order*/+/*!by*/+10--) but doesn't work. guide me... http://almas-esf.ir/site/index.php?page=product&productID=4
Forum: SQL and Code Injection
2 years ago
mpour
i test it but not work. the target is : http://petition.adliran.ir/News.aspx?ID=1
Forum: SQL and Code Injection
2 years ago
mpour
Hi, question: Have i can hack a site(with oracle database) with bypassing a captcha?I dont know have i can do it.
Forum: SQL and Code Injection
2 years ago
mpour
Hi, yesterday, I injected (') to a web page,but when i used (') or (and 1=1), i couldnt see error.I mean error page doesn't show . I've a question.How i can see error page?
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2