Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 

Current Page: 1 of 1
Results 1 - 6 of 6
5 years ago
slacker
ntp : ------------------------------------------------------- > so what you're saying is "Don't diff after > and look for fixes to "? > > more specifically, it seems you're saying "do > reveal how you found a ". nobody is going to > reveal how they found a . probably half the > it's some really lame (like > changelogs). sometimes the
Forum: Vendor Talk
5 years ago
slacker
http://it.slashdot.org/comments.pl?sid=396432&cid=21780042 That post seems rather illuminating. It suggests, among other things, that a lot of Security Focus' vulnerabilities may come from changelogs. Is there a way to tell when a vulnerability has or hasn't come from a changelog? http://www.securityfocus.com/bid/32842/info Due to the release dates, I think that vulnerability was pull
Forum: Vendor Talk
5 years ago
slacker
There's a particular website with an SQL injection vulnerability in the login module. If you type "' or 1=1 --" as the username, you'll be logged in as the first user - testuser. Only problem: this first user's account has been disabled. To get around this, I tried "' or 1=1 and user <> 'testuser'", but "user" isn't the column name (despite being the name o
Forum: SQL and Code Injection
6 years ago
slacker
I'm trying to do some SQL injection via UNION but don't know the column names. I can't do UNION SELECT * FROM table_name because if I do, I'll get this error: The used SELECT statements have a different number of columns I could do UNION SELECT column_name FROM table_name, but I don't know the column names. Is there a way to perform a SELECT without column names in MySQL? Maybe just s
Forum: SQL and Code Injection
6 years ago
slacker
What do you suppose it might be injecting into? TOP? If so, that suggests that TOP ... SELECT ... would work. I tried doing "1; SELECT 1 --" and now appear to be IP banned.
Forum: SQL and Code Injection
6 years ago
slacker
http://www.naturesweettomatoes.com/default.asp?IsDev=False&NodeId=-1%20or%201=1%20/%2A Any ideas? MSSQL often complains that /*'s aren't closed with */, but that's not the error I'm getting (if it were, replacing /* with %23 would be sufficient to fix it). If there were unclosed paranthesis, you'd think it'd say that, as well. As is, the error is incredibly non-descript, in my opin
Forum: SQL and Code Injection
Current Page: 1 of 1