Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Current Page: 1 of 1
Results 1 - 9 of 9
2 years ago
Plitvix
2 years ago
Plitvix
Hello people, I am having problem getting one vector to work; I inject into <head><meta content="my vector"/> But problem is spaces are urlencoded to %20 and I cannot use / because of .htaccess URL rewrite(page not found) Any ideas?
Forum: SQL and Code Injection
3 years ago
Plitvix
Do we have to get output or blind injection too all tables is fine?
Forum: Obfuscation
3 years ago
Plitvix
Well, try /!*unioN*/ /*!SeLECT*/ 1,2,/*!table_name*/,4,5 /*!from*/ /*!InfoRmation_SCHEMa*/.`tables`
Forum: SQL and Code Injection
3 years ago
Plitvix
site.com/lol.php?q=1' --> q is GET parameter. Use Firefox + HackBar to make some POST requests.
Forum: SQL and Code Injection
3 years ago
Plitvix
Did the easier version, haven't tried hardened yet. Pretty cool challenge, learned few things from it. remember one thing: IMAGINE the query behind it and you will be able to see what you can use and what you cannot use.
Forum: SQL and Code Injection
3 years ago
Plitvix
Have you tried the newline trick?
Forum: SQL and Code Injection
3 years ago
Plitvix
Select * from whatever where upper(nom) like 'f0000123' union select 1,2,3,4-- - Guess that should do it. Your input: f00000123' union select 1,2,3,4,5-- -
Forum: SQL and Code Injection
3 years ago
Plitvix
Can someone explain why lower(JOS_USERS) wont work? I have tried it and no luck.
Forum: SQL and Code Injection
Current Page: 1 of 1