Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 1234Next
Current Page: 1 of 4
Results 1 - 30 of 106
2 years ago
Ivan
^ LOL :)
Forum: SQL and Code Injection
2 years ago
Ivan
Happy all years dear sla.ckers ;)
Forum: OMG Ponies
2 years ago
Ivan
Thanks for http://reocities.com/ and Archive Team ;) I hope that I will find some losted tutorials ...
Forum: OMG Ponies
2 years ago
Ivan
Thanks ;) I find some usefull tips with optimized SQLMap queries ...
Forum: SQL and Code Injection
2 years ago
Ivan
I have Blind SQL injection like this: index.php?a=60 index.php?a=(70-10) index.php?a=(SELECT IF(1=1,60,65)) Return value always must be 60. Any ideas how to exploit this in the best way (with minimal bruteforce) ? Thanks ;)
Forum: SQL and Code Injection
3 years ago
Ivan
Yes, location=name is always a solution ;) But I was trying to find some way to do alert ... I don't find any NonAlpha without ( and ) ... I will keep looking :)
Forum: XSS Info
3 years ago
Ivan
Hello, I have very limited XSS vulnerability with some WAF protection. I need alert('XSS') but without ( and ). , and ; and $ are also disabled. Any tip? Thanks! Ivan
Forum: XSS Info
3 years ago
Ivan
^ Cool ;)
Forum: XSS Info
3 years ago
Ivan
Nice :) You can add few more for Huawei HG510: http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/ ;)
Forum: Projects
3 years ago
Ivan
Txt version (exported pdf): http://www.security-net.biz/txt/Http%20Parameter%20Contamination%20-%20Ivan%20Markovic%20NSS.txt I put links for images, picture 3 is most important. Interesting example btw, I will check this. Thanks ;)
Forum: Full Disclosure
3 years ago
Ivan
Yes it is my mistake, I put wrong example. Thanks, it will be changed ;)
Forum: Full Disclosure
3 years ago
Ivan
HTTP PARAMETER CONTAMINATION (HPC) original idea comes from the innovative approach found in HPP (Http Parameter Pollution) research by exploring deeper and exploiting strange behaviors in Web Server components, Web Applications and Browsers as a result of query string parameter contamination with reserved or non expected characters. Full document: http://netsec.rs/files/Http%20Parameter%20
Forum: Full Disclosure
4 years ago
Ivan
I have something like this: <td>lorem ipsum</td ##this can be controled## > I can't use < in ##this can be controled##. What browser version and attack vector can be used here ? Thanks, Ivan
Forum: XSS Info
4 years ago
Ivan
Thanks! I will try some timing attacks.
Forum: SQL and Code Injection
4 years ago
Ivan
Hello, I have something like this: mysql_query("INSERT INTO table VALUES ('$_POST','$_POST','5')"); Is there some usefull SQL injection ? I need to find table names and data from them ... Thanks, Ivan
Forum: SQL and Code Injection
4 years ago
Ivan
Cool, there is some really interesting stuff :)
Forum: News and Links
4 years ago
Ivan
Hello, I have some query like this: select * from articles where id = 1 union SELECT (CASE username WHEN password THEN WAITFOR DELAY '00:00:10' END) FROM users WHERE id = 1 And error: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'WAITFOR'. Incorrect syntax near ')'. Can You help me with this, how to delay this query ? Thanks!
Forum: SQL and Code Injection
4 years ago
Ivan
Hello everyone, On this link: http://netsec.rs/UserFiles/File/Statistika%20bezbednosnih%20propusta%20banaka%20u%20Srbiji.pdf You can download security statistic of banks in Serbia. All websites are tested for only 10 minutes. The document is in Serbian language but You will understand it ;) Now, I want to hear Your comment about this document/action but the thing that I need very much is i
Forum: News and Links
5 years ago
Ivan
6. Link to "all new posts group by category" ?
Forum: OMG Ponies
5 years ago
Ivan
@Reiners Cool, thx ;)
Forum: OMG Ponies
5 years ago
Ivan
Find few (or more) free email providers and create logic in app for creating account on them. 1. Send all data from random accounts to Yours email (again can be some free webmail). 2. Or You can create some smart logic that will create email accounts with username/password that is generated from time (and than encripted, xored or something), so You can login into that accounts and read the d
Forum: Projects
5 years ago
Ivan
I found RCP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rcp.mspx?mfr=true And TFTP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tftp.mspx?mfr=true
Forum: OMG Ponies
5 years ago
Ivan
I know that I can use: >ftp -n -s:some_file_with_commands.txt -A server But then I need external file some_file_with_commands.txt and that is not possible. Is there any option to pass ftp to download file to some location ?
Forum: OMG Ponies
5 years ago
Ivan
Netcat is ok, but it is not on default Windows instalation. I need something that Windows have by default ... or some default app that can download Netcat.
Forum: OMG Ponies
5 years ago
Ivan
I have some challenge and need Yours help ;) I have one try from cmd on Windows, to open backdoor or download and execute some backdoor file. What I need is some Windows app, that receive cmd arguments and can do things like download files or create on some way shells for remote users. Is there any idea ? Thanks, Ivan
Forum: OMG Ponies
5 years ago
Ivan
I have something like this: getURL(vbscript: dim a : dim b) but when is called (from some software that I test) I got this: getURL(vbscript:%20dim%20a%20:%20dim%20b) it is URL encoded. I need to write code without any character that will be encoded, and that is easy for everything except for space. I hope that is clearer now ?
Forum: Obfuscation
5 years ago
Ivan
Hello, I need to write some VBS POC as oneliner and without space. Lines I can separate with : but I don't know how to replace space. Example: Dim a : Dim b I need something like Dim(something)a:Dim(something)b or some another way ... Any ideas ? Thanks, Ivan
Forum: Obfuscation
5 years ago
Ivan
Does anybody have some experience in pentesting IBM Lotus Domino Web Server and Web Applications ? Any tips are welcome, thanks ;)
Forum: OMG Ponies
5 years ago
Ivan
I know that this is old message but I'm doing some research on profiling users and find that this issue is more dangerous right now. After user logout from GMail we can track all emails and labels that user read/open. With all this informations (labels names and subjects of emails) we can find more usefull informations very easy (e.g. using some social engineering) ...
Forum: Privacy
5 years ago
Ivan
Maybe this can help: http://sla.ckers.org/forum/read.php?15,11095
Forum: XSS Info
Pages: 1234Next
Current Page: 1 of 4