Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Current Page: 1 of 1
Results 1 - 14 of 14
9 months ago
the_master
Hi there, while Im doing a penetration testing to some client i'm dealing with next problem: I have a possiblity of upload file but, I could not able to bypass the protections. The web-site uses FCKeditor, I have tried everything but file upload feature blocked(Config['Enabled'] = false in all of the languages(python, perl etc..). The web-site uses unknown CMS.. I have searched for vulner
Forum: SQL and Code Injection
9 months ago
the_master
it doesnt work because it uses urlencode function, to encode " character.
Forum: XSS Info
9 months ago
the_master
Hi there, I have a problem with some site. what it does, he gets as a input from the GET parameter encode that data and then save it as action attribute on form element. something like that: site.com/form.php?parm=hello world at the source code it looks like this: <form action="hello%20world"> so, how can I bypass that url encode to fully exploit cross site scripting on
Forum: XSS Info
2 years ago
the_master
Hi there, what if I got a situation with session based sql injection. for example: $parm = $_session['user']; $query = "Select * from '$parm'"; I know the code is wrong, but it can be exploit?(the session stors in the server-side) thx guys
Forum: SQL and Code Injection
2 years ago
the_master
Neo139 - That wont work, because if the token is run and refresh in random(and encrypted in MD5 that wont work!). anyway thanks man. lightos && Gareth Heyes thanks very much, its help!
Forum: CSRF and Session Info
2 years ago
the_master
Hi there, How I can bypass CSRF protections without XSS bug. I know about, session fixation and hijacking that through them I can to bypass the Token protection. Any ideas?
Forum: CSRF and Session Info
3 years ago
the_master
Hi guys, somebody can tell me how I illustrates XPath Injection Attack on PHP? Thanks,
Forum: Full Disclosure
3 years ago
the_master
I didnt found..
Forum: OMG Ponies
3 years ago
the_master
You can send me links? TNX
Forum: OMG Ponies
3 years ago
the_master
Hi, And my question is: How I will know somebody run on virtual machine? there have identifying marks? tnx
Forum: OMG Ponies
4 years ago
the_master
i dont know, how i secure of insecure cookie handling vulnerability. thanks
Forum: Privacy
4 years ago
the_master
ok, but all inputs/forms has no secure ?
Forum: CSRF and Session Info
4 years ago
the_master
hi all, i have question. how bypass httponly,i think by Cross Site Tracing,but i dont confident thanks
Forum: XSS Info
4 years ago
the_master
hi all, i want to learn a CSRF,but i know it is. but i dont know how is based.. thanks
Forum: CSRF and Session Info
Current Page: 1 of 1