Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 16 of 16
2 years ago
johndoe
hello guys i just found out by my own how to include html within javascript... a working link with vulnerable formmail is here: http://apo rre alo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert%28123%29;alert%28document.write.value=%3Ch1%3EHello%20%3C/h1%3E%29; notice URL encoding... the original formmail javascript injection was h
Forum: CSRF and Session Info
2 years ago
johndoe
HELLO GUYS I WAS EXPERIMENTING AND TAMPERING AROUND WITH A PICTURE AND DOING IMAGE INJECTION.I TOOK OF A HALO PICTURE I SHOT THEN I USED HXD HEX EDITOR AND EMBEDDED PHPINFO CODE INSIDE PIC, AFTER JPEG HEADER, I SAVED IT AS ,PHP,JPEG. THEN I USED GIMP AND CONVERTED THE PICTURE TO BLACK AND WHITE, i saved the file as .php.jpeg,in gimp FUNNY THING IS GIMP OPENS THE FILE AFTER I INSERTED THE PHP COD
Forum: News and Links
2 years ago
johndoe
Hi guys i was reading about the Gateway time out errors and how they are produced, is it possible to make a request to these php functions and overload a specific website so it would crash and/or freeze? I was thinking about the following: 1.-making a very big request in those webpages, the logical consecuence will be that the server could not fulfill the request and come to a halt 2.- Use pi
Forum: DoS
2 years ago
johndoe
sorry guys im new to the forum, not to forums, im not familiar with the way how the forum is displayed.
Forum: SQL and Code Injection
2 years ago
johndoe
Hello guys sorry if ive been replying in other posts, i didnt see the create new topic until today, its usually below in forums... Well i found the following vulnerabilities in this site: www. aporr ealos.com/forum links: 1-- http://aporrealos.com/forum/memberlist.php?mode[]= Errors shown: Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/aporrea/
Forum: SQL and Code Injection
2 years ago
johndoe
but id have to be registered or not??
Forum: SQL and Code Injection
2 years ago
johndoe
I GOT 2 OR 3 INECTABLE TABLES!! Here are the links, could you please help me to obtain the users passwords please? and how do i go to /etc/password? 1.- http://www.aporrealos.com/~aporrea/forum/viewtopic.php?t=21703&start=-1&postdays=-&postorder=asc&highlight= Could not obtain post/user information. DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax;
Forum: SQL and Code Injection
2 years ago
johndoe
if you recall the filter it for me post i commented in i found the phpinfo file using linux terminal, id like to know how can i upload it here, also i found sql injections in memberlist.php and groupcp.php Using deduction i guessed that the forum version is around 2.0.20 here are the links with forums and error messages: ITS A FULL PATH DISCLOSURE CAN YOU HELP ME TO OBTAIN USERS PASSWORD
Forum: SQL and Code Injection
2 years ago
johndoe
www.globovision.com i just found via burp proxy, not firefox, that by adding single quote in some pages it gives sql errors.. http://www.globovision.com/channel.php? is an example.. where do i go afterwards from here?
Forum: SQL and Code Injection
2 years ago
johndoe
im having problems pasting source code here...
Forum: SQL and Code Injection
2 years ago
johndoe
guys ive been searchinf on security sites and reading source code from web site, also ive used burp suite, by myself i found a possible sql injection in memberlist.php, ive been able to do an order by there.. ill put some examples: http:// aporrealos. com /forum/memberlist.php THE SITE DISPLAYS THE REGISTERED USERS ACCORDING TO FIRST REGISTER AND SO ON, I AM SUSPICIOUS THIS PAGE COULD BE
Forum: SQL and Code Injection
2 years ago
johndoe
thanks!!! is it possible to xss a forum using any webpage that accepts post method??like for example, privatemessage.php, signature under your comments, or upload form?
Forum: SQL and Code Injection
2 years ago
johndoe
i have a similar problem but i managed to upload shells in 2 or 3 serves but give me same errors, i did it through search box here is the post: http://sla.ckers.org/forum/read.php?16,40512 i posted pics of how it was done.
Forum: SQL and Code Injection
2 years ago
johndoe
hi guys ve been learning more and been finding some nice things to do in .pl and .cgi scripts, they tend to be executable and/or use other commands in same url.. well today i managed to find 2 sites, which i could upload a php shell "through" the search box. one of the sites i listed lets you do a LFI: www.panorama.com.ve through the search box well i managed to upload c999, c
Forum: SQL and Code Injection
2 years ago
johndoe
i found sql, mysql version 5.0.92-50
Forum: SQL and Code Injection
2 years ago
johndoe
hi mates im new here and im learning about sql injection, html and javascript.. ok i have 2 working links which give sql errors and one which i used nikto.pl and gave me sites vulnerabilities.. http://aporrealos.com/forum/viewforum.php?f=-11?ref=1+and+%28select+1+from%28select+count%28*%29,concat%28%28select+concat%28email,0x3a,password%29+from+sexdating_users+limit+0,1%29,floor%28Rand%280%2
Forum: SQL and Code Injection
Current Page: 1 of 1