Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 31
5 years ago
dann
Hi backbone, Nice points, thanks! There is someway of use all this lang convertions to create for example a XSS only with apla and numbers? I mean, not just convert from ascii to hex. I mean something related with this lang convertions that could be a real evasion... The same kind of problems aply to LFI/RFI? I can't see anything... In your opinion, today what are the most obscure and
Forum: SQL and Code Injection
5 years ago
dann
Hi I was thinking, how PHP work with this other languages supports/accents, like Cyrilic, Latin-1, etc. Someone have any experience with it? It convert automatically convert the characters to English International standard? Someone know of ways it's used to bypass security mechanisms? Any technical link, idea, documents, snippets of code will be awesome. thanks
Forum: SQL and Code Injection
5 years ago
dann
Hi holiman Tnks for reply, but I look something ready, LOL, is not possible I will have to write a tool for it, I can't believe no other persons have this necessity and coded a tool like that. Any other input is welcome.
Forum: Networking
5 years ago
dann
Hi! Does anyone know to easy install and configure an web proxy for windows which enable headers rewrite? I need to setup a fast web proxy at my windows box to replace all headers (before they are sent to the webserver) of the "Cookie" field and a proprietary header. Well, I did look at the Paros for example and BurpSuite, however I only found a way to do it manualy (request by
Forum: Networking
5 years ago
dann
Hi! Thanks Reiners and lightos for the big help, they were amazing. Problem solved, just inject using for example \'+and+1=1# cya
Forum: SQL and Code Injection
5 years ago
dann
Hi, No, it do not work, in both cases I get back no SQL error and also a negative error message (which means the injection did not worked). I was thinking, the behaviour is strange... take a look at my first post, do not looks like the application is replacing a single quote with a double quote? Is there a way to bypass it? off: Comments at mysql are -- or # ? Thankz
Forum: SQL and Code Injection
5 years ago
dann
A important point, any data I submitt or the query return, never is showed back for the application.
Forum: SQL and Code Injection
5 years ago
dann
Hi lightos, Thank you so much for the help. Well, anyother data which I insert, like the queries: arg1=1 and 1=1-- - arg1=1 and 1=0-- - arg1=-1 union select column_name,2 from information_schema.columns-- - arg1=-1 union select concat(user,0x3A,password) from mysql.user-- - Just return the normal page, which say my credential was not found at database. To make things clear, thi
Forum: SQL and Code Injection
5 years ago
dann
Hi! I'm doing some tests in a app wrote in ASP.NET (framework 2.0) and the database is Mysql 5.0, at the first instance it appear to be NOT vulnerable to injections, however if I insert some special strings I got errors from database (which make me think it can be exploitable). For example, If I send to the parameter the following (via POST): arg1=1' arg1='1 arg1=--1 arg1=1-- arg1=;1
Forum: SQL and Code Injection
6 years ago
dann
Hi all, Thank you for all replys. My backend is SQL Server. The comment trick instead of spaces does not work. The site http://h4k.in/encoding/ is not online anymore... :( Thank you all. regards,
Forum: SQL and Code Injection
6 years ago
dann
Hi .mario, Thank you for fast and useful reply. Hummm... I used the evasion techniques implemented in the new SQLninja, which use HEX encoding via stored procedures in SQL Server, is this your suggestion? Cause it's detected by my target system. :/ I was looking the attacks you post in your site, the last is really hot, is that a valid attack (i mean, it works?)? Can it be decoded corre
Forum: SQL and Code Injection
6 years ago
dann
Yo dudes how are you doing? I tring to exploit a application protected by a smart IDS or something like that, and I appreciate the help you could provide me... I found a common integer variable vulnerable to SQL Injection, query more or less like: http://www.site.com/page.asp?id= I could manage via union and build-in stored procedures like @@version to extract the name of the machin
Forum: SQL and Code Injection
6 years ago
dann
Yo guys, I seen many documents explain how preg replace in php can be used to execute code using /e modifier. Also I seen some attacks to preg replae (without /e modifier) where the user inject (user inputed is passed as first paramter to preg replace) the /e modifier and using null byte to comment the old preg replace and consequently execute code. Examples: http://www.milw0rm.com/exp
Forum: SQL and Code Injection
6 years ago
dann
Nobody? :(
Forum: SQL and Code Injection
6 years ago
dann
Hi, Maybe it's tiger? http://en.wikipedia.org/wiki/Tiger_%28hash%29 Tiger is 192 bits longs... So maybe your hash is somethings like: 52 hex long hash that in 26 bytes. Tiger is 24 bytes (192 bits) so maybe your system used a salt (with 2 bytes), gerenating the 26 bytes long hash... Maybe this link help... http://en.wikipedia.org/wiki/List_of_hash_functions The applicati
Forum: SQL and Code Injection
6 years ago
dann
Hi everybody, Backing to my studys in Java source code security review...I have a specific java security questions, if someone could help me... Other small piece of code that look interesting for me, is... <jsp:include page="<%= window.getHeaderUri() %>"/> Well, the code is java servelts page, and the interesting it that it call include(), by default java is more
Forum: SQL and Code Injection
6 years ago
dann
Hi Valentin, Well, hack, deface, etc others page it not nice, so I will neither look at the link. However, take a look at this book, its a good start for web app flaws. http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778 Take care. Regards,
Forum: SQL and Code Injection
6 years ago
dann
Hi, Thank you all for repply! It was very useful! Even the books reference, Im downloading it. :) Regards,
Forum: SQL and Code Injection
6 years ago
dann
Hi guys, How are you doing? I have a doubt, I have a query more or less like this one: String mysql = "SELECT COUNT(users) FROM usertbl WHERE typeusr = active AND pfusr in (SELECT flusers FROM usertbl WHERE histusr = " + UserInput + ") "; Where UserInput is controlled by an attacker and is a data of string type. The only way that I know to blind sql injection in O
Forum: SQL and Code Injection
6 years ago
dann
Hi, Thank you for all reply. What blackhat slides? Do you know the title and speaker name? Or a link? What should be really amazing, is if I could find a big list with dangerous functions and methos in Java and J2EE focused in Web Applications and a short description about that. Anyone knwo a list like that? Maybe in some book? Thank you, Regards
Forum: SQL and Code Injection
6 years ago
dann
Hi guys, How are you? I have a web application developed in Java and I would like to check it for security problems. What do you suggest me to read to be able to do this job with a good rate of sucess? :) Are there any document in web that describe in details a kind of checklist for security source code review for web java based applications? :) Are some automated source code tool with
Forum: SQL and Code Injection
6 years ago
dann
Hi birdie, Thnak you. Useful reply. Cheers and marry xmas.
Forum: SQL and Code Injection
6 years ago
dann
Hi, I have a doubt that can appear really idiot, but for me is not so obvious the answer... I have a script in ASP which read a variale via GET called $umovie, this script when read this variable do some check and remove ALL quotes and doubles quotes from it in a correct way. So this variable is used in a query like this one: SELECT * FROM Movie WHERE fname = '$umovie' The problem is,
Forum: SQL and Code Injection
6 years ago
dann
Ahhh, also sorry for long time without post in this thread, but I was really busy with university. :(
Forum: SQL and Code Injection
6 years ago
dann
Hi Guys, First of all, thank you a lot for all your replys. It was very useful. :) So in resume we can say that call create_function() when the second paramter is controlled by the user is dangerous? A nice point in the two examples is that create_func1.php: <? $xa = $_GET['x']; $formulax = $_GET['formula']; echo "\nValue formulax is $formulax and xa is $xa\n"; $my
Forum: SQL and Code Injection
6 years ago
dann
Hi, Check this thread, can be very helpful... http://sla.ckers.org/forum/read.php?16,16796 Cheers
Forum: SQL and Code Injection
6 years ago
dann
Hi Ronald, Thank you for your reply. I thinked it too, but my tests doesn't showed it.. :( Quote<? $xa = $_GET['x']; $formulax = $_GET['formula']; echo "\nValue formulax is $formulax and xa is $xa\n"; $myfunc = create_function('$xa', "return $formulax;"); print("$myfunc"); ?> If I call: http://localhost/cf.php?formula=phpinfo()&x=phpi
Forum: SQL and Code Injection
6 years ago
dann
Hi Guys, How are you doing? My second post at the board, hope it doesn't be so dumb... hehe I seen a publication about the tikiwiki php code injection (http://securityvulns.ru/Sdocument162.html), it's very nice. I seen the problem is with a function called create-function(), I never had seen it and doesn't had idead it could be used to inject php code. Somebody have some paper to su
Forum: SQL and Code Injection
6 years ago
dann
Hi guys, Thank you a lot for all the answers, they were very useful.... I will look for this answers, do some research and make some tests to get my conslusion... Thank you again. Cheers
Forum: SQL and Code Injection
6 years ago
dann
Hi .mario and Ronald, First of all thank you for so fast and useful replys. :) QuoteRegarding XSS: It always depends on what the user is allowed to do and how the application is built. If he isn't allowed to post any HTML on your site it's pretty easy to filter against XSS - just make sure the user generated content is only displayed sanitized. Like with htmlentities()? QuoteIf he is i
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2