Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 33
7 days ago
mpour
hi bro... i wanna inject a command to an url but i cannot becasue i cannot add "&" to the url. also i used "%26" instead of "&" but it was not accepted. what can i do?
Forum: SQL and Code Injection
6 months ago
mpour
Hi can u help me . I want to insert a new password to a database for a "admin" user. I use the syntax: insert into members values('admin',,,,'admin@localhost',,,,'','pass','admin','') but no result returns. I also use the following syntax: "select @@version" and i get a valuable result. also the mysql version is 5.0.67 .
Forum: SQL and Code Injection
8 months ago
mpour
Hi I scaned a server and i found the port# 6000(X11) is open but it is accessed denied. i have a quiestion that can i hacked it?
Forum: Networking
1 year ago
mpour
Hi, on a website i find some info like sa,... . i'm not a sa user but i want to be it on a server.the port #1433 is filtered on this server. now is there any idea about how i can get a 'sa' privilege?
Forum: SQL and Code Injection
2 years ago
mpour
i found it. another question.... i wanted to connect to a sql server by port no 1433.but this port is filtered.now, how i can connect to server? i don't have any idea.
Forum: SQL and Code Injection
2 years ago
mpour
hi, how i'd find out an ip add of a website that i found is valid or not?
Forum: SQL and Code Injection
2 years ago
mpour
i could find dbo and master in my target. now what can i do? and what is that command?
Forum: SQL and Code Injection
2 years ago
mpour
hi i have a problem in using stored procedures query in ms sqli. i used master..sysdatabases query for finding db names,but i just found master. please guide me....
Forum: SQL and Code Injection
2 years ago
mpour
i find the answer. :D if we want to enumerate all db names , we can use below query: convert(int,db_name(0))-- :)
Forum: SQL and Code Injection
2 years ago
mpour
hi how i get db-names by convert query in sqli? i found two db on a website but i want to know are there any db on that website? So, how i can get it by convert query? (or any other query)
Forum: SQL and Code Injection
2 years ago
mpour
hi I've a problem in "group by" column . i bypass a login page by "having..." string. i find that ste has 4 column(till now), but when i use "group by columns-name" the site make a bellow error: " Unclosed quotation mark after the character string ''. " does it mean there are only 4 columns or not? the qury that i use is : ( 'group by C1,C2,
Forum: SQL and Code Injection
2 years ago
mpour
Hi Bro, ia there any one who know about file download injection attack? i search online but i've just found one document about it. if anyone knows about this kind of injection, helps other.
Forum: SQL and Code Injection
2 years ago
mpour
ok thanks i read owasp, but i wanna test it on a login page that i don't register in it. i scaned the page by acuntix and it showed it has a csrf vuln. now, how can i use this vulnerability? i think till i don't register on it, i can't exam it.can i? and i don't want to use social engineering.
Forum: CSRF and Session Info
2 years ago
mpour
14. sqlmap
hi, i have a question about sqlmap. i wanted to inject a site(base 64 ulr), but i couldn't. would i scan base64-url by sqlmap? if i'd, pls tell me how.
Forum: SQL and Code Injection
2 years ago
mpour
thanks you mean, csrf attack can be occure when user log-in to a website?
Forum: CSRF and Session Info
2 years ago
mpour
Hi, I searched about CSRF attack,I watched many tutorial video ( all of them like each other).I can't understand the CSRF. please guide me about CSRF.
Forum: CSRF and Session Info
2 years ago
mpour
Hi few days ago i found a site that i could upload a file(jpg,....). i had to encode my shell code and then uploaded,because the site checks files and it can diagnose a content of files. so I uploaded(by encoding my shell).now i don't know how i can use my shell.is there any way to bypass it?
Forum: Obfuscation
2 years ago
mpour
Thanks :)
Forum: SQL and Code Injection
2 years ago
mpour
yeah, for example it's a id for news, but when i remove it and send a ' , the page redirects to index page.could it be a sqli?
Forum: SQL and Code Injection
2 years ago
mpour
hi today, i found a url that it's like following: id=365b158b-a0ca-41ca-9337-2f6ed2e6e3bb i don't know what it is?! Please help me. is it a kind of encoding or not?
Forum: SQL and Code Injection
2 years ago
mpour
21. XSS
hi I don't know how I can use xss attack in the following sites: http://petition.adliran.ir/ and http://adliran.ir/default_.aspx (I think it doesn't have a xss attack-but not sure) pls guide me
Forum: XSS Info
2 years ago
mpour
Hi this site is vulnerable but i can't do it. please giude me.... http://www.signal4you.com/index.php?option=com_content&task=view&id=926
Forum: SQL and Code Injection
2 years ago
mpour
HI, I want to inject to below link: http://adliran.ir/TrmBill/Bill.aspx?CtrlId=Search please guide me how i can do it.
Forum: SQL and Code Injection
2 years ago
mpour
version: 5.0.51b-community-nt you can use: -97+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48+from+information_schema.tables-- :)
Forum: SQL and Code Injection
2 years ago
mpour
no i cant use it.
Forum: SQL and Code Injection
2 years ago
mpour
I've a problem with Microsoft JET Database. in below target , each command that i insert i get same error. I REALLY need help. i get crazyyyy!!! target : http://www.farslabour.ir/news_item.asp?NewsID=1155 error: Microsoft JET Database Engine error '80040e14' Syntax error (missing operator) in query expression 'tblNews.News_ID ='. /news/news_iteminc.asp, line 44
Forum: SQL and Code Injection
2 years ago
mpour
Hi, i've a problem in below target.i bypassed it (+/*!order*/+/*!by*/+10--) but doesn't work. guide me... http://almas-esf.ir/site/index.php?page=product&productID=4
Forum: SQL and Code Injection
2 years ago
mpour
i test it but not work. the target is : http://petition.adliran.ir/News.aspx?ID=1
Forum: SQL and Code Injection
2 years ago
mpour
Hi, question: Have i can hack a site(with oracle database) with bypassing a captcha?I dont know have i can do it.
Forum: SQL and Code Injection
2 years ago
mpour
Hi, yesterday, I injected (') to a web page,but when i used (') or (and 1=1), i couldnt see error.I mean error page doesn't show . I've a question.How i can see error page?
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2