Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Current Page: 1 of 1
Results 1 - 22 of 22
6 years ago
Neo
Well I'd like to post it once it's secure. It's just running on my internal network at the moment.
Forum: SQL and Code Injection
6 years ago
Neo
It's not open source. I can probably brute guess the table names, but how to construct a statement to do so?
Forum: SQL and Code Injection
6 years ago
Neo
Thanks for all your replies everyone. Sorry for my late reply. I have been pretty busy putting out other fires lately. When I don't use any quotes, I get an "invalid username or password" which is fine but I still think my site is vulnerable. I had one of my friends try injecting it and he was successful. He isn't telling me what he did (that's the kind of guy he is). Can anyon
Forum: SQL and Code Injection
6 years ago
Neo
krazl Wrote: ------------------------------------------------------- > .net? What about .net?
Forum: SQL and Code Injection
6 years ago
Neo
hey guys. I'm trying to secure my site and I'm trying "admin" as the username and ' or 1=1 -- as the password. It seems to log in but when I try to click anything, i get this error: ---------------------------------------------------------------------------------- Server Error in '/' Application. There is no row at position 0. Description: An unhandled exception occurred during t
Forum: SQL and Code Injection
7 years ago
Neo
NP = No problem! hehe
Forum: Networking
7 years ago
Neo
Does anyone have a Default wildcard index directory file?
Forum: Projects
7 years ago
Neo
Cool tool. I'm using it on Debian. Thanks for the info.
Forum: SQL and Code Injection
7 years ago
Neo
Yep. I have been talking to the creator of SQLNinja. He's running it on Debian 3 so you definitely need a pure *NIX O/S.
Forum: SQL and Code Injection
7 years ago
Neo
I switched my box over to Solaris so we'll see what happens. It does come with a brief manual but I think most of it's workability is dependent on the Perl modules that need to be installed. Once i get them all installed, I think it will work fine.
Forum: SQL and Code Injection
7 years ago
Neo
Has anyone successfully ran SQLNINJA? I've been trying to get it to run on my Slax linux box but to no avail. Any linux gurus in here?
Forum: SQL and Code Injection
7 years ago
Neo
Hey guys and girls. After i've logged in using the good old ' or 1=1 -- trick, I try this query in the address bar ( I paste everything after the .asp) -- website url --/search_image_popup.asp?id=10%20SELECT%20TOP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TABLES It gives me this error: Microsoft OLE DB Provider for SQL Server error '80040e14' Line 1: Incorrect syntax near '*'.
Forum: SQL and Code Injection
7 years ago
Neo
I installed the DOM extension for IE7. It's a way of editing HTML code without having to save it locally. It's still in beta and it made my browsers act kinda strange so I uninstalled it. I don't recommend it. Tamperdata seems to be the best extension I've seen for messing around like this. Too bad I can't get this hack to work via the Firefox browser.
Forum: SQL and Code Injection
7 years ago
Neo
Yeh i have tamper data installed for Firefox, but the funny thing is that this hack doesn't work when i use Firefox to log into the site using the ' or 1=1 -- I get the classic HTTP Internal Error. So i guess I can't use Tamperdata on this one.
Forum: SQL and Code Injection
7 years ago
Neo
Hey NP! I know how it is. I have a huge/complicated network I have to take care of rather than destroy/exploit lol. What's HITB? Neo.
Forum: Networking
7 years ago
Neo
Thanks Jungsonn. How refreshing to be spoken to nicely rather than blasted due to inept-ness. You rock. Yes I actually did notice that your cheat sheet is for reference. The syntax needs to be adjusted accordingly. Thanks again. Neo.
Forum: SQL and Code Injection
7 years ago
Neo
Thanks. These look good. Should I use the same method as before: copying and pasting them one by one into the password field and entering any username?
Forum: SQL and Code Injection
7 years ago
Neo
Interesting. Thanks for the link. I read the article on GRE and it looks fine in theory, but i doubt I've got the minerals to actually spend the time to figure it all out.
Forum: Networking
7 years ago
Neo
Hey guys. I was reading about sniffing remote hosts and found one article that said it's possible to do this with the GRE_RELAY plugin for one sniffing utility that I installed called "Ettercap". I don't think it's possible to connect remotely to some random webserver and capture data going into it. I did look for the GRE_RELAY plugin for ettercap but was unable to find it. Just wond
Forum: Networking
7 years ago
Neo
Sorry Admin.. Please move this post to the appropriate Forum.
Forum: SQL and Code Injection
7 years ago
Neo
Hey Guys.. I'm changing the previous post about sniffing to something more suited to this Forum. I was on a website with a login form and decided to try the ' or 1=1 -- It worked. I entered any username and typed that statement into the password field and it worked. (Beforehand, i had saved the paged locally and removed any javascript and also changed the Input type to text for the password fie
Forum: SQL and Code Injection
Current Page: 1 of 1