Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Current Page: 1 of 1
Results 1 - 10 of 10
6 years ago
g4b0
Hahah, nice to know it! Sometime I've got some problem reading your posts or articles, but now I know that the problem is not _my_ english konwledge :)
Forum: Intro
6 years ago
g4b0
I think I'll need to watch php code to solve my problem... Does anybody can avoid me that extra-work? =P I'll show you my results (if any..)
Forum: SQL and Code Injection
6 years ago
g4b0
WhiteAcid Wrote: ------------------------------------------------------- > Stuff in $_GET etc is always a string. There's no way to put some integer (or NULL) value in $_GET & company??
Forum: SQL and Code Injection
6 years ago
g4b0
Yes, I know the 'identical' operator (===).. but I'm doing source auditing on a piece of code that use the 'equal' operator (==)!! And I'm trying to write a proof of concept that is possible to break that code..
Forum: SQL and Code Injection
6 years ago
g4b0
Ok, I reformulate the question: If I pass test=0 through GET,POST or COOKIE, the server will recive the _string_ "0", so var_dump($_GET['test'] == "abcdkdkddswad") will print false. I want to pass the _numerical value_ 0, not it's string rappresentation.. do you think it's possible?
Forum: SQL and Code Injection
6 years ago
g4b0
Sorry, but I don't understend..
Forum: Search Engine Hacking and SEO
6 years ago
g4b0
Hi all, in according to this: var_dump(0 == "abcdkdkddswad"); // 0 == 0 -> true var_dump("1" == "01"); // 1 == 1 -> true var_dump("1" == "1e0"); // 1 == 1 -> true var_dump("700" == "+700"); // true is there any value to pass in the url that can give me true in the next comparison? var_dump($_GET['test'] == &q
Forum: SQL and Code Injection
6 years ago
g4b0
Thanks for the response, quick and useful!! Unfortunately I'm not in the first case nor in the second :( Searching in the net I found that when using htmlspecialchars() without specifying the character encoding, XSS attacks that use UTF-7 are possible. How can I force the remote server to tell my browser that the encoding is UTF-7 ??
Forum: SQL and Code Injection
6 years ago
g4b0
Hi all, I wonder if it's possible: 1) to bypass php function htmlspecialchars(), in order to inject some code (xss, shell, or similar) through a GET parameter.. 2) to inject some sql statement (the server is mysql) through an unsanitized GET parameter, where magic_quotes_gpc is ON, magic_quotes_runtime is OFF and magic_quotes_sybase is OFF Thanks a lot
Forum: SQL and Code Injection
7 years ago
g4b0
Hi all, I'm g4b0 and I follow you since a year. Now it's time to log in, and to start posting :) I apologize for my awful English, I'm not a native speaker.. Ah, my intrest are web development and security, C (also embedded), slackware (of course), and other stuff... Good work guys, really nice forum!
Forum: Intro
Current Page: 1 of 1