Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
main destinations: home | the web & the world | out of here

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org

CSS Expression not working anymore? (no replies)


I'm pentesting a Ruby Web App and I'm having the following like scenario:


<div class='fa-li fa fa-lg fa-square' style="color:red"></div>

Now, if instead of red I inject something like "expression(alert('xss'))" or " expression(alert('xss'))", in the source code I'll have the following:

<div class='fa-li fa fa-lg fa-square' style="color: expression(alert('xss'))"></div>

Supposedly it should pop up an alert but it doesn't.

I can use some characters but certainly can't escape from the style property.

Now, I have the following question which I hope you guys can answer:

1.- This "expression" thing, it's CSS expression language right?
2.- It should take a space after the ":" or not?
3.- Why it isn't poping up an alert?


bypass xss on href (no replies)



cannot use ":" (colon)
"&" will convert to "&"
"//" cannot be first

any idea, how can i bypass this?


Hello Everyone (1 reply)

I am new to this forum and just registered to know if i have a solution for my website that is keep on getting attacked by a hacker from bangladesh that somehow keeps changing my one page website.

Mobile Lookup by GPS (no replies)

This piece of software can determine a Mobile location by GPS.
This technology was only available to militar and law enforcement agencies, now with this leak is available to you.

Determine where the phone is located in a snap then using google maps you have the location of the device.



Re: Métropole Marseillaise (no replies)

Acunetix surely is a union of other projects which might use their own licenses, isn't uncommon for this kind of projects, every module is either developed inside the company or borrowed from someone who already did it . .

Kingston 1GB Backup (Pro Kit) (no replies)

This is a backup restored after a pen crash.
It include all types of tools.

Debuggers, Hacker tools, Packers, DDos tools, Portscanners, Music, sites, SENUKE, old projects, sources, etc

Good, for people who want to explore and discover new things on the internet of things...


bypass () (1 reply)

Hello anybody know how to bypass ()

source code is

if (isset($_GET['xss'])) {
$xss = htmlspecialchars($_GET['xss']);
$filter = array(")","(");
$filteredVector = str_replace($filter,"",$xss);
die("<h1>Image created: </h1><br><img src=$filteredVector>");

i try with many method but not working and test on Ie and firefox.

denied domains (no replies)

don't try to sign up with email addresses from these domains, it will be autodenied, too much spam.



DDoS-service DDoS site DDoS attack, DDoS-site, DDoS Protection (1 reply)

DDoS-attack - the attack on the Internet resources of the server to block operation, damage to competitors. Does not work site, he loses money orders, customers.
If you interfere with any website or server or other online resource, we are ready to remove and block at a time.
We manage the botnet order of 100 000 vehicles, own technologies uslieniya DDOS attacks using DNS amplification and NTP amplification.

Always an individual approach to the problems of the client.
Minimum order is 1 hour - this is a test. Free tests do not.

Cost for standard sites:
1 hour - $ 10
1 day - $ 50
1 week - $ 200
1 month - $ 600
Good customers do good discounts.
Method of payment - preferably Bitcoin. Payment is always forward.

The cost for non-standard sites (CloudFlare, Qrator, and other specialized CDN) are negotiated individually. We do not undertake to work with a secure site when ordering less than a week, do not do tests on them.
We reserve the right to refuse any without explanation.

Contact: http://ddoslivechat.mooo.com/
Other contacts and never will be. This is for our and your convenience.

Try to write short, in the case, one message, immediately give the web address and the desired lockout period.

sql injecion bypass (1 reply)

hi guys
how to bypass filter for comma symbol (,) ??

Hacxx EXE Encrypter - Encrypt the header of an EXE and make it undetectable (no replies)

Hacxx EXE Encrypter is an exe encrypter that encodes the header of an exe and makes it undetectable.



hard filtered sql injection (no replies)


vulnerablity on a server (no replies)

hey guys I am Noob in hacking world...so I am just trying..

can anyone tell me how to find a vulnerability on a site.?

my friend who also noob..he gave me a site address and told me that there is a sql vulnerable on this site and also told me to find out now my question is to you all that how can I find out this vulnerablity??

500 internal server error on shell (no replies)

I have successfully upload shell on a site form admin panel..

but when I try open the shell it show me that 500 internal server error or something like that I cant open my shell on this site.. and not this site but also all site on the same host gave me this shit.

so Is there any solution for it???

i am sorry for my bad English..

Email SPAM Prank 3.5 - Prank your friends or your enemies (no replies)

Hi all,

New release of Email SPAM Prank, this version (3.5) include 200 spam emails which allow you to fill an inbox with them. This version includes an internal feature that verifies the internet connection before inicializing the program. This is a request made by the crowd, some people were saying that Email SPAM Prank didn't work and the problem was no connection available to the internet. Now it's solved.

As always there is the private version which sends aproximately 10.000 emails but it's still in the oven and need to add more emails. So, new orders will have a delay but i'm able to fulfill in a short period of time.

Exclusively, to comemorate the 1 year release of Email SPAM Prank there is available the Extreme Edition which sends aproximately 50.000 (WOW) spam emails. This Extreme Edition doesn't work with all browsers because of too many connections so exclude IE. The Extreme Edition will knock out anyone email address...

That's all, the download link for the public is available below. We offer support to the public edition so if you encounter any problem, just reply back as i monitor this threats. For orders simply contact by email privateloader@hotmail.com



Email RECON 1.0 - Email Reconnaissance software (1 reply)

Did you ever want to know what services are associated with an email from a friend or someone else?

Example 1: You receive an email and you would like to know if it's valid or spam.

Example 2: A buddy of yours give you his/her email and you would like to know if he/she has an account in facebook, twitter or other social network without them to know.

Example 3: You are reading a blog or forum and an email is written down asking some questions and you would like to know more information regarding this person.

Here is the solution, Email Recon. With Email Recon you can easily recon a person by just typing an email.


More Info: privateloader@hotmail.com

help with sql injection (no replies)

please help me with these sqli


interesting sql injection (no replies)


help me with this sqli to find column number

sqli problem +INTO+DUMPFILE?/tmp/' (2 replies)

hi all

iam having hard time with a site, i can get all databse info i whant from sqli no problem.

I saw i get write permmision into /temp/ directory so i try to execute some command like get a shell .
So i try to write in this folder and it work but

here is my problem, it only show me the php code and not the output of php
script .

here is the load file
http://www.boiseriesbg.com/produits.php?page=produits&idliste9=999999.9 union all select 1,load_file('/tmp/robot2.php'),3&idliste10=51&idliste29=&idproduits=102

You can see in source code that we can see the php code but not executed .

Can someone help me to view the php code excuted from a file stored in /tmp/ folder
and sorry for my bad english

VEK - Vulnerability Exploit Kit DEMO (1 reply)

VEK is a software that exploits vulnerabilities in various sites.

Basically what it does is give the user an interface where exploiting sites and software is very easy.

In two steps a user can exploit a forum, site or server.



Mobile Prank Hacktool (no replies)

The link is dead. Reuploading...

Website Hacking Tool Collection (no replies)


Guide to use Mobile Prank Hacktool 3.7 (no replies)

Mobile Prank Hacktool is more simplier now, it's basically a select/combo box.

This guide will introduce this app in full detail.


1) [SMS Prank] You Win
This link is an affiliate link to adjal for the You Win. You Win is a sms subscribution club.
To use just randomly fill data until the mobile number form appear. After that enter the number you would like to send an sms.

2) [SMS Prank] Qubble & Mozzi
This link is the same as above but for a diferent club. Fill the forms randomly until the mobile number form appear.

3) [SMS Prank] YurMobile
This link is an affiliate link for Quicktrkr. This will also send an sms after filling a form.

4) [SMS Prank] Win a Vespa
This link is an affiliate link for CPA.LY. This will also send an sms after filling a form.

5) [SMS Prank] Teebik WhatsApp
This link is an affiliate link for adjal. This will also send as sms after filling a form.

6) [CALL Prank] Maxmind Demo
This will make a robotic call to any number in the world saying numbers. Maxmind demo is limited to 3 calls per day and the number must be entered in the international format.

7) [CALL/SMS Prank] On Verify Demo
In the On Verify Demo it's possible to make calls or send sms with a numeric number to any mobile. It can make a call, send sms and POP SMS. POP SMS sends an ussd message with a numeric number to any mobile in the world. (POP SMS is an exclusive feature of On Verify). Also the robot can speak English UK/USA, Italian, German, French and Spanish.

8) [SMS Prank] LiqPay
Liqpay is an online method of payment. The site is from Ukcrain and operated by PJSC Commercial Bank PrivatBank. To send an sms just fill the form with a number in the international format.

9) [SMS Prank] F-SECURE AntiTheft
This link will send an sms to any country with a download link to install F-SECURE AntiTheft. (This is legit)

10) [SMS Prank] Facebook 1
This will send an sms to verify the account. This is part of two-factor autentification from facebook. After pressing the link, it is required to login in a facebook account and enter the mobile number to deliver the sms. A fake account can be used here.

11) [SMS Prank] Facebook 2
Same as 10) but it's another method.

12) [SMS Prank] Badoo
This will send as sms after login a Badoo Account. (Badoo is always changing there mobile form location so it may not work)

13) [CALL/SMS Prank] Youtube
Login in Youtube, choose call or sms and enter the number.

14) [SMS Prank] Google Accounts
Login in Google Accounts, enter the mobile number.

15) [SMS/CALL Prank] Google Accounts 2
This is the same as 14) but it can make calls

16) [SMS Prank] All Jackpot Casino
Click on the link and fill the form and a sms will be send.

17) [SMS Prank] Sapo Alertas
This is exclusive for MEO in portugal and will send a sms with a confirmation. (Note: Use directional keys to navigate)


18) [Call] ZON Portugal (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about ZON Area Coverage.

19) [Call] ZON 4i (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about the pack ZON 4i. Personalized area is available.

20) [Call] ZON International (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about ZON. This covers Belgium, France, Switzerland, Germany, Portugal and Luxemburg

21) [Call] Banco Espirito Santo
This is a free reverse call from Bank Espirito Santo also known as BES which is now called NB/Novo Banco.

22) [Call] Banco BPI
This is a free reverse call from Banco BPI.

23) [Call] Porto Bay Hotel
Want to make a reservation in this hotel. Just enter a Name, email and a number and they will call back. Now available from diferent countries.

24) [Call] Cofidis
This is a free reverse call from Cofidis. Looking for a credit this is how you should get in touch with.

There is more sms and call pranks in Mobile Prank Hacktool 3.7 that is not covered by this guide. Explore yourself...

YMLP Email Bomber (InDev Edition) (no replies)

YMLP Email Bomber, just another email bomber (email spam app).
InDev means In Developing and in the archive it will explain how to format the code and add more email lists.



blind sql injection (no replies)

hello everyone
is there any way to find table names other than guessing them?

Realtime Proxy Check - Use your bandwidth and check proxies (no replies)

Realtime Proxy Check is to be used in computers, smartphones and tablets. Basically what it does is check a few servers and report back to the user. The user then has a notification of what proxies can be use in the network.


Hiring somebody for Injecting URL rewriting pages ! (no replies)

Hiring good hacker for Injecting URL rewriting pages if you're interested please send me an email proxytube2014[at]gmail.com or ICQ 699780142

Listing Sites which deploy known waf (no replies)

I am trying to get a list a website which deploy some kind of firewall ( like say, urlscan, varnish, Airlock,Citrix NetScaler etc).

This is to help study those wafs. If anyone known some or more sites please reply.

I?v no idear, please help me! (1 reply)



I thought it's 49 columns, blocked "Union"

Remote Software Detector (Public Edition) (1 reply)

Remote Software Detector is an archive that contain a technic to detect remotely software installed in a system.

The file can be host on a webserver and log this local information into a statistics board.

This is the only method to know what kind of software is installed in the visitor machine without being intrusive.

OS Test: Windows 8.1 (64 bits)
Software 01: Adobe Reader 8.0
Software 02: AVG Antivirus FREE 2014
Software 03: Avira Free Antivirus
Software 04: Google Chrome 38.0.2125.104
Software 05: iTunes
Software 06: McAfee Internet Security
Software 07: Norton Security
Software 08: VLC media player 2.1.5
Software 09: WinAmp 5.65
Software 10: Norton Security
Software 11: ZoneAlarm Free Antivirus + Firewall
Software 12: Meo Music 3.0
Software 13: Steam Client 2.50
Software 14: K9 Web Protection 4.4
Software 15: YAC - Yet Another Cleaner 5.6.109

Private Edition contains:
Invisible Logger (Logs IP and software)
POPUP Logger (Logs IP and software and show the machine a popup with a better offer)