Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
main destinations: home | the web & the world | out of here

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org

sqli problem +INTO+DUMPFILE?/tmp/' (no replies)

hi all

iam having hard time with a site, i can get all databse info i whant from sqli no problem.

I saw i get write permmision into /temp/ directory so i try to execute some command like get a shell .
So i try to write in this folder and it work but

here is my problem, it only show me the php code and not the output of php
script .

here is the load file
http://www.boiseriesbg.com/produits.php?page=produits&idliste9=999999.9 union all select 1,load_file('/tmp/robot2.php'),3&idliste10=51&idliste29=&idproduits=102

You can see in source code that we can see the php code but not executed .

Can someone help me to view the php code excuted from a file stored in /tmp/ folder
and sorry for my bad english

VEK - Vulnerability Exploit Kit DEMO (no replies)

VEK is a software that exploits vulnerabilities in various sites.

Basically what it does is give the user an interface where exploiting sites and software is very easy.

In two steps a user can exploit a forum, site or server.



Mobile Prank Hacktool (no replies)

The link is dead. Reuploading...

Website Hacking Tool Collection (no replies)


Guide to use Mobile Prank Hacktool 3.7 (no replies)

Mobile Prank Hacktool is more simplier now, it's basically a select/combo box.

This guide will introduce this app in full detail.


1) [SMS Prank] You Win
This link is an affiliate link to adjal for the You Win. You Win is a sms subscribution club.
To use just randomly fill data until the mobile number form appear. After that enter the number you would like to send an sms.

2) [SMS Prank] Qubble & Mozzi
This link is the same as above but for a diferent club. Fill the forms randomly until the mobile number form appear.

3) [SMS Prank] YurMobile
This link is an affiliate link for Quicktrkr. This will also send an sms after filling a form.

4) [SMS Prank] Win a Vespa
This link is an affiliate link for CPA.LY. This will also send an sms after filling a form.

5) [SMS Prank] Teebik WhatsApp
This link is an affiliate link for adjal. This will also send as sms after filling a form.

6) [CALL Prank] Maxmind Demo
This will make a robotic call to any number in the world saying numbers. Maxmind demo is limited to 3 calls per day and the number must be entered in the international format.

7) [CALL/SMS Prank] On Verify Demo
In the On Verify Demo it's possible to make calls or send sms with a numeric number to any mobile. It can make a call, send sms and POP SMS. POP SMS sends an ussd message with a numeric number to any mobile in the world. (POP SMS is an exclusive feature of On Verify). Also the robot can speak English UK/USA, Italian, German, French and Spanish.

8) [SMS Prank] LiqPay
Liqpay is an online method of payment. The site is from Ukcrain and operated by PJSC Commercial Bank PrivatBank. To send an sms just fill the form with a number in the international format.

9) [SMS Prank] F-SECURE AntiTheft
This link will send an sms to any country with a download link to install F-SECURE AntiTheft. (This is legit)

10) [SMS Prank] Facebook 1
This will send an sms to verify the account. This is part of two-factor autentification from facebook. After pressing the link, it is required to login in a facebook account and enter the mobile number to deliver the sms. A fake account can be used here.

11) [SMS Prank] Facebook 2
Same as 10) but it's another method.

12) [SMS Prank] Badoo
This will send as sms after login a Badoo Account. (Badoo is always changing there mobile form location so it may not work)

13) [CALL/SMS Prank] Youtube
Login in Youtube, choose call or sms and enter the number.

14) [SMS Prank] Google Accounts
Login in Google Accounts, enter the mobile number.

15) [SMS/CALL Prank] Google Accounts 2
This is the same as 14) but it can make calls

16) [SMS Prank] All Jackpot Casino
Click on the link and fill the form and a sms will be send.

17) [SMS Prank] Sapo Alertas
This is exclusive for MEO in portugal and will send a sms with a confirmation. (Note: Use directional keys to navigate)


18) [Call] ZON Portugal (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about ZON Area Coverage.

19) [Call] ZON 4i (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about the pack ZON 4i. Personalized area is available.

20) [Call] ZON International (Now Called NOS)
This is a free reverse call. A user enters a mobile number and this mobile number will receive a call from an operator about ZON. This covers Belgium, France, Switzerland, Germany, Portugal and Luxemburg

21) [Call] Banco Espirito Santo
This is a free reverse call from Bank Espirito Santo also known as BES which is now called NB/Novo Banco.

22) [Call] Banco BPI
This is a free reverse call from Banco BPI.

23) [Call] Porto Bay Hotel
Want to make a reservation in this hotel. Just enter a Name, email and a number and they will call back. Now available from diferent countries.

24) [Call] Cofidis
This is a free reverse call from Cofidis. Looking for a credit this is how you should get in touch with.

There is more sms and call pranks in Mobile Prank Hacktool 3.7 that is not covered by this guide. Explore yourself...

YMLP Email Bomber (InDev Edition) (no replies)

YMLP Email Bomber, just another email bomber (email spam app).
InDev means In Developing and in the archive it will explain how to format the code and add more email lists.



blind sql injection (no replies)

hello everyone
is there any way to find table names other than guessing them?

Realtime Proxy Check - Use your bandwidth and check proxies (no replies)

Realtime Proxy Check is to be used in computers, smartphones and tablets. Basically what it does is check a few servers and report back to the user. The user then has a notification of what proxies can be use in the network.


Hiring somebody for Injecting URL rewriting pages ! (no replies)

Hiring good hacker for Injecting URL rewriting pages if you're interested please send me an email proxytube2014[at]gmail.com or ICQ 699780142

Listing Sites which deploy known waf (no replies)

I am trying to get a list a website which deploy some kind of firewall ( like say, urlscan, varnish, Airlock,Citrix NetScaler etc).

This is to help study those wafs. If anyone known some or more sites please reply.

I?v no idear, please help me! (1 reply)



I thought it's 49 columns, blocked "Union"

Remote Software Detector (Public Edition) (1 reply)

Remote Software Detector is an archive that contain a technic to detect remotely software installed in a system.

The file can be host on a webserver and log this local information into a statistics board.

This is the only method to know what kind of software is installed in the visitor machine without being intrusive.

OS Test: Windows 8.1 (64 bits)
Software 01: Adobe Reader 8.0
Software 02: AVG Antivirus FREE 2014
Software 03: Avira Free Antivirus
Software 04: Google Chrome 38.0.2125.104
Software 05: iTunes
Software 06: McAfee Internet Security
Software 07: Norton Security
Software 08: VLC media player 2.1.5
Software 09: WinAmp 5.65
Software 10: Norton Security
Software 11: ZoneAlarm Free Antivirus + Firewall
Software 12: Meo Music 3.0
Software 13: Steam Client 2.50
Software 14: K9 Web Protection 4.4
Software 15: YAC - Yet Another Cleaner 5.6.109

Private Edition contains:
Invisible Logger (Logs IP and software)
POPUP Logger (Logs IP and software and show the machine a popup with a better offer)


Help bypass ! (3 replies)


Thanks for your help!

how bypass table_name error based sql help (3 replies)


SELECT command denied to user 'imanmedi_root'@'localhost' for table 'table_name'

for ajkaro -all in one request issue (2 replies)

Hello ajkaro

I have a sqli where the injection is on the second column of 6

so in case of this syntax:
id=-82+union+SELECT 1,(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a)--+

I don't know where to enter the other column numbers (3,4,5,6)

please your help,

Thank you

Help crack this md5 (no replies)


Paid Mail Prank 1.0 - Prank anyone mail address (1 reply)


Introducing Paid Mail Prank which basically is a method to deliver items to any mail address in the UK, Portugal and

spain. The item gets deliver on the target phisical mail address and it will charge the victim for the item.

The victim then can accept and pay or reject the package. Simply Awesome


Stealth Pen Drive Monitor (no replies)

Stealth Pen Drive Monitor AKA Pen Retrieve is a computer software that will monitor usb entries for usb devices.

When the file system of a usb device is available it will silently copy to the hard disk.

The folder backup is retrieve


help bypass it! (8 replies)

http://www.egova.com.cn/?qa/pid/230/tp/232 and 1=2 union select 1,2,3,4,5,6 --+-

MESSENGERS call on all Hackers' organizations and individuals attacking the extreme media-Apple Daily (1 reply)

We are the messenger of peace, with the aim of transferring peaceful and protecting the society from the threaten of extremism. The Messenger employs all necessary methods of network attacks fighting against countries, organizations, or individuals that are destroying the peaceful social order with violence or soft-violence. We are composed of a number of network enthusiasts who advocates for the world peace. Thus, any organization or individual that agree with the faith of Messenger can be a member of us.

We believe that the Occupy Central has attracted the attention of all the world. Nonetheless, it has seriously destroyed the region peace of HK and has threaten HK's future prosperity. The organizers, participators, and supporters are utilizing the soft-violence way to destroy HK's wellknown social order and block the running of HK government. Actually, parts of HK government's function have already been obliged to stop. Therefore, to maintain the peace of HK, we would like to raise the sword of Justice to stop these extreme behaviors. We have already declared that we are responsible for the attack of FireChat and passiontimes.hk

Now, we notice that Apple Daily is the main sponsor and media mouthpiece of Occupy Central. Within the reporting activities, Apple Daily has never maintained impartiality and always turn things upside down, which has seriously violate the ethics requirement of Journalism Occupation. Specifically, Apple Daily only cover the so called 'civilized' behaviors of Occupy Central pursuing democracy, but neglect purposely the violent and uncivilized behaviors of Occupy Central. Though HK government has restraint to the largest extent, Apple Daily report unfairly the Police's Lawful measures to 'violence'. Intriguingly, Apply Daily has disclosed a number of important user data, but they refuse to respond for that. Therefore, we call on all Hacker's organization and individual enthusiast to attack Apple Daily's website (www.appledaily.com) from now on until they return the responsible news reporting. We also hope the employee of Apply Daily can work with a conscience and attend our actions. Finally, we appeal to the companies and individuals that have commercial relation with Apple Daily stopping cooperating with Apple Daily and refuse to behave as a accomplice of destroying HK's peace.

Attack programs



How to Bypass PHPIDS WAF (no replies)

Hello all
Could you help me please?

I have problem with this XSS .


Above XSS Vector is work . But not working / . and if you inject


You will get error message from PHPIDS WAF .

I searched at google . I found PHPIDS Bypass Code .

http://www.acs-aec.org/index.php/<h1>Payload here</h1>

But this is not work really . I think this bypass method may be different with

that PHPIDS's version .

Thanks .

Please help me all brothers.

I m just learning .

Hello by Ocean Oz (2 replies)

Hello my brothers ,

I m new in here , Please guide me and point me for some i wrong things .

Thanks to all .

Regard Ocean Oz .

[Tutorial] How to block permanently a wordpress.com blog (no replies)

Note: In order for this tutorial to work you need to have access to the blog. After importing the archive for download to the blog it will automatically be banned as a violation of Terms Of Service (TOS).

How to:
1) Login to the target blog
2) In Dashboard go to > Tools > Import
3) In the Import choose Wordpress
3) Import the Wordpress XML file available for download and the blog will automatically be banned.



How can bypass a href? (1 reply)

How to bypass this link?

<a href="'aaaaaaaa"">Link</a>

single quote , double quote , greaterthan and lessthan are filter.

Anyway to bypass it?

How to bypass htmlspecialchars? (no replies)

any good method to bypass htmlspecialchars?

$sapmle .= '<b>';
$sapmle .= 'Hey ' . htmlspecialchars($_GET['name']);
$sapmle .= '</b>';

Hello by 133720 (1 reply)

My nickname is 133720.Nice to meet you.
I am web developer.
Very interested in Xss.
I hope you will guide me.
Thanks for reading.

Can Xss with Chrome? (1 reply)

I want to know can i xss with chrome browswer?

but i try with it not ok.
Any method to work on chorome.

Thanks you.

Where do I download the Mac version of Ruby Version Manager (if there even is one)? (no replies)

So, I'm looking into downloading the Mac OS X version of BeEF, but I read that I need to install Ruby Version Manager in order to use it. I've Googled for that, but I can't seem to find a download link in any of the sites that talk about it. One of them is even titled "Download Ruby", but what I've just downloaded there has turned out to be a Unix application.

I don't have Unix, only Windows and Macintosh (and I'd prefer to use Mac), and I'd rather not spend money on a whole new operating system given how constantly short of funds I happen to be. Since Unix is also an operating system just like Mac OS X, what is the point of having a version of a program designed specifically for Mac if it requires the installation of a Unix Application? And yes, there does exist a Mac version, if the following pages is anything to go by:


Anything I should know about using a keylogger and what kind I should use? (3 replies)

Just found out about keyloggers yesterday. Sites that either try to promote them or objectively state how they work claim that they are untraceable and cannot be detected. However, I know that if I were to bring it up with anyone outside this forum, they'd only warn me about the risk I'd be running of being traced back should anyone actually do find out.

Since I use Mac OS X and would like not to spend money on any of these things, I had downloaded MacKeyLogger.dmg as of yesterday. However, if there are better ones I should look for in order to avoid detection by anyone, I'll be glad to hear from someone here.

Also, I know that they're supposed to operate in total stealth, but is it possible for a potential target to have software installed on their computer that would alert them should a keylogger be introduced to their machine?

Is there anything else I should know about this subject?

XSS Scanner BETA 1.1 (no replies)

XSS Scanner is a simple aplication that will search for common xss vulnerabilities in a site.

How to use:
1) Type a site with query parameter
2) Click on Send
3) Wait a few seconds, if a xss is found it will pop up an alert.

Note: Not all the xss available out there isn't include in this aplication because some of them will break the code nevertheless is a great app that cames in handy.