Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 383

Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/www.schuirink.net/www/xml/headlines.php on line 384
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
main destinations: home | the web & the world | out of here

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org

MESSENGERS call on all Hackers' organizations and individuals attacking the extreme media-Apple Daily (1 reply)

We are the messenger of peace, with the aim of transferring peaceful and protecting the society from the threaten of extremism. The Messenger employs all necessary methods of network attacks fighting against countries, organizations, or individuals that are destroying the peaceful social order with violence or soft-violence. We are composed of a number of network enthusiasts who advocates for the world peace. Thus, any organization or individual that agree with the faith of Messenger can be a member of us.

We believe that the Occupy Central has attracted the attention of all the world. Nonetheless, it has seriously destroyed the region peace of HK and has threaten HK's future prosperity. The organizers, participators, and supporters are utilizing the soft-violence way to destroy HK's wellknown social order and block the running of HK government. Actually, parts of HK government's function have already been obliged to stop. Therefore, to maintain the peace of HK, we would like to raise the sword of Justice to stop these extreme behaviors. We have already declared that we are responsible for the attack of FireChat and passiontimes.hk

Now, we notice that Apple Daily is the main sponsor and media mouthpiece of Occupy Central. Within the reporting activities, Apple Daily has never maintained impartiality and always turn things upside down, which has seriously violate the ethics requirement of Journalism Occupation. Specifically, Apple Daily only cover the so called 'civilized' behaviors of Occupy Central pursuing democracy, but neglect purposely the violent and uncivilized behaviors of Occupy Central. Though HK government has restraint to the largest extent, Apple Daily report unfairly the Police's Lawful measures to 'violence'. Intriguingly, Apply Daily has disclosed a number of important user data, but they refuse to respond for that. Therefore, we call on all Hacker's organization and individual enthusiast to attack Apple Daily's website (www.appledaily.com) from now on until they return the responsible news reporting. We also hope the employee of Apply Daily can work with a conscience and attend our actions. Finally, we appeal to the companies and individuals that have commercial relation with Apple Daily stopping cooperating with Apple Daily and refuse to behave as a accomplice of destroying HK's peace.

Attack programs



How to Bypass PHPIDS WAF (no replies)

Hello all
Could you help me please?

I have problem with this XSS .


Above XSS Vector is work . But not working / . and if you inject


You will get error message from PHPIDS WAF .

I searched at google . I found PHPIDS Bypass Code .

http://www.acs-aec.org/index.php/<h1>Payload here</h1>

But this is not work really . I think this bypass method may be different with

that PHPIDS's version .

Thanks .

Please help me all brothers.

I m just learning .

Hello by Ocean Oz (1 reply)

Hello my brothers ,

I m new in here , Please guide me and point me for some i wrong things .

Thanks to all .

Regard Ocean Oz .

[Tutorial] How to block permanently a wordpress.com blog (no replies)

Note: In order for this tutorial to work you need to have access to the blog. After importing the archive for download to the blog it will automatically be banned as a violation of Terms Of Service (TOS).

How to:
1) Login to the target blog
2) In Dashboard go to > Tools > Import
3) In the Import choose Wordpress
3) Import the Wordpress XML file available for download and the blog will automatically be banned.



How can bypass a href? (1 reply)

How to bypass this link?

<a href="'aaaaaaaa"">Link</a>

single quote , double quote , greaterthan and lessthan are filter.

Anyway to bypass it?

How to bypass htmlspecialchars? (no replies)

any good method to bypass htmlspecialchars?

$sapmle .= '<b>';
$sapmle .= 'Hey ' . htmlspecialchars($_GET['name']);
$sapmle .= '</b>';

Hello by 133720 (1 reply)

My nickname is 133720.Nice to meet you.
I am web developer.
Very interested in Xss.
I hope you will guide me.
Thanks for reading.

Can Xss with Chrome? (1 reply)

I want to know can i xss with chrome browswer?

but i try with it not ok.
Any method to work on chorome.

Thanks you.

Where do I download the Mac version of Ruby Version Manager (if there even is one)? (no replies)

So, I'm looking into downloading the Mac OS X version of BeEF, but I read that I need to install Ruby Version Manager in order to use it. I've Googled for that, but I can't seem to find a download link in any of the sites that talk about it. One of them is even titled "Download Ruby", but what I've just downloaded there has turned out to be a Unix application.

I don't have Unix, only Windows and Macintosh (and I'd prefer to use Mac), and I'd rather not spend money on a whole new operating system given how constantly short of funds I happen to be. Since Unix is also an operating system just like Mac OS X, what is the point of having a version of a program designed specifically for Mac if it requires the installation of a Unix Application? And yes, there does exist a Mac version, if the following pages is anything to go by:


Anything I should know about using a keylogger and what kind I should use? (3 replies)

Just found out about keyloggers yesterday. Sites that either try to promote them or objectively state how they work claim that they are untraceable and cannot be detected. However, I know that if I were to bring it up with anyone outside this forum, they'd only warn me about the risk I'd be running of being traced back should anyone actually do find out.

Since I use Mac OS X and would like not to spend money on any of these things, I had downloaded MacKeyLogger.dmg as of yesterday. However, if there are better ones I should look for in order to avoid detection by anyone, I'll be glad to hear from someone here.

Also, I know that they're supposed to operate in total stealth, but is it possible for a potential target to have software installed on their computer that would alert them should a keylogger be introduced to their machine?

Is there anything else I should know about this subject?

XSS Scanner BETA 1.1 (no replies)

XSS Scanner is a simple aplication that will search for common xss vulnerabilities in a site.

How to use:
1) Type a site with query parameter
2) Click on Send
3) Wait a few seconds, if a xss is found it will pop up an alert.

Note: Not all the xss available out there isn't include in this aplication because some of them will break the code nevertheless is a great app that cames in handy.


ZoneAlarm Antivirus - anti-spyware Scan Module (no replies)

This DOS application will detect if Zone Alarm is installed and perform a security scan using the scanning module of ZoneAlarm Antivirus.


Make a null in outlook/live/hotmail account (no replies)

This trick will hide the inbox emails in outlook/live/hotmail site.

Just login into an outlook account and paste the code below in the browser.


VEK - Vulnerability Exploit Kit PREVIEW RELEASE (1 reply)

Here is a PREVIEW RELEASE of what i have been doing in the past month.

VEK is a software that exploits vulnerabilities in various online scripts.
Basically what it does is give the user an interface where exploiting sites is very easy.
In two steps a user can exploit a forum, site or server.

MD5: DEC38F51D69A7FC6CE1245D8B80E647A

Download: (59,18 MB)

bypass & (2 replies)

hi bro...

i wanna inject a command to an url but i cannot becasue i cannot add "&" to the url. also i used "%26" instead of "&" but it was not accepted.
what can i do?

Proxy Browser BETA 1.1 - Surf the internet anonymously (no replies)

Proxy Browser is a windows application that will give you access to diferent proxy servers.

To use is quite simple:
1) Install the application
2) Run Proxy Browser
3) Type the address and navigate the net

For a new proxy, close the window and run Proxy Browser again

EXTRA: Updates are available by email privateloader@hotmail.com



Microsoft - Malware & Exploits (no replies)

And they say that Microsoft is not a malicious organization, lol?

Test this link

Proxy Browser - Surf the internet anonymously (no replies)

Proxy Browser is a windows application that will give you access to diferent proxy servers.

To use is quite simple:
1) Install the application
2) Run Proxy Browser
3) Type the address and surf the net

For a new proxy, close the window and run Proxy Browser again

EXTRA: Updates are available by email privateloader@hotmail.com



Acer E1-510 - Windows 8.1 Resources Booster (no replies)

Optimize your Acer E1-150 or any windows 8.1 operating system making it run even faster by closing native aplications.

->Note: Consider use Autoruns from Microsoft to disable them...



XSS Scanner BETA 1.0 (no replies)

This software will scan a site looking XSS vulnerabilities.
It easy to use it only requires that a user type the address + search parameter in order to scan.

The scan is clean and if a vulnerability pass throw, an alert will popup with a vuln number.
Check the source to get the XSS code...

Warning: This is a new project, the XSS database is a bit small.



sql injection error with string pass (no replies)

please can anyone explain me how to fix error to inject it


Sqli Injection Bypass (1 reply)

Hello ...

i have just a doubt please help

suppose we have 11 dynamic pages in a website like as

index.php?id=1 ( page ok )
index.php?id=2 ( page ok )
index.php?id=3 ( page ok )
index.php?id=4 ( page ok )
index.php?id=5 ( page ok )
index.php?id=6 ( page ok )
index.php?id=7 ( page ok )
index.php?id=8 ( page ok )
index.php?id=9 ( page ok )
index.php?id=10 ( page ok )
index.php?id=11 ( page ok )
index.php?id=12 ( Blank page no out put instantly )

security enabled : Mod_Security & comment escaped
mode security bypassed with /*!UNIunionON*/ ALL /*!SEselectLECT*/ but now the page shows same redirecting at single page suppose it 11th page
how can i bypass this security ?

i think injection is Time based Blind
Can i bypass such injections ??

[Virus] Windows 8 Resources Blocker + Source (no replies)

This is a virus for windows 8 and basically what it does is use the function taskkill to terminate common windows 8 executables.

1) It will close various executables.
2) The CPU will go 100% as it work in a loop.

Check the source for more details.



any usefull auto database? (no replies)


Does anyone knows of any usefull automotive database?

Hacked, cracked, etc

dom xss is possible ? (no replies)

dom xss is possible in ie browsers in code ?
<script language="JavaScript">
function onLoad() {
<body onload="onLoad()">

is located in http://grepcode.com/file/repo1.maven.org/maven2/org.zkoss.zk/zk/

in ie8 browser injection in url ');// error message zk undefined, bmk null or undefined.
How is reproduce injection dom xss ?

The sql injection (1 reply)

For this sql injection,how to bypass IT?



NFC Security (no replies)

Hi guys,
I was redirected here by a friend, to ask few question I hope this thread can be not a once reply topic but a section were we'll disscuss about security in NFC Tags and Readers.
He tried to anwser few of my questions but hope for another anwsers.

I'm a 20 year old student, and my as my homework I got NFC security.
Before I start, let me tell you about my equipment, own this device and a tag (actually 3, tag the paper, a key, and a card).

w w w. s8.postimg.org/aek39k2it/photo1.jpg

Now my "homework" is to find a security hole/try to break it/ in school where the system is setuped as that the tag reader identifys a tag by ID of the tag and if the tag is located in the database it allows access to the room.

I need to get into it without knowing any tags, actually I know the, but thats not the point.

~Can NFC Tag ID be changed or can it be controled by a script ?
~ If so how ?

~Can I bruteforce NFC reader using HCE NFC phone / device ?
~ If so how ?

~Does the reader that I have ACS.com.hk manifacture ACR122 Keep logs ?
(tried to find out but without success)

That is for beggining hope you guys will help me with my study, would appriciate it very much.

Identify base64 looking text (no replies)

while searching for injection points I came across a base64-type looking argument to id param. Can anyone help me identify what is it exacctly how to decode/encode it. It ain't base64, It tried decoding it.


Exploitable (no replies)

Hi guys can you give me the status of this parameter ?


edit smb_relay.rb (no replies)

I have been trying to figure out how to modify the smb_relay.rb metasploit module to use the same session that is created for uploading a payload to a share, and use it to download all files in the share to /tmp/loot has anyone done this before? any help would be much appreciated. Thank you.