 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
|
|
PacketStorm News |
|
| Currently there is a problem with headlines from this site |
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| sk8er |
| |
| Replies: 1 |
| Views: 6029 |
|
|
 |
|
 |
|
you can more especific , for example how ???
cmd SETUP-X86.EXE myProgram.exe ???
i not understand  |
|
|
|
| sk8er |
| |
| Replies: 1 |
| Views: 9132 |
|
|
|
|
|
|
I sugges :
http://resources.infosecinstitute.com/anatomy-of-an-attack-gaining-reverse-shell-from-sql-injection/
Saludos |
|
|
|
| sk8er |
| |
| Replies: 2 |
| Views: 10214 |
|
|
|
|
|
|
hey men 
you can see this video for help :
https://www.youtube.com/watch?v=_qxvJY6Zyac |
|
|
|
| sk8er |
| |
| Replies: 3 |
| Views: 6614 |
|
|
|
|
|
|
In this case, you can see :
http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
its good. |
|
|
|
| sk8er |
| |
| Replies: 2 |
| Views: 5613 |
|
|
|
|
|
|
or you can use :
https://crackstation.net/
saludos |
|
|
|
| sk8er |
| |
| Replies: 4 |
| Views: 7857 |
|
|
|
|
|
|
one good option when bloking with internal errors, is use inference (BLIND SQL) for example, SQLiX available on :
https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
working with these ... |
|
|
|
| sk8er |
| |
| Replies: 4 |
| Views: 7857 |
|
|
|
|
|
|
| if you want to avoid a firewall, I recommend you use a encoded string for you query's, is only one idea |
|
|
|
| sk8er |
| |
| Replies: 1 |
| Views: 5297 |
|
|
|
|
|
|
you tried Blind Sql Injection ?, maybe with these tecnique you get a bit information.
in other hand you tried reading files and show in the UNION's comand
in this site show a one example :
... |
|
|
|
| sk8er |
| |
| Replies: 5 |
| Views: 6529 |
|
|
|
|
|
|
one resource :
http://www.openwall.com/john/
it's useful en these cases |
|
|
|
| sk8er |
| |
| Replies: 5 |
| Views: 6529 |
|
|
|
|
|
|
| in the "owned by uid 512" you should find the root user, or scaling the privilegies |
|
|
|
| sk8er |
| |
| Replies: 1 |
| Views: 4122 |
|
|
|
|
|
|
| I guess, a Web Scanning for the listed the directories. |
|
|
|
| sk8er |
| |
| Replies: 4 |
| Views: 7003 |
|
|
|
|
|
|
| I guess phyton |
|
|
|
| sk8er |
| |
| Replies: 3 |
| Views: 6614 |
|
|
|
|
|
|
"Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'fldUserLogin='admin ' or '1'='1'/*''.
... |
|
|
|
| sk8er |
| |
| Replies: 4 |
| Views: 7783 |
|
|
|
|
|
|
| you should trie with clausule "HAVING" form more results |
|
|
|
| sk8er |
| |
| Replies: 1 |
| Views: 4605 |
|
|
|
|
|
|
te sugiero que intentes con BLIND SQL.
I tried with the single cuote :
http://www.pampling.com/ficha_producto.php?id_producto=%27
Warning: mysql_fetch_assoc(): supplied argument is not a vali ... |
|
|
| Page 1 of 5 |
Goto page 1, 2, 3, 4, 5 Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9145
People Online:
Visitors: 156
Members: 2
Total: 158
Online Now:
