|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 70
Members: 0
Total: 70
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
sk8er |
|
Replies: 1 |
Views: 12194 |
|
|
|
|
|
|
you can more especific , for example how ???
cmd SETUP-X86.EXE myProgram.exe ???
i not understand |
|
|
|
sk8er |
|
Replies: 1 |
Views: 15907 |
|
|
|
|
|
|
I sugges :
http://resources.infosecinstitute.com/anatomy-of-an-attack-gaining-reverse-shell-from-sql-injection/
Saludos |
|
|
|
sk8er |
|
Replies: 2 |
Views: 17777 |
|
|
|
|
|
|
hey men
you can see this video for help :
https://www.youtube.com/watch?v=_qxvJY6Zyac |
|
|
|
sk8er |
|
Replies: 3 |
Views: 13094 |
|
|
|
|
|
|
In this case, you can see :
http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
its good. |
|
|
|
sk8er |
|
Replies: 2 |
Views: 11476 |
|
|
|
|
|
|
or you can use :
https://crackstation.net/
saludos |
|
|
|
sk8er |
|
Replies: 4 |
Views: 14821 |
|
|
|
|
|
|
one good option when bloking with internal errors, is use inference (BLIND SQL) for example, SQLiX available on :
https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
working with these ... |
|
|
|
sk8er |
|
Replies: 4 |
Views: 14821 |
|
|
|
|
|
|
if you want to avoid a firewall, I recommend you use a encoded string for you query's, is only one idea |
|
|
|
sk8er |
|
Replies: 1 |
Views: 10444 |
|
|
|
|
|
|
you tried Blind Sql Injection ?, maybe with these tecnique you get a bit information.
in other hand you tried reading files and show in the UNION's comand
in this site show a one example :
... |
|
|
|
sk8er |
|
Replies: 5 |
Views: 13038 |
|
|
|
|
|
|
one resource :
http://www.openwall.com/john/
it's useful en these cases |
|
|
|
sk8er |
|
Replies: 5 |
Views: 13038 |
|
|
|
|
|
|
in the "owned by uid 512" you should find the root user, or scaling the privilegies |
|
|
|
sk8er |
|
Replies: 1 |
Views: 10614 |
|
|
|
|
|
|
I guess, a Web Scanning for the listed the directories. |
|
|
|
sk8er |
|
Replies: 4 |
Views: 14002 |
|
|
|
|
|
|
I guess phyton |
|
|
|
sk8er |
|
Replies: 3 |
Views: 13094 |
|
|
|
|
|
|
"Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'fldUserLogin='admin ' or '1'='1'/*''.
... |
|
|
|
sk8er |
|
Replies: 4 |
Views: 14767 |
|
|
|
|
|
|
you should trie with clausule "HAVING" form more results |
|
|
|
sk8er |
|
Replies: 1 |
Views: 9388 |
|
|
|
|
|
|
te sugiero que intentes con BLIND SQL.
I tried with the single cuote :
http://www.pampling.com/ficha_producto.php?id_producto=%27
Warning: mysql_fetch_assoc(): supplied argument is not a vali ... |
|
|
Page 1 of 5 |
Goto page 1, 2, 3, 4, 5Next All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|