 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 56
 Members: 0
 Total: 56
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
hi  i'm interested in knowing more about "backticks" , can someone explain me more about them ?
edit: i need info also on exploiting "pre_replace" with e modifier |
|
|
|
|
| i compiled and tested this exploit locally on my linux box, it works perfectly, but the target site must have mysql => 4.0 , when you get "ccccc" it should be because the target was patched or was ... |
|
|
|
|
| ok we could try i'm setting up an ftp server on my linux box to distribute first copyies for seeders |
|
|
|
|
hi all, i'm putting up a tracker/website with phpMyBitTorrent at contropoteresharing.no-ip.org .
my main purpose is to use this site to share all security tools , tuts and so on, and mainly rainbow t ... |
|
|
|
|
| sometimes you simply can't, there are some mod that require the admin to inserti his password to log in the admin panel, regardless cookies, so you have to crack it |
|
|
|
|
any ideas ?is there a mistake here :
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));' ... |
|
|
|
|
| i tested locally and in some test forum, the exploit is working (i used a mine cookie stealer file) but i used mod rewrite to have a .png file to be processed as php, but the only problem is that it s ... |
|
|
|
|
it seems you are trying sql injection, so you have to use a valid username , usually admin is good, then a mysql statement which is alwasy true, like x=x , so the password could be
randomtext' or 'x' ... |
|
|
|
|
| do a uname -a to see what os is running, then try to find a folder with rw access, usually are the temp one, then upload an exploit for the os or some software installed and gain root it worked for ... |
|
|
|
|
and what about using system ? i tryied and it works, but only with commands without spaces in them for example:
ls => works
cat config.php => doesn't work |
|
|
|
|
| i've tryed exploiting using others method like the one described by Maroni and they works locally , but what about using system ? i tryied adjusting Zeelock exploit for this version but i can't make i ... |
|
|
|
|
this should work only for phpBB 2.0.15 , not <= 2.0.15 , but i'm testing locally and i've got no result:
gentoo root # ./db.pl 127.0.0.1 /phpBB2/ 1
+-------------------------------------------- ... |
|
|
|
|
| have someone tryied it ? i'm testing on one of my forum but it seems not to be working.. i'm looking at the code... |
|
|
|
|
1st : don't post link to real site
2nd: this is not an sql injection but an XSS
3rd: if this exploit is for cpanel <= 1.8 , that site is using cpanel 10 so it wouldn't work |
|
|
|
|
| i've got the same problem.. |
|
|
| Page 1 of 5 |
Goto page 1, 2, 3, 4, 5Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
