Skip to main content


Showing posts from 2011 bravo - ftp access - update suggestions - system compromise bravo update server

user: bravoupdate
pass: eunesr

OKey40 and okeyupd folders should be used to update the normal Okey client.
To update flawlessly without restarting each time the update_exe.exe if a download fails. You can resume the downloads with any ftp client instead of download the files from the beginning).

save the files in "Dati/Temp" and set them as read only (to avoid the deletion). After the update clean the folder except for agg.dat.

The password for MagicDb.mdb is "magic"
The password for catc.dat is "128159a7c9f2009"
(both are Ms Access files)

I cannot test the firmware and the -programmer- I don't have one and I don't own any of those products.


Other informations cannot be published ... sorry. SQL Injection, XSS, nt system compromise

Sql Injection

Sql injection and XSS
in the search form


useless CAPTCHA
You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.

XSS - sec. vulnerabilities


mirror (?) - same

several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc)

template(?) is visible by requesting a wrong id (?),7700-

sample of the output (ex.,7700- )
---------------<div class="yui-gc clear" id="unacolonna"> <div class="yui-u first" id="col_2_3_sx"> <div class="tab"> ^service_link^ ^tag_contenuto^ ^dettaglio_contenuto^ <…

Block Spam from Asia china .htaccess solution

After receiving tons of spam on the website I've decided to ban the whole apnic...
previously I've tried to ban only china and korea but without success.
Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage.

P.S. I've added a few LACNIC

just add this in a .htaccess file and the spam from the Asia should be gone

#list retrieved from

#Banning APNIC
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny …

Use network Printer connected to a 32bit (windows xp?) with a 64bit OS

Usually this happens when you try to connect from a 64 bit OS.
If you also have problems with the drivers just install them before adding the share as a *port*.

The solution and all the same content can be found here

Error 0X0000000d with network printer installation

printer installation
Solution with Windows Vista:

Run a command prompt and type the following: net use LPT2: \\servername\printer
This sets up a behind-the-scenes connection to the printer.
Go through the add printer wizard, choose to add a local printer, and choose port LPT2.

Solution with Windows 7:

Go to start and type in "cmd" in the search box.
Right click on cmd and select “Run as Administrator”.
Type this command net use LPT# \\server\printer /persistent:yes (Substitute #, server, printer as appropriate for your network.)
Add your printer locally using the LPT# port. If your laptop has no parallel cable then use LPT1.

*Hack* google blogspot blogs via XSS

Google Blogspot, after the new look, is suffering of a bunch of strange XSSs.
I've found them without doing anything .... just by publishing my old XSSs.

The problem is in several part where you open the preview of the Themes (including the new one for the mobile).

After doing a faster test I've noticed that it works also in the comments area, so, you can try to send a stored XSS and move the blogadmin like a puppet in the various functionalities.

I've changed for *myself*  the layout, via XSS, without problems. Quite funny and ... problematic. (I'm not opening the comments for now ... and it's not a problem since they are just a few of them xD).

I will not add more informations but it's so SIMPLE that you just need to copy/paste one of my latest posts, as is.

I'm so lucky ... sometimes ... even if in an useless way.

Simple XSS

Simple XSS in the forms


------">{XSS here}<";sort=U2;search=%3dubicazione%3ab0ee;hits=1

Torrent trackers list

Torrents trackers list  (lot of them are dead - the list must be cleaned)

http://13nuhvixat4hsa7f.tracker.tor… - asp, XSS, Sql Injection, site access


SQL Injection (admin access)

Data tampering and manipulation is possible on the cookies.

scam, xss, spam, free/fake registration -

There are several xss - I've no time to list them all.

We can change any value on the client side, quite no verification on server side.
I've subscribed for 0€

During the registration as a payment gateway I've choosed this one

and it's so strange that this p.g. have only client-side checks!!!

After submitting the data I've got an internal server error and I've got the successful page

I've *paid* my *free* subscription to the PDL.

LCD Display Pixel Policy

APPLE - rumors are referring about up to 15 anomalies (dead/bright/dark/any_strange pixel) for a support request
LCD display pixel anomalies for Apple products released before 2010
About LCD display pixel anomalies for Apple products released in 2010 and later


ASUSTeK Australia and New Zealand LCD Monitor Warranty Policy
ASUS ZBD (Zero Bright Dot )

ATEN - Altusen

BenQ -  for FP series up to 24" (7 days)

Dell - All the monitors (15 days)

EIZO - 5/3/2/1 years.
global eizo -
warranty it -
warranty au -
pixel polic… | SQL Injection


Syntax error in string in query expression 'pubblicato=true AND News_ID=3' ORDER BY Date_stamp DESC'. group by 1

Cannot group on fields selected with '*' (tblNews).

yeppa, we have the table ... and so on... | XSS

the XSS is quite simple
just add


(They have fixed it)

ninjasaga fb game - error denial of service free rewards

Fatal error: Uncaught exception 'Exception' with message 'Unknown column 'WALLFEED_ID' in 'where clause' sql >> delete from GET_FRIEND_REWARD where WALLFEED_ID=135494 limit 1' in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php:191 Stack trace: #0 /home/ninjasaga/ DBConnector->query('delete from GET...', 'social') #1 /home/ninjasaga/ require_once('/home/ninjasaga...') #2 {main} thrown in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php on line 191

Php - a fast(?) and simple approach to ban ips from your website

This is a very old tiny script that I've used to ban ip addresses from the php page/website. Bans are not a good solution in terms of performances of the website, expecially if the bans list is long or complex to elaborate.

function checkbans(){
    $handle = fopen("ipbans.dat.php", "r");
    if($handle === false){ return false; }
    while (!feof($handle)) {
        $line = trim(fgets($handle, 32));
        if( $line == $_SERVER['REMOTE_ADDR'] )
            //header('Location:'); //redirect to google?
You can just call the checkbans() functions from your php file.
The storage file should be outside the web root or, if you are using it with the php extension, add
<?php exit(); ?> in the first line.

This is not a solution to suggest but I've found it in my old crappy code (more than five years ago).

I actually use a mix…

TinyMCE not starting

While (ab)using TinyMCE all of the sudden it stopped working and there was no error/notice in the JS errors Console. I've tried several things without success and after 20 minutes I've thinket to start "tamper data" in firefox to check what was wrong. The problem was quite simple ... a plugin was completely missing (404 page). If TinyMCE doesn't start check the errors console, missing files, missing div/textarea with relative ID.

Adobe Reader X - Eula problem (again)

Acrobat Reader X is quite boring with useless problems that are annoying a lot of users. This time I got this message "Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement" while opening pdf files downloaded via browser. The previous solution (run adobe reader without any pdf file and accept the eula) haven't worked The only method that have worked for me is to add the following registry key to accept the eula for the browsers. --copy the following text in a .reg file and run-- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer] "EULAAcceptedForBrowser"=dword:00000001

Microgame casino people's tv calendario - info disclosure, XSS, flashvars xss

XSS (this one will also work after that the victim clicks on any link of the page),97,115,115,101,100%29%29%20%3E


Fatal error: Call to undefined function get_header() in /var/www/vhosts/ on line 1

free info

Notice: Use of undefined constant id - assumed 'id' in /var/www/vhosts/ on line 2
Notice: Use of undefined constant id - assumed 'id' in /var/www/vhosts/ on line 2



Adobe reader X (10) crash. Adobe reader suddenly closes itself.

Adobe reder X (10) crash.
When adobe reader 10 suddenly closes itself try these solutions:

- run adobe reader 10 without calling any kind of documents (ex. c:\program files\Adobe\Reader 10.0\Reader\AcroRd32.exe
- Set the AcroRd32.exe to run in compatibility mode (windows 2000)

The eula should appear and click on yes/accept.

The problem appears expecially if you are updating (same m. version) or after installing over a different version. In some cases the problem have appeared after disabling/enabling the plugin in firefox ... but it could be a coincidence.

An easy solution for a boring problem with the damn Adobe Acrobat Reader X.
I personally prefer to use Sumatra (an alternative pdf reader) but sometimes it lacks of the new functionalities of the Adobe Acrobat Reader and the pages cannot be viewed correctly (ex. in pre-compiled forms the previously inputted content cannot be displayed).

old coders from the Vatican .... they are still the same. XSS ...



It's possible to download any file from the server | xss, arbitrary file upload, sql injection, remote administration, root compromise

-XSS-" onmouseover=alert("xss") bla=";%3C/script%3E
-sql inj-
-arbitrary file upload-

Firefox Portable WebTools

A new version of Firefox Portable Webtools is available!

Firefox updated to the version 3.6.14
Reduced the size of the whole package
Added BlackStratini 2.1 Template (removed other templates)
Restored the lost Bookmarks
Some fancy graphic modifications
Greasemonkey scripts moved in a standalone package
Some garbage files removed
Installed Shockwave for Director Plugin np32dsw.dll - (usually it can be found in C:\WINDOWS\system32\Adobe\Director)
Installed Adobe Flash Plugin NPSWF32.dll - (usually it can be found in C:\WINDOWS\system32\Macromed\Flash)
Updated Plugins
abcTajpu (1.6.9)
Autofill Forms (
DOM Inspector (2.0.9)
Domain Details (2.6.9)
Firebug (1.6.2)
Firecookie (1.1.1)
FirePHP (0.5.0)
FireQuery (0.9)
FireRainbow (1.2)
FoxyProxy Standard (2.22.5)
Greasemonkey (0.9.1)
Groundspeed (1.2)

Flash and Shockwave for Firefox Portable

To use the latest flash and Shockwave players on firefox portable (windows) just copy the files np32dsw.dll and NPSWF32.dll to the "plugin" folder of Mozilla Firefox.
It will work with both "App\Firefox\plugins" and "Data\plugins".

Shockwave for Director Plugin np32dsw.dll - (usually can be found in C:\WINDOWS\system32\Adobe\Director)
Adobe Flash Plugin NPSWF32.dll - (usually can be found in C:\WINDOWS\system32\Macromed\Flash)

(added as a personal note)