Skip to main content

Posts

Showing posts from 2019

Run older games with unity web player on windows 10, mac osx (kongregate, armorgames, etc)

Usually you can't run some Unity games on kongregate or similar websites. To easily solve the problem without headaches on windows 10 you can just install the 4.7.2 version (that works also for 3.x versions) use internet explorer 11 (just run WIN+r "iexplore" ) or a 32 bit 52.3.0 version of firefox (portable). On osx just run safari or an older 52.3.0 version of firefox. Download links for older unity webplayer (as from the unity forums - thank to them) 5.3.x: http://files.unity3d.com/stefan/webplayer/webplayer_archive/ClosedNetworkPlayer_5.3.1f1.zip + http://files.unity3d.com/stefan/webplayer/webplayer_archive/ClosedNetworkPlayer_5.3.2f1.zip + http://files.unity3d.com/stefan/webplayer/webplayer_archive/ClosedNetworkPlayer_5.3.3f1.zip + http://files.unity3d.com/stefan/webplayer/webplayer_archive/ClosedNetworkPlayer_5.3.4f1.zip + http://files.unity3d.com/stefan/webplayer/webplayer_archive/ClosedNetworkPlayer_5.3.5f1.zip + http://files.unity

How to Configure and Initialize MySQL 8> on Windows Without Installation

How to Configure and Initialize MySQL (8 or later version) on Windows without Installation If you need to use MySQL on Windows but don't want to go through the hassle of installing it, you can still use it by downloading the ZIP archive version of MySQL. Here are the steps to configure and initialize MySQL: Download the latest ZIP archive for Windows from the official MySQL website (https://dev.mysql.com/downloads/mysql/). Extract the ZIP archive to a folder of your choice (e.g., C:\mysql). Create a new file named my.ini in the MySQL folder (e.g., C:\mysql) with the following content: [mysqld] basedir=C:/mysql datadir=C:/mysql/data port=3306 Make sure to replace the basedir and datadir values with the path to your MySQL folder. Create a new folder named data inside the MySQL folder (e.g., C:\mysql\data). Open a command prompt as an administrator and navigate to the MySQL folder (e.g., cd C:\mysql). Initialize the MySQL data directory by running the following

[FIX Error] composer (pimcore) Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::installAssets

When you get this error or something similar: > Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::installAssets Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::installAssets handling the symfony-scripts event terminated with an exception   [RuntimeException]   An error occurred when executing the ""assets:install --symlink --relative \"web\""" command: Fix: You can solve it by deleting the lockfiles. If it doesn't work you could remove all the files downloaded by composer. Note: In my case i got this problem with pimcore.

unipv.it | several system are compromised. Data leak, Misconfiguration, Sql injections, xss.

Simple error that gives full access to the databases (of the biblio?) We can raise an error by simply changing the value of managerName (I added "a") http://ecnew.unipv.it/biblionauta/index.php?moduleName=user&managerName=logina& archived: http://archive.is/ZDYzY In the long error/debug result we can find several informations we can find the mysql user and passwords. [type] => mysql_SGL [host] => mysqlbib.unipv.it [protocol] => tcp [socket] => [port] => 3306 [user] => frameuser [pass] => g0nzaga [name] => framework_ecnew path  /home/isis/http/htdocs/biblionauta The mysql server is mysqlbib.unipv.it and it also have an http server with phpmyadmin http://mysqlbib.unipv.it (archived: http://archive.is/3Enl1) - samples  . In a few words we can easily connect to the databases by using the credentials found in the logs. Quite easy We have also other informations regarding other severs where the current box/website, I sup

forzanuova.eu

The template is vulnerable /web/htdocs/www.forzanuova.eu/home/ some errors (already there) http://www.forzanuova.eu/question/ww/ Fatal error : Uncaught Error: Call to undefined function dwqa_question_meta_button() in /web/htdocs/www.forzanuova.eu/home/wp-content/themes/sevenmag/dwqa-templates/single-question.php:20 Stack trace: #0 /web/htdocs/www.forzanuova.eu/home/wp-content/plugins/dw-question-answer/inc/Template.php(1100): include() #1 /web/htdocs/www.forzanuova.eu/home/wp-content/plugins/dw-question-answer/inc/Template.php(826): DWQA_Template->load_template('single-question', 'question') #2 /web/htdocs/www.forzanuova.eu/home/wp-includes/class-wp-hook.php(286): DWQA_Template->question_content('/web/htdocs/www...') #3 /web/htdocs/www.forzanuova.eu/home/wp-includes/plugin.php(203): WP_Hook->apply_filters('/web/htdocs/www...', Array) #4 /web/htdocs/www.forzanuova.eu/hom
HP xv5000EA xp drivers nvidia 400 go xp http://whp-aus2.cold.extweb.hp.com/pub/softpaq/sp30001-30500/sp30132.exe nforce 4 - amd - windows xp (thanks to this link https://www.hwupgrade.it/forum/showthread.php?t=1101665 ) http://djgusmy85.hwtweakers.net/nVidia%20nForce%206.39%20Beta%20modded.exe Texas card reader https://h30492.www3.hp.com/hpde/attachments/hpde/OS/51292/1/Texas-FORCED-5x86-VEN_104C%26DEV_8201.zip

comune.verona.it | sql injection, xss, redirect

https://www.comune.verona.it/bannertrack/track.cfm?BannerID=[sql] XSS "><script>alert(1);</script><" in events form https://www.comune.verona.it/nqcontent.cfm?a_id=146 Redirect to other websites https://www.comune.verona.it/bannertrack/most_download.cfm?referredUrl=//google.com//&title=Brochure https://www.comune.verona.it/bannertrack/most_download.cfm?referredUrl=[url without]&title=Brochure (since 2017?)

leonardocompany.com

leonardo giovanni http://www.leonardocompany.com/customer-support/elicotteri-helicopter/customer_portals/my-training sample user list: leonardo giovanni //enter from this page othetwise a notice will show up that you are not allowed to directly use the login page. https://leonardo.agustawestland.com/public/welcome login page https://weblogin.agustawestland.com/vpn/tmindex.html 2019-05-12 https://weblogin.agustawestland.com/secure/passwordselfservice/public/ForgottenPassword Some extra info are available from this url. We can change almost all our "settings" via rest by adding the parameters (ex. idle="true"). There no need to be logged in. https://weblogin.agustawestland.com/secure/passwordselfservice/public/rest/app-data/client url-command "/secure/passwordselfservice/public/CommandServlet" url-context "/secure/passwordselfservice" url-logout "/secure/passwordselfservice/public/Logout?idle=true" url-resource

comune.benevento.it | xss

Redirect sample (click on "Esci") http://www.comune.benevento.it/infouff/dettagliocomunicatoNEW.php?rIdComunicato=573&vcercaCom=&vTorna=https://www.google.com xss http://www.comune.benevento.it/infouff/dettagliocomunicatoNEW.php?rIdComunicato=573&vcercaCom=&vTorna=[XSS]

unicef.it - debug errors

https://my.unicef.it/mailing.aspx by adding a non integer value we get an error with part of the code. --- Line 36:         if (cod != "codice donatore" && key != "codice personale") Line 37:         { Line 38:             string codiceDonor = autenticazione.getDonor(Int32.Parse(cod), key); Line 39:             if (codiceDonor != "") Line 40:             { --- https://my.unicef.it/RecuperaPassword.aspx adding anything throws an error related to the captcha. --- ine 1433:    CaptchaANDQuestionResponse IService.CaptchaANDQuestion(CaptchaANDQuestionRequest request) Line 1434:    { Line 1435:        return base.Channel.CaptchaANDQuestion(request); Line 1436:    } Line 1437:    Source File: f:\webroot\www.myunicef.it\App_Code\Source.cs    Line: 1435 Stack Trace: [FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExcepti

http://b3b.tre.it/ | sql injection

http://b3b.tre.it/scadenzaPassword.asp Sample error Microsoft OLE DB Provider for SQL Server error '80040e2f' Cannot insert the value NULL into column 'password', table 'Bpassport_1.dbo.tblArchivioPassword'; column does not allow nulls. INSERT fails. /classes/CBpassport.asp , line 157 Note: contacted  and they (probably) removed the website.

http://reinounido.embajada.gob.ec | ecuador uk embassy - info and security problems

Outdated/Vulnerable Wordpress (directory listing is enabled) vulnerable plugins wordpress yoast seo http://reinounido.embajada.gob.ec/wp-content/plugins/wordpress-seo/ archived: http://archive.is/ANHsm social network tabs http://reinounido.embajada.gob.ec/wp-content/plugins/social-network-tabs/ archived url: http://archive.is/8DP9D vulnerable wp-banners lite (XSS - there's an xss filter) http://reinounido.embajada.gob.ec/wp-content/plugins/wp-banners-lite/ --- other plugins jquery-vertical-accordion-menu http://reinounido.embajada.gob.ec/wp-content/plugins/jquery-vertical-accordion-menu/ archived:http://archive.is/Fx2aK download monitor http://reinounido.embajada.gob.ec/wp-content/plugins/download-monitor/ http://archive.is/yGBXS ---- path disclosed in error log http://reinounido.embajada.gob.ec/wp-content/plugins/download-monitor/error_log http://archive.is/tazP3 ex: /home3/ecuaneti/public_html/barcelona/

Opencart - configuration to send emails with Gmail and google apps

How to configure opencart with a Gmail account and google apps Gto to System-> Settings Click on the "Mail" Tab Configure with the following option (change user and password accordingly): Mail Protocol: SMTP SMTP Host: ssl://smtp.gmail.com SMTP Username: youremail@gmail.com SMTP Password: yourpassword SMTP Port: 465 SMTP Timeout: 6 Remember also to change the main email address in "general" (tab) settings with youremail@gmail.com (and not other emails otherwise they could be blocked).

ruby - missing libcurl on windows 10

On windows 10 when you get the follosing error running your ruby script LoadError: Could not open library 'libcurl': The specified module could not be found. Could not open library 'libcurl.dll': The specified module could not be found. Could not open library 'libcurl.so.4': The specified module could not be found. Could not open library 'libcurl.so.4.dll': The specified module could not be found you can solve the problem by downloading the latest curl binary for win x32 or x64 https://curl.haxx.se/download.html (ex. https://curl.haxx.se/windows/dl-7.63.0/curl-7.63.0-win64-mingw.zip ) and copy the /bin/ folder from the zip to your [ruby installation path]/bin In the case of the 64 bit version of curl also rename libcurl-x64.dll to libcurl.dll