Friday, 30 September 2011

xss -

Various XSS<script>alert('xss')%3B<%2Fscript>&x=0&y=0

scam, xss, spam, free/fake registration -

There are several xss - I've no time to list them all.

We can change any value on the client side, quite no verification on server side.
I've subscribed for 0€

During the registration as a payment gateway I've choosed this one

and it's so strange that this p.g. have only client-side checks!!!

After submitting the data I've got an internal server error and I've got the successful page

I've *paid* my *free* subscription to the PDL.

LCD Display Pixel Policy

APPLE - rumors are referring about up to 15 anomalies (dead/bright/dark/any_strange pixel) for a support request
LCD display pixel anomalies for Apple products released before 2010
About LCD display pixel anomalies for Apple products released in 2010 and later


ASUSTeK Australia and New Zealand LCD Monitor Warranty Policy
ASUS ZBD (Zero Bright Dot )

ATEN - Altusen

BenQ -  for FP series up to 24" (7 days)

Dell - All the monitors (15 days)

EIZO - 5/3/2/1 years.
global eizo -
warranty it -
warranty au -
pixel policy -

HP and Compaq LCD Monitors, TouchSmart PCs, and All-in-One PCs - HP Pixel Policy
Pixel Policy

Display (LCD) replacement for defective pixels - ThinkPad

LG - All the monitors (3 years)
LG LCD Monitor Pixel Policy 


Philips Flat Panel Monitor Pixel Defect Policy

SAMSUNG - All the 19/21/24" LCD monitors (3 years)

SONY - Models SDMX53 SDMX73 SDMX93 SDMHX73 SDMHX93 (3 years)

LCD Warranties

Dead Pixel Tester
Eizo Monitor Test - Windows 98 | 2000 | XP | Vista| Win 7
Eizo Monitor Test - MAC | SQL Injection


Syntax error in string in query expression 'pubblicato=true AND News_ID=3' ORDER BY Date_stamp DESC'. group by 1

Cannot group on fields selected with '*' (tblNews).

yeppa, we have the table ... and so on...

Data Access Objects (DAO) 3.5 download

[PHP] Sanitize mail headers and texts

This function returns the date in the RFC822. Remember to add the timezone difference in the first argument and the relative time zone.
function RFC822date($mytstamp,$tzone = "GMT") {
return gmdate("D, d M Y h:i:s", $mytstamp) . " " . $tzone;
} | XSS

the XSS is quite simple
just add




(They have fixed it)

reset mssql sa password

osql -E -S .\IstanceName
use master
exec sp_password @old=null, @new="password", @loginame='sa'

ninjasaga fb game - error denial of service free rewards

Fatal error: Uncaught exception 'Exception' with message 'Unknown column 'WALLFEED_ID' in 'where clause' sql >> delete from GET_FRIEND_REWARD where WALLFEED_ID=135494 limit 1' in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php:191 Stack trace: #0 /home/ninjasaga/ DBConnector->query('delete from GET...', 'social') #1 /home/ninjasaga/ require_once('/home/ninjasaga...') #2 {main} thrown in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php on line 191

Php - a fast(?) and simple approach to ban ips from your website

This is a very old tiny script that I've used to ban ip addresses from the php page/website. Bans are not a good solution in terms of performances of the website, expecially if the bans list is long or complex to elaborate.

function checkbans(){
    $handle = fopen("ipbans.dat.php", "r");
    if($handle === false){ return false; }
    while (!feof($handle)) {
        $line = trim(fgets($handle, 32));
        if( $line == $_SERVER['REMOTE_ADDR'] )
            //header('Location:'); //redirect to google?

You can just call the checkbans() functions from your php file.
The storage file should be outside the web root or, if you are using it with the php extension, add
<?php exit(); ?>
in the first line.

This is not a solution to suggest but I've found it in my old crappy code (more than five years ago).

I actually use a mixed solution that involves .htaccess files.

Wednesday, 28 September 2011

TinyMCE not starting

While (ab)using TinyMCE all of the sudden it stopped working and there was no error/notice in the JS errors Console. I've tried several things without success and after 20 minutes I've thinket to start "tamper data" in firefox to check what was wrong. The problem was quite simple ... a plugin was completely missing (404 page). If TinyMCE doesn't start check the errors console, missing files, missing div/textarea with relative ID.

Saturday, 17 September 2011

Adobe Reader X - Eula problem (again)

Acrobat Reader X is quite boring with useless problems that are annoying a lot of users. This time I got this message "Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement" while opening pdf files downloaded via browser. The previous solution (run adobe reader without any pdf file and accept the eula) haven't worked The only method that have worked for me is to add the following registry key to accept the eula for the browsers. --copy the following text in a .reg file and run--
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer] "EULAAcceptedForBrowser"=dword:00000001

Twitter Delicious Facebook Digg Stumbleupon Favorites More