Friday, 30 September 2011

xss - secoloditalia.it

Various XSS
www.secoloditalia.it/publisher/Homepage/search/1/?search_text=<script>alert('xss')%3B<%2Fscript>&x=0&y=0

scam, xss, spam, free/fake registration - ilpopolodellaliberta.it

 http://adesioneonline.ilpopolodellaliberta.it/include/comuni.php?comune=Ades.natoa&prov=Ades.natopr%0A%3Cscript%3Ealert%281%29%3C/script%3E%0A&id=Ades.idcomunens&stato=Ades.statonato&label=1&idprovv=Ades.idprovnascita

There are several xss - I've no time to list them all.
-----------------------------------

We can change any value on the client side, quite no verification on server side.
I've subscribed for 0€
-----------

During the registration as a payment gateway I've choosed this one
www.monetaonline.it/

and it's so strange that this p.g. have only client-side checks!!!


After submitting the data I've got an internal server error and I've got the successful page
at http://adesioneonline.ilpopolodellaliberta.it/s27servertransazioneritorno.php

I've *paid* my *free* subscription to the PDL.

LCD Display Pixel Policy

APPLE - rumors are referring about up to 15 anomalies (dead/bright/dark/any_strange pixel) for a support request
LCD display pixel anomalies for Apple products released before 2010
http://support.apple.com/kb/HT1721
About LCD display pixel anomalies for Apple products released in 2010 and later
http://support.apple.com/kb/HT4044

ASUS

ASUSTeK Australia and New Zealand LCD Monitor Warranty Policy
http://support.asus.com/repair.aspx?no=587&SLanguage=en
ASUS ZBD (Zero Bright Dot )
http://support.asus.com/repair.aspx?no=579&SLanguage=en

ATEN - Altusen
http://www.aten.com/data/announcement/zero-dead-pixel-policy.html

BenQ -  for FP series up to 24" (7 days)

Dell - All the monitors (15 days)
http://support.dell.com/support/topics/global.aspx/support/kcs/document?docid=414288

EIZO - 5/3/2/1 years.
global eizo - http://www.eizo.com/global/support/warranty/index.html
warranty it - http://www.eizo.it/supporto/garanzia.html
warranty au - http://eizo.com.au/support/warranty/index.php
pixel policy - http://eizo.com.au/support/warranty/pdf/EIZO-Pixel-Policy.pdf

HP
HP and Compaq LCD Monitors, TouchSmart PCs, and All-in-One PCs - HP Pixel Policy http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&docname=c00288895&dlc=en
Pixel Policy

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00288895

IBM (LENOVO)
Display (LCD) replacement for defective pixels - ThinkPad
http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-69856


LG - All the monitors (3 years)
LG LCD Monitor Pixel Policy

http://lgknowledgebase.com/kb/index.php?View=entry&EntryID=6481 

MSI
Warranty/Policies/DeadPixels http://support.msi.eu/en/policies.php


PHILIPS
Philips Flat Panel Monitor Pixel Defect Policy
http://www.philipschannel.com/monitors/pdf/pixel_policy.pdf

SAMSUNG - All the 19/21/24" LCD monitors (3 years)
http://www.samsung.com/se/support/repairpolicy/Samsung_Monitor_Pixel_Policy.pdf

SONY - Models SDMX53 SDMX73 SDMX93 SDMHX73 SDMHX93 (3 years)


VIEWSONIC
LCD Warranties
http://www.viewsonic.com/support/warranties/limited-warranty/



-----------------------------------------------------------------------------------------
LCD USEFUL TOOLS
Dead Pixel Tester
Eizo Monitor Test - Windows 98 | 2000 | XP | Vista| Win 7
Eizo Monitor Test - MAC 

www.pdlcamera.it | SQL Injection

Sample
http://www.pdlcamera.it/ufficioStampa2010.asp?News_ID=3'

Syntax error in string in query expression 'pubblicato=true AND News_ID=3' ORDER BY Date_stamp DESC'.

http://www.pdlcamera.it/ufficioStampa2010.asp?News_ID=3 group by 1

Cannot group on fields selected with '*' (tblNews).

yeppa, we have the table ... and so on...

Data Access Objects (DAO) 3.5 download

[PHP] Sanitize mail headers and texts

This function returns the date in the RFC822. Remember to add the timezone difference in the first argument and the relative time zone.
function RFC822date($mytstamp,$tzone = "GMT") {
return gmdate("D, d M Y h:i:s", $mytstamp) . " " . $tzone;
}

delicious.com | XSS

the XSS is quite simple
just add
http://delicious.com/save?jump=yes&v=2%3Csurox&url=http://trueliarx.blogspot.com/%22%3E%3Cimg%20src=1%20onerror=alert(document.cookie)%3E%3C%22&title=pro(re)gress


 



(fixed)

Spammy
http://forums.utest.com/rss.php?mode=Lorem%20ipsum%20dolor%20sit%20amet,%20consectetur%20adipiscing%20elit.%20Nunc%20sit%20amet%20elit%20turpis.%20Cras%20elementum,%20turpis%20quis%20rutrum%20viverra,%20dui%20sapien%20auctor%20lorem,%20sed%20suscipit%20dui%20odio%20eget%20ligula.%20Nunc%20a%20sem%20mauris,%20a%20porta%20tortor.%20Nunc%20in%20varius%20justo.%20Praesent%20venenatis%20ultrices%20condimentum.%20Morbi%20eget%20imperdiet%20ante.%20Praesent%20eros%20metus,%20pulvinar%20nec%20laoreet%20a,%20aliquam%20nec%20orci.%20Nunc%20cursus%20condimentum%20lacus,%20at%20dictum%20sapien%20tincidunt%20non.%20Nullam%20gravida%20condimentum%20leo,%20id%20porta%20nibh%20placerat%20sit%20amet.%20Phasellus%20sed%20elit%20vel%20quam%20ornare%20laoreet.

(They have fixed it)

reset mssql sa password

osql -E -S .\IstanceName
use master
go
exec sp_password @old=null, @new="password", @loginame='sa'
go
quit

ninjasaga fb game - error denial of service free rewards

Fatal error: Uncaught exception 'Exception' with message 'Unknown column 'WALLFEED_ID' in 'where clause' sql >> delete from GET_FRIEND_REWARD where WALLFEED_ID=135494 limit 1' in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php:191 Stack trace: #0 /home/ninjasaga/app.ninjasaga.com/fb_oauth_2.0/friend_reward.php(692): DBConnector->query('delete from GET...', 'social') #1 /home/ninjasaga/app.ninjasaga.com/fb_en/friend_reward.php(4): require_once('/home/ninjasaga...') #2 {main} thrown in /home/ninjasaga/bitemycode_api/include/db/DBConnector.php on line 191

Php - a fast(?) and simple approach to ban ips from your website

This is a very old tiny script that I've used to ban ip addresses from the php page/website. Bans are not a good solution in terms of performances of the website, expecially if the bans list is long or complex to elaborate.


function checkbans(){
    $handle = fopen("ipbans.dat.php", "r");
    if($handle === false){ return false; }
    while (!feof($handle)) {
        $line = trim(fgets($handle, 32));
        if( $line == $_SERVER['REMOTE_ADDR'] )
        {
            fclose($handle);
            //header('Location: http://www.google.com'); //redirect to google?
            exit();
        }
    }
    fclose($handle);
}

You can just call the checkbans() functions from your php file.
The storage file should be outside the web root or, if you are using it with the php extension, add
<?php exit(); ?>
in the first line.


This is not a solution to suggest but I've found it in my old crappy code (more than five years ago).

I actually use a mixed solution that involves .htaccess files.

Wednesday, 28 September 2011

TinyMCE not starting

While (ab)using TinyMCE all of the sudden it stopped working and there was no error/notice in the JS errors Console. I've tried several things without success and after 20 minutes I've thinket to start "tamper data" in firefox to check what was wrong. The problem was quite simple ... a plugin was completely missing (404 page). If TinyMCE doesn't start check the errors console, missing files, missing div/textarea with relative ID.

Saturday, 17 September 2011

Adobe Reader X - Eula problem (again)

Acrobat Reader X is quite boring with useless problems that are annoying a lot of users. This time I got this message "Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement" while opening pdf files downloaded via browser. The previous solution (run adobe reader without any pdf file and accept the eula) haven't worked The only method that have worked for me is to add the following registry key to accept the eula for the browsers. --copy the following text in a .reg file and run--
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer] "EULAAcceptedForBrowser"=dword:00000001

Twitter Delicious Facebook Digg Stumbleupon Favorites More