Saturday, 17 December 2011 bravo - ftp access - update suggestions - system compromise bravo update server

user: bravoupdate
pass: eunesr

OKey40 and okeyupd folders should be used to update the normal Okey client.
To update flawlessly without restarting each time the update_exe.exe if a download fails. You can resume the downloads with any ftp client instead of download the files from the beginning).

save the files in "Dati/Temp" and set them as read only (to avoid the deletion). After the update clean the folder except for agg.dat.

The password for MagicDb.mdb is "magic"
The password for catc.dat is "128159a7c9f2009"
(both are Ms Access files)

I cannot test the firmware and the -programmer- I don't have one and I don't own any of those products.


Other informations cannot be published ... sorry.

Friday, 9 December 2011 SQL Injection, XSS, nt system compromise

Sql Injection

Sql injection and XSS
in the search form


useless CAPTCHA
You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.

Monday, 5 December 2011 XSS'%20%3Cscript%3Ealert(document.cookie);%3C/script%3E

other informations cannot be published ... sorry