Wednesday, May 24, 2017

Jackass bad grandpa funeral scene!

Red 2 You Dead Yet Moses !!!

look at the trap: But you can set a cookie in a servlet/script and then read/modify the cookie in another servlet/script on the same host. You can even read or modify a cookie set on a server running on one port on the same hostname/domain from a server running on another port at the same hostname/domain - so you can have Tomcat running on two different ports on the same server and exchange cookies between the two.

Note that you're calling setDomain incorrectly in the first example - this field of the cookie takes a domain name and not a full URL. So the call should look like this:
cookie.setDomain("localhost");
As the other answer notes, some browsers ignore cookies for localhost, so you may want to not set this field of the cookie at all - this has the effect of setting a cookie that will only be returned to the same host that set it (which most of the time is what you want).



Passing a path to a non-existent file to the shtml.exe or shtml.dll (link: https://github.com/andresriancho/w3af-kali/blob/master/w3af/plugins/tests/crawl/pykto/scan_database.db)



"001142","11140","3","/phorum/admin/stats.php","GET","Phorum Stats","","","","","PHP based forum script Phorum allows a user to retrieve the top ten active users, including email addresses. Delete the script or pass protect it.","",""
"001143","2809","3","/php-coolfile/action.php?action=edit&file=config.php","GET","pass_1","","","","","PHP-Coolfile 1.4 may allow any user to read the config.php file.","",""
"001144","3233","3","/phpBB/phpinfo.php","GET","PHP Version","","","","","phpBBmod contains an enhanced version of the phpinfo.php script. This should be removed as it contains detailed system information.","",""
"001145","3233","3","/phpinfo.php","GET","PHP Version","","","","","Contains PHP configuration information","",""
"001146","3233","3","/phpinfo.php3","GET","PHP Version","","","","","Contains PHP configuration information","",""
"001147","0","3","/pmlite.php","GET","200","","","","","A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details."," ",""
"001148","0","3","/session/admnlogin","GET","200","Error Occurred","","","","SessionServlet Output, has session cookie info.","",""
"001149","6560","3","/settings/site.ini","GET","DatabaseSettings","","","","","eZ publish v3 and prior allow site setup code to be viewed remotely.","",""
"001150","613","3","/SiteScope/htdocs/SiteScope.html","GET","200","","","","","The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.","",""
"001151","0","3","/soapdocs/ReleaseNotes.html","GET","Oracle SOAP","","","","","Default Oracle SOAP documentation found.","",""
"001152","0","3","/ssdefs/siteseed.dtd","GET","imagesDir=\"","","","","","Siteseed pre 1.4.2 has 'major' security problems, and this dtd file reveals the web root.","",""
"001153","0","35","/servlet/allaire.jrun.ssi.SSIFilter","GET","200","Error Occurred","","","","Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.","",""
"001154","2881","3a","/pp.php?action=login","GET","200","","","","","Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.","",""
"001155","0","6","/isapi/count.pl?","GET","200","","","","","AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.","",""
"001156","0","7","/krysalis/","GET","200","","","","","Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot","",""
"001157","0","8","/logjam/showhits.php","GET","200","","","","","Logjam may possibly allow remote command execution via showhits.php page.","",""
"001158","0","8","/manual.php","GET","200","","","","","Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.","",""
"001159","16748","8","/mods/apage/apage.cgi?f=file.htm.|id|","GET","uid=0","","","","","WebAPP Apage.CGI remote command execution. BID-13637","",""
"001160","0","8","/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","",""
"001161","0","8","/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","",""
"001162","0","8","/perl/-e%20%22system('cat%20/etc/passwd');\%22","GET","root:","","","","","The installed Perl interpreter allows any command to be executed remotely.","",""
"001163","0","8","/phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","",""
"001164","0","8","/phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","",""
"001165","0","8","/Program%20Files/","GET","WindowsUpdate","","","","","This check (B) uses the blue test (A) for possible exploit. see http://www.badblue.com/down.htm.","",""
"001166","14329","8","/smssend.php","GET","200","","","","","PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php","",""
"001167","0","8a","/pls/simpledad/admin_/dadentries.htm","GET","Add Database Access","","","","","Oracle admin script allows modification of database information.","",""
"001168","0","a","/Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000","POST","Login as Admin successful","","","","","Meridian Integrated Recorded Announcer default account admin/admin000 enabled","",""
"001169","113","a","/ncl_items.html","GET","200","","","","","This may allow attackers to reconfigure your Tektronix printer.","",""
"001170","551","a","/ncl_items.shtml?SUBJECT=1","GET","200","","","","","This may allow attackers to reconfigure your Tektronix printer.","",""
"001171","0","a","/photo/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more.","",""
"001172","0","a","/photodata/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more.","",""
"001174","5374","a","/pub/english.cgi?op=rmail","GET","200","","","","","BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.","",""
"001175","0","a","/pvote/ch_info.php?newpass=password&confirm=password%20","GET","200","","","","","PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.","",""
"001176","240","a","/scripts/wsisa.dll/WService=anything?WSMadmin","GET","200","","","","","Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.","",""
"001177","3092","a","/SetSecurity.shm","GET","200","","","","","Cisco System's My Access for Wireless. This resource should be password protected.","",""
"001178","3126","a","/submit?setoption=q&option=allowed_ips&value=255.255.255.255","GET","200","","","","","MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.","",""
"001179","2225","a","/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin","GET","200","","","","","paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.","",""
"001180","817","ab","/servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&","GET","server\.javawebserver\.serviceAdmin","","","","","The Sun JavaServer has the default admin/admin account enabled. Change the password or disable the server if it is not needed.","",""
"001181","3092","b","/shopadmin.asp","GET","200","","","","","VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.","",""
"001182","3848","c","/modsecurity.php?inc_prefix=@RFIURL","GET","PHP Version","","","","","This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/","",""
"001183","4268","c","/phpBB2/includes/db.php?phpbb_root_path=@RFIURL","GET","PHP Version","","","","","Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running.","",""
"001184","6662","4","/","GET","

Spring Boot - how to configure port

Looking for way how to configure port in Spring boot app:
@Controller
@EnableAutoConfiguration
public class SampleController {

    @RequestMapping("/")
    @ResponseBody
    String home() {
        return "Hello World!";
    }

    public static void main(String[] args) throws Exception {
        SpringApplication.run(SampleController.class, args);
    }
}
either set server.port as system property using command line option to jvm --server.port=8090or add application.properties in /src/main/resources/ with
server.port = 8090
For random port use
server.port=0
6
When random port is used, port info can get with @Value("${local.server.port}") – azizunsal Jul 23 '15 at 12:46
14
Actually command line option is --server.port=8090 not -Dserver.port=8090. docs.spring.io/spring-boot/docs/current/reference/html/… – alpert Aug 19 '15 at 6:39
1
As a compliment to this answer: According to the spring docs there are other paths you can put application.properties on. In my case that helped a lot. – sargas Oct 2 '15 at 19:37 
8
-Dserver.port=XXXX did not work for me. I used OS environment variable mode: $ SERVER_PORT=8090 java -jar  – Soumya Kanti Oct 8 '15 at 7:38 
  
It is also worth noting that once you so this it will only matter locally. Once you deploy this application on a server `server.port = 8080 will be ignored. – Drew1208 Apr 26 '16 at 17:28
https://stackoverflow.com/questions/21083170/spring-boot-how-to-configure-port

Cielo e terra (duet with Dante Thomas)