-
Posts
939 -
Joined
-
Last visited
-
Days Won
3
Posts posted by dil_bert
-
-
hello dear community,
topic today: arbitrary file upload :: is this a vulnerability in WordPress
just recognized some folders in a freshly wordpress-installationsee the following:
wp-contents/uploads/ /2016/ /2017/ /2018/ /2019/
NOTE. THE SITE WAS INSTALLED freshliy IN summer 2019
i have had no installation before..
so what happend here ...!?`btw found some interesting reading on the net
well that looks interesting Arbitrary file upload vulnerability in WordPress User Submitted Posts .... curl http://example.com/wp-content/uploads/2019/04/script.php.gif ...</blockquote>https://www.pluginvulnerabilities.com/2018/01/29/arbitrary-file-upload-vulnerability-in-wordpress-forms/Quote
The function that handles that, process_submition(), will save submitted files to the directory for the current year/month in the directory /wp-content/uploads/ with the following code:362
363
$upload_dir = wp_upload_dir();
move_uploaded_file( $_FILES[$key]['tmp_name'], $upload_dir['path'] . '/' . $_FILES[$key]['name'] );
The code does try to restrict .php files from being uploaded with the following code:358
359
if ( $_FILES[$key]['type'] == 'application/octet-stream' or $_FILES[$key]['type'] == 'application/x-httpd-php' )
wp_die( "Error: For security reasons you can't upload application files!" );
That code isn’t effective because the “type” value it checks is user specified, so a .php file could be uploaded with the type specified as something else and it will pass that check.While this type of vulnerability is fairly likely to be exploited if hackers are aware of it, in the case of the website we were cleaning, the plugin was deactivated, so the vulnerability could not have been exploited.
question - is this anything serious that i have found!?
-
dear experts
java jre 32 bit for win - where to download this?
i allread have
a googled it
b. have had a closer look at the java and oracle page EG here
https://www.oracle.com/technetwork/java/javase/jre-install-137694.htmlcan you give me some hints!?
look forward to hear from you -
hello dear experts,
Parallax effect involves a web page’s background moving at a slower rate than the foreground. This creates an illusion of depth to the page, giving the content a 3D effect as viewers scroll down. The majority of premium WordPress themes now come with built-in parallax effect on their homepage. Even the free WordPress default theme Twenty Seventeen comes with a parallax feature.What Are the Benefits of Using a Parallax Effect? There are a number of benefits to using a parallax effect on your WordPress website. The first, and most obvious, is the visual aspect of
a parallax effect. A parallax effect is aesthetically pleasing, giving your website a fresh, stylish and modern look and feel. This wow effect can make your content really pop, and creates an exciting and interesting browser experience.The issue: I’m using the Twenty Seventeen theme in WordPress (the newest version) with a static front page with 4 additional sections. On the very top part - at the top of the page, as you scroll down, the logo of the page, and the site name, and tagline scroll up over the opening image appears.
What is visible: There’s a clear background to the logo, title, tagline group, so the background image shows through very good. The behavior of the site: As you scroll down further, the 2nd image of the page comes into view, and it’s completely displayed when the 1st image of the page has scrolled off the screen and the menu is now at the top. Continue scrolling and the text of the next section scrolls up, covering over the 2nd image.
but wait: However, this text has a white ( at least in my personal case) background and the image does NOT show through.
Why is this so: This is the same behavior for the remaining image/text pairs.
What is aimed: What I want to know how to do is make the background on those text sections clear, like in the topmost section of the whole page. I’ve seen how their color can be changed, but not how it can be made to be transparent.
well i have read lots of postings here - but i found no answer untill now-...
Any help would be greatly appreciated. -
hi there currently planing the creation of a subomain on apache
can i do the following in a internal net vHosts with vhost
with the apache module "mod_proxy"
Code:
NameVirtualHost *:80 <VirtualHost *:80> ServerName server01.network DocumentRoot /home/webmaster/htdocs </VirtualHost> <VirtualHost *:80> ServerName subdom.server01.network ProxyPass / http://127.0.0.1:10000/ ProxyPassReverse / http://127.0.0.1:10000/ </VirtualHost> LoadModule proxy_module /usr/lib/apache2-prefork/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2-prefork/mod_proxy_http.so
whilst sudbomain is running on Port 10000 ,,,,
any ideas !?
-
hello dear community, good day,
I've been having an issue trying to parse text in a span cass with DOM. Here is my code example. try to extract some lines out of a webpage - with following technique: with the Extraction of values of attributes of elements with DOMDocument. Here is what i have gathered and learned:
$remote = "http://website.com/"; $doc = new DOMDocument(); @$doc->loadHTMLFile($remote); $xpath = new DOMXpath($doc); $node = $xpath->query('//span[@class="user"]'); echo $node;
and this returns the following
error -> "Catchable fatal error: Object of class DOMNodeList could not be converted to string".
And now - with this i need help.
What I am trying to do is parse the user name between this tag;
<div class="widget plugin-meta"> <h3 class="screen-reader-text">Meta</h3>
see more below:Here the concrete example view-source: https://wordpress.org/plugins/participants-database/ and https://wordpress.org/plugins/participants-database/
goal i need the following data:
Version: Last updated: Active installations: Tested up:
view-source: https://wordpress.org/plugins/participants-database/
Proceedings; i checked the source of the webpage. i tried to find out whether the texte is related to some kind of pattern.i have looked closely and found that all of them have
class=”widget plugin-meta”
. Well - This will make extracting them, a piece of cake. I tried with the code below helps to filter html elements based on values of attributes.
but unfortunatley this ends up in a bad result; i need a helping hand and need to know how to parse the above mentioned data
Again; the goal: i need the following data:QuoteVersion:
Last updated:
Active installations:
Tested up:
Any idea for the starting-point!? I love to hear from you.
-
dear community
What if I want to forward example.net to example.net
What does the visitor see?
As a site?
What does the adress bar display?
Is it possible to do a forwarding that shows the domain name example.com in the adress bar, and that it shows the content of example.net?
Which solutions do fit here:
can i use Apache-directives!?
Look forward to hear from you
-
hi there -
many thanks dear requinix - great to hear from you.
the above mentioned example is only a little (and trivial) one - see below the more realistic one.
+-------------------------+ +------------------------------------------+ | vvloremipsumcallemadridlor | | loremipsumcallemadridlor| | loremipsumcallema | +---------------------------------------+ +----------+--------------+ +------------------------------------------+ | +-+--------------------+ +--------------------------------------+ | loremipsumcallemad | | Bloremipsumcallema | | | | | +----------------------+ +--------------------------------------+ +-------------------------------+ +------------------------------------------+ | loremipsumcallemadridl | | loremipsumcallemadridlor | | | | | +-------------------------------+ +------------------------------------------+ +-----------------------------------+ | loremipsumcallemadridlor | | | +-----------------------------------+ +----------------------------------+ |loremipsumcallemadridlo | | | +----------------------------------+ +------------------------------------+ | loremipsumcallemadrid | | | +------------------------------------+
so - again how to achieve a extension of such a ascii-art example!?
love to hear from you
-
1 hour ago, requinix said:
Yes and potentially yes.
hello dear Requinix
many thanks for the quick reply glad to hear from you .
well - i encountered this on a site which is a beta-beta-beta site: but i am willing to fulfill all the GDPR-things. So i have to take care of the correct way and that Transportencryption (https) is working propperly.
And i am pretty sure requinix that you are right - in every sight!
I can say that I can't imagine there are many users that would willingly enter any account credentials on an unencrypted page at this point in time.
btw: as for some fixes in that sort of thing: can we fix the https (there are free certificates one can use like zerossl.com/free-ssl/ for example) and furthermore - what about to look into a simple free gdpr/cookie consent script like eg here www.freeprivacypolicy.com/cookie-consent/ above all: i will make sure that the GDBR authorities will be able to go even on my small website that for any reason - if they are interested in GDBR-Things. like- logging user data (like requiring visitors to login,
- or any kind of cookie tracking).
Above all: many thanks dear requinix for the reply. I will take care - and above all - i will set up the whole server new.. so that all of these things will be correct.
regards ;)
-
hello dear php-experts,
what if my (wordpress-) website has no Transportencryption (https) working.
in other words is it so that in this case i am transmitting credentials unencrypted through the wire!?
does this affect any law or gdpr issue (law)?!
Love to hear from you
-
dear community,
i have creaed the ascii-data with the the tool here http://asciiflow.com/ - well so far so good.
what if i want to add a block in the row ( just on the fly ) in notepad, Is this possible!? Can this be done with Notepad!?
+-------------+ +-------------+ +--------------- +-----------------+ +----------------+ +----------------+ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +-------------+ +-------------+ +---------------+ +-----------------+ +----------------+ +----------------+ [/CODE]
+-------------+ +-------------+ +--------------- +-----------------+ +----------------+ +----------------+ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +-------------+ +-------------+ +---------------+ +-----------------+ +----------------+ +----------------+ [/CODE]
look forward to hear from you
regards
-
hello dear experts good day dear PHP-Freaks
the question today is: VScode vs VScodium on Debian - which one to use!? i want to work with VSCode on Debian - now i have heard that there also a alternative Kit exists.
vscodium - i want to configure this to work with Python and MicroPython - and of course also with PHP.what do you say - can we install this on Debian too - without any hassle?
We have covered Visual Studio Code before so you must know how much of an awesome code editor it is.
While VS Code is open source freeware, its source code is only available on Microsoft’s official GitHub repo and its downloads are licensed under a closed source license which contains telemetry so you’ll be happy with the app we have for you today. VSCodium is a tracking-free, free and open source build of Microsoft’s Visual Studio Code created so that developers will not have to build VS Code from source which contains telemetry/trackers. This fit is accomplished by using special scripts to clone the vscode repo, build it from source, and then upload the resulting binaries to VSCodium’s GitHub releases free of telemetry passes. With that being said, VSCodium is a replica of Visual Studio Code and thus, works in the same way with all the features and support present in its parent project. Except for the app icon – that’s different.Features in VSCodium
Free to use
Cross-Platform: Available on Windows, GNU/Linux, and Mac.
Open source with source code available on GitHub.
Native support for several languages.
Additional functionality using extensions.
IntelliSense and smart code completion.
An advanced and robust built-in debugger.
Native support for Git.cf: https://www.fossmint.com/vscodium-clone-of-visual-studio-code-for-linux/
so the question is: VScode vs VScodium on Debian - which one to use!?
what do you say!?
love to hear from you
-
hello dear experts,
i have - installed MX-Linux on a notebook.
the question of the day: how to actualize all tize all the installed packages in the MX-Paket-installer!? at once!?
- installed approx 4000 Packgages
- 190 of them could be actualized
question: how can we do a update /& actualization of all of them - at once:
in other words: how to actualize all tize all the installed packages in the MX-Paket-installer!?
love to hear from you -
hi dear Barand
as allways - i am happy to hear from you - okay why Pyhton is interesting to me. I guess that there are many many ideas & things to mention here. I like Python for its cristal clear structure and the options of doing rapid prototyping.
For the web - i love PHP and MySQL
but for things like programming Microcontroller like ESP8266 and ESP32 ... i love using MicroPython.
to reccommend the pthon-forum - this is a good idea . thanks for that.
Above all: i am very very glad to be here - since this site has got such a broad variety of topics that are covered
in other words: here a broad range of topics were discussed and we re able to exchange ideas, tipps and knowledge in so many fields. This is a extraordinary place.
i am really happy to be here.
keep up the great work - it rocks - and a specal thanks to you dear Barand for all your engagement and your encouraging in so many ways and times ..
i am so glad to be here.
regards
Dil_bert;)
-
hi @ all - good day dear friends,
well - here some more findings: ideas and tipps for the setup of VSCode on MXlinux.
some additional ideas regarding the powerful editor VSCode that i want to make ready to run with Python -(and MicroPython)
why do we need a virtual environment in the Python development with VSCode
how to make Python work well in the VSCode-editor.VS Code it is a powerful multi-language editor that is pretty similar to Atom and also to Sublime Text. To make it work with Python we have to enter some settings: we should make sure that python and pip work from our command line, before we start the installation-process. This has got a great impact on the following steps: In fact it will make the setup in editor and stuff like the setting and configurinig of the very important virtual environment alot easier.
here i rely on a great thread - found on the pyhon-developer-page: https://python-forum.io/Thread-VS-Code-from-start?highlight=VSCode
many thanks @snippsat: for the great hints he gave to us all
Python 3.6/3.7 and pip installation under WindowsC:\code λ python -V Python 3.7.0 C:\code λ pip -V pip 18.0 from c:\python37\lib\site-packages\pip (python 3.7) Linux if python3 point to Python 3 use that in setup later.
We need that because with a a virtual environment we are able to Start VS Code literally from any folder on the whole machine,
eg for a virtual environment
With code . from command line in any folder will open files in that folder in VS Code.
Example with virtual environment that build into Python venv# Make E:\div_code λ python -m venv my_env # cd in E:\div_code λ cd my_env # Activate E:\div_code\my_env λ E:\div_code\my_env\Scripts\Activate # Test pip (my_env) E:\div_code\my_env λ pip -V pip 10.0.1 from e:\div_code\my_env\lib\site-packages\pip (python 3.7 # Install required package (my_env) E:\div_code\my_env λ pip install requests Collecting requests
to start the VS-Code:
# Start VS Code (my_env) E:\div_code\my_env λ code .
so now we have a setting that is very powerful:
it automatically find Python interpreter in virtual environment.
So if we push run button it will use Python version in the so called virtual environment.again': here i rely on a great thread - found on the pyhon-developer-page: https://python-forum.io/Thread-VS-Code-from-start?highlight=VSCode
one question: this was a setup and configuration-text that is based on windows
Well i want to run VSCode in MX-Linux - which is debian based. Guess that i can give it a try
and i can install VSCode on the MX-Linux.
conclusio; i will give it a try and come back here and report all the findings.
regards dil_bert -
hello again;)
hello dear phpfreaks - again me - dil_bert:
there were many options to rin VSCode under Linux. But what about the very intersting MX-Linux!?
i would love to hear from you - what are your experiences and what were your steps.
Which extensions do you use - and how do you manage to prepare VSCode to work with
a. PYthon
b. MicroPython
here we need certain plugins and extensions - here we have to set up the environment.
How do we do that!? -
Installing the Visual Studio Code on Linux - how to do that!?
the well known open source code editor Visual Studio Code is becoming more and more well known.
the question is: how to install Visual Studio Code in Ubuntu and - even more interesting in many other Linux distributions. Ubuntu is not the only Linux-system it is only a very very little part of the linux world. by releasing Visual Studio Code for all major desktop platforms that includes Linux as well the Coding Community was enlighted and yes: they are very happy.. The Visual Code became more and more famous - and during the time one of the best open source code editors.To sume up: The feature it provides are useful not only to web developers but for other languages too.
I am not going to list the features of Visual Studio Code here.
Zhe question is: how to install Visual Studio Code on Ubuntu and other Linux distributions.
the idea 1. Install Visual Studio Code in Linux using Snap
visual Studio Code is available as a Snap package. theUbuntu users can find it in the Software Center itself and install it in a couple of clicks.Visual Studio Code in Ubuntu Software Center - but again: ubuntu is not the only linux - only one of many many distributions. The Idea of using snap is somewhat strange. Snap packaging means you can install it in any Linux distribution that supports Snap packages. Make sure to enable Snap support on your Linux distribution. if we are on a certain linux-system then we can then install VS Code using this command:
sudo snap install code --classic
idea 2. Using the .deb/.rpm installation files: the good thing: the developer of the VSCode provides packages to install Visual Studio Code in Linux.
To go this way seems to be pretty easy:Just head over to the download page of Visual Studio Code and you’ll find the .deb and .rpm files (for Fedora systems)
options under Linux. But what about the very intersting MX-Linux!? -
On 10/3/2019 at 2:19 PM, Barand said:
Alternatively you can use the "@@" prefix for system variables E.G.
mysql> select user(), @@hostname, @@port; +----------------+-----------------+--------+ | user() | @@hostname | @@port | +----------------+-----------------+--------+ | root@localhost | DESKTOP-DCGAC4S | 3306 | +----------------+-----------------+--------+
hello dear Baraqnd
many many thanks for the quick answer - and the idea - that sounds very interesting.
regards
-
If we want to know the hostname of the Mysql-database - then we can use this following query in the terminal resp. the
MySQL Command line-terminal:we can run the following command in the terminal:
SHOW VARIABLES WHERE Variable_name = 'hostname'; mysql> SHOW VARIABLES WHERE Variable_name = 'hostname'; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | hostname | Dell | +-------------------+-------+ 11 row in set (0.00 sec)
It will give us all the hostname-data for mysql.
and furthermore : if we want to get more - if we want to know the username of our Mysql then we can run more commands to get these data;
We can run this query on MySQL Command line client --
select user(); mysql> select user(); +----------------+ | user() | +----------------+ | root@localhost | +----------------+ 1 row in set (0.00 sec)
It will give us the username for mysql.
but if we want to get more data the n eg - if we want to know the port number of the local host on which Mysql is running
we can find out thhis with the following command,.SHOW VARIABLES WHERE Variable_name = 'port'; mysql> SHOW VARIABLES WHERE Variable_name = 'port'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | port | 3306 | +---------------+-------+ 1 row in set (0.00 sec)
this command is very vers intersting: It will give us the port number on which MySQL is running.
but i have some questions - If a installation attempt can't find my socket file, or if we have multiple MySQL servers running on our computer,
we must enter the location of the socket file.this means wee have to see Where are the MySQL's Files? for common socket file locations.
sometimes we can try using localhost instead of 127.0.0.1. MySQL treats the hostname localhost specially.
well the question is - where do i need to add the socketpath - and where do i need to enter #"localhost" - or 127.0.0.1.
love to hear from you
-
i can do some tests with a spimple test the connection script :
<?php
if(function_exists('mysqli_connect')){
if(!($link = mysqli_connect('localhost','username','password','my_db'))){
die('could not connect: ' . mysqli_error($link));
}
} else {
die("don't have mysqli");
}
echo 'connect successfully';
mysqli_close($link);[/CODE] -
here some more findings: : the folks / and user that face the same issue with the mentioned survey script as i do - they have posted some ideas and findings - food for thought:klaus said: I run LimeSurvey on Linux for a few years now. After a reboot, probably an update, lime does not start anymore. I get the error
CDbConnection failed to open the DB connection: SQLSTATE[HY000] [2002] No such file or directory
Following my research I looked for the connectionstring in the config.php and found:'connectionString' => 'mysql:unix_socket=/usr/local/LimeSurvey/var/LimeSurvey_mysqld.sock;dbname=limesurvey;',
So I looked for the/usr/local/LimeSurvey/var/LimeSurvey_mysqld.sock
file but it was not there. Further research results: change the connectionString to:
...change the connectionString to:'connectionString' => 'mysql:host=127.0.0.1;unix_socket=/usr/local/LimeSurvey/var/LimeSurvey_mysqld.sock;dbname=limesurvey;',
and this following idea:Try 'connectionString' =>'mysql:host=localhost;port=3306;dbname=limesurvey;',
Are you sure DB still active mysql are on the same server?
I was able to fix it. The error showed that /tmp/mysql.sock was missing so I created a symbolic link with this command.
ln -s /usr/local/lib/mysql.sock /tmp/mysql.sock
see the tread for more infos: https://www.limesurvey.org/forum/installation-a-update-issues/108028-cdbconnection-failed-to-open-the-db-connection-sqlstate-hy000-2002
conclusio: do you think that i have to do some corrections in the paths and the paths to socket!?
i try to figure out what goes on here ...any idea how to check things !? Look forward to hear from you
-
again me- here some more infos:
running a server and yes mysql is installed.
running PHP Version 5.6.39
mysqlnd 5.0.11-dev - 20120503mysqli.default_host localhost localhost mysqli.default_port 3306 3306 mysqli.default_pw no value no value mysqli.default_socket /var/run/mysql/mysql.sock /var/run/mysql/mysql.sock
hmmm - i currently wonder why it does not work
any idea how to check things !? Look forward to hear from you +
regards -
good day dear php-experts,
todays issue: could not connect to the db: reason : SQLSTATE[HY000] [2002] No such file or directory
while i try to install a script on a server i get back the following error
cannot connect to the db :: just try again reason: SQLSTATE[HY000] [2002] No such file or directory
i tried it several times - but without any success;: i googled the error
Quick test (run in shell):
php -r "new PDO('mysql:hostname=localhost;dbname=test', 'username', 'password');" SQLSTATE[HY000] [2002] No such file or directory means php cannot find the mysql.default_socket file. Fix it by modifying php.ini file. On Mac it is mysql.default_socket = /tmp/mysql.sock (See PHP - MySQL connection not working: 2002 No such file or directory) SQLSTATE[HY000] [1044] Access denied for user 'username'@'localhost' CONGRATULATION! You have the correct mysql.default_socket setting now. Fix your dbname/username/password. Also see Error on creating connection to PDO in PHP
and the following ideas:
You need to change host from localhost to 127.0.0.1
Laravel 4: In your app/config/database.php try changing host from localhost to 127.0.0.1
Laravel 5: In the .env file, change DB_HOST from localhost to 127.0.0.1
Source: PDOException SQLSTATE[HY000] [2002] No such file or directory
shareeditflag
see more here
well all the trials faied so far
-
good day
i am interested in limesurvey
experience with the installation and hostinig the survey-script limesurvey?!
does someone have experience with the installation and hostinig the survey-script limesurvey?!
love to hear from you
-
hi there finally installed the ide and now it is running
downloaded the firmware for micropython from the micropython site.
tried to flash it - bit this is not possible. see the images that i have attached...
well - run on MX-Linux - but at the moment i have not glue what is going on here...
love to hear from you
issues in WP-parallax-theme Twenty Seventeen the free parallax theme
in Applications
Posted
hello dear Barand
many thanks for the reply and the sharing of ideas and insights. I am glad to be here at this place.
Again - many thanks
have a great day.