Latest Entries »

Pagina Vulnerable

Como es de suponer, la página national-lottery.co.uk es una de las páginas que más visitas tiene en Inglaterra, y según comentan en la noticia un fallo de seguridad en uno de los parámetros que se pasan en la petición permite el acceso a la base de datos

 

Codigo Sistema Movil

import java.io.*;
import javax.microedition.midlet.*;
import javax.microedition.lcdui.*;
import javax.microedition.rms.*;

/**
 * @author Alonso Tukuch Cab
 */
public class Clientes extends MIDlet implements CommandListener {
    static final String BD = “datos”;
    Cliente c = new Cliente();

    private Display pantalla;
////////////////////////////////////////////
    private Form frmAgregar;
    private Command cmdGuardar;
    private Command cmdCancelar;
    private TextField nombre;
    private TextField descuento;
////////////////////////////////////////////
    private Form frmEliminar;
    private Command cmdEliminar;
    private TextField nombre2;
////////////////////////////////////////////
    private Form frmBuscar;
    private Command cmdBuscar;
    private TextField nombre3;
////////////////////////////////////////////
    private Form frmResultados;
    private int itemResultados;
////////////////////////////////////////////
    private List elmenu;
    private Command cmdSalir;
    private Command cmdSeleccionar;
////////////////////////////////////////////
    private Alert acercade;
    private Command cmdRegresar;
////////////////////////////////////////////
    private Form frmMoneda;
    private Command cmdCambiar;
    private Command cmdCancel;
    private TextField tipo;
    private TextField cambio;
    private TextField cantidad;
    private TextField resultado;
////////////////////////////////////////////
    public Clientes() {

            //————————-
            //     Prepara Display
            //————————-
            pantalla = Display.getDisplay(this);

            //——————————-
            //     Prepara Base de Datos
            //——————————-
            RecordStore rs = null;
             try
             {
                    RecordStore.deleteRecordStore(BD);
             }
             catch( Exception e){}
     try
     {
         rs = RecordStore.openRecordStore(BD, true);
         rs.closeRecordStore();
      }
      catch(RecordStoreException e)
      {
             System.out.println( e );
       }

            //————————
            //     Menu Principal
            //————————
            String opciones[] = {“Añadir”,”Eliminar”,”Buscar”, “Calcular Cambio”,”Acerca de…”};
            Image figuras[] = new Image[5];
            try
            {
                figuras[0] = Image.createImage(“/nuevo.png”);
                figuras[1] = Image.createImage(“/borrar.png”);
                figuras[2] = Image.createImage(“/buscar.png”);
                figuras[3] = Image.createImage(“/cambio.png”);
                figuras[4] = Image.createImage(“/acercade.png”);

            }
            catch(Exception e){}
            cmdSeleccionar = new Command(“Seleccionar”, Command.ITEM,1);
            cmdSalir = new Command(“Salir”, Command.EXIT,1);
            elmenu = new List(“Sistema Movil”, Choice.IMPLICIT,opciones,figuras);
            elmenu.setSelectCommand(cmdSeleccionar);
            elmenu.addCommand(cmdSalir);
            elmenu.setCommandListener(this);

            //—————-
            //    Añadir
            //—————-
          cmdGuardar = new Command(“Guardar”,Command.OK,2);
        cmdCancelar = new Command(“Cancelar”, Command.BACK,2);
        frmAgregar = new Form(“Añadir Moneda”);
        nombre = new TextField(“Nombre:”,””,30,TextField.ANY);
        descuento = new TextField(“Cantidad:”,””,4,TextField.NUMERIC);
        frmAgregar.append(nombre);
        frmAgregar.append(descuento);
        frmAgregar.addCommand(cmdGuardar);
        frmAgregar.addCommand(cmdCancelar);
        frmAgregar.setCommandListener(this);

            //———————-
            //      Eliminar
            //
            cmdEliminar = new Command(“Eliminar”, Command.OK,2);
            frmEliminar = new Form(“Eliminar Moneda”);
            nombre2 = new TextField(“Nombre”,””,20, TextField.ANY);
            frmEliminar.append(nombre2);
            frmEliminar.addCommand(cmdEliminar);
            frmEliminar.addCommand(cmdCancelar);
            frmEliminar.setCommandListener(this);

            //———————
            //      Buscar
            //———————
            cmdBuscar = new Command(“Buscar”, Command.OK,2);
            frmBuscar = new Form(“Buscar Moneda”);
            nombre3 = new TextField(“Nombre:”,””,20, TextField.ANY);
            frmBuscar.append(nombre3);
            frmBuscar.addCommand(cmdBuscar);
            frmBuscar.addCommand(cmdCancelar);
            frmBuscar.setCommandListener(this);

            //—————————————-
            //      Resultados de la Busqueda
            //—————————————-
            cmdRegresar = new Command(“OK”,Command.BACK,1);
            frmResultados = new Form(“Resultados”);
            itemResultados = frmResultados.append(“Resultados”);
            frmResultados.addCommand(cmdRegresar);
            frmResultados.setCommandListener(this);

            //—————————-
            //      Cambio de Moneda
            //—————————-
            cmdCambiar = new Command(“Calcular”, Command.OK,2);
            cmdCancel = new Command(“Cancelar”, Command.BACK,2);
            frmMoneda = new Form(“Calcular Cambio de Moneda”);
            tipo = new TextField(“Moneda:”,””,5, TextField.ANY);
            cambio = new TextField(“Moneda de cambio:”,””,5, TextField.ANY);
            cantidad = new TextField(“Cantidad:”,””,10, TextField.NUMERIC);
            resultado = new TextField(“Resultado:”,””,17, TextField.ANY);
            frmMoneda.append(tipo);
            frmMoneda.append(cantidad);
            frmMoneda.append(resultado);
            frmMoneda.addCommand(cmdCambiar);
            frmMoneda.addCommand(cmdCancel);

            frmMoneda.setCommandListener(this);

            //——————————-
            //       Acerca de….
            //——————————-
            acercade = new Alert(“Ke onda Men ya la hizizte”);
            acercade.setTimeout(Alert.FOREVER);
            String creditos = “Creador: \n Alonso Tukuch Cab”;

            if (pantalla.numColors() > 2)
            {
                String icon = (pantalla.isColor()) ?”/JavaPowered-8.png”: “/JavaPowered-2.png”;
                try
                {
                        Image image = Image.createImage(icon);
                                acercade.setImage(image);
                }
                catch (java.io.IOException x){}
                }
                acercade.setString(creditos);
                acercade.addCommand(cmdRegresar);
                acercade.setCommandListener(this);
    }

    public void startApp() {
       pantalla.setCurrent(elmenu);
    }

    public void pauseApp() {
    }

    public void destroyApp(boolean unconditional) {
    }
    public void commandAction(Command c, Displayable s){
            switch(c.getCommandType())
            {
                case Command.ITEM:
                        switch(elmenu.getSelectedIndex())
                        {
                            case 0: //añadir
                                    pantalla.setCurrent(frmAgregar);
                                    break;
                            case 1: //eliminar
                                    pantalla.setCurrent(frmEliminar);
                                    break;
                            case 2: //busqueda
                                    pantalla.setCurrent(frmBuscar);
                                    break;
                            case 3: //cambio de moneda…
                                    pantalla.setCurrent(frmMoneda);
                                    break;

                            case 4: //acerca de…
                                    pantalla.setCurrent(acercade);
                                    break;
                        }
                        break;
                case Command.EXIT:
                        destroyApp(false);
                        notifyDestroyed();
                        break;
                case Command.BACK:
                        pantalla.setCurrent(elmenu);
                        limpiar();
                        break;
                case Command.OK:
                        if (c == cmdGuardar)
                        {
                                this.c.nombre = nombre.getString();
                                this.c.descuento = Long.parseLong(descuento.getString());
                                this.c.agregar();
                                    limpiar();
                                    pantalla.setCurrent(elmenu);
                        }
                        else if ( c == cmdEliminar)
                        {
                          this.c.nombre = nombre2.getString();
                          frmResultados.delete(itemResultados);
                          itemResultados = frmResultados.append(this.c.eliminar());
                          limpiar();
                           pantalla.setCurrent(frmResultados);
                        }
                        else if ( c == cmdBuscar)
                        {
                          this.c.nombre = nombre3.getString();
                          frmResultados.delete(itemResultados);
                          itemResultados = frmResultados.append(this.c.buscar());
                          limpiar();
                           pantalla.setCurrent(frmResultados);
                        }
//////////////////
                        else if (c == cmdCambiar)
                        {
                                this.c.tipo = tipo.getString();
                                this.c.cantidad = Long.parseLong(cantidad.getString());
                                this.c.cambiar();

                                long resul=1;
                                String relulstr =””;
                                    if (tipo.getString().equals(“Dolar”)||tipo.getString().equals(“Dolar”))
                                    {
                                      resul=  Long.parseLong(cantidad.getString())*13;
                                     relulstr=   String.valueOf(resul);
                                      resultado.setString(relulstr);
                                    }
                         else if (tipo.getString().equals(“euro”) || tipo.getString().equals(“Euro”))
                                    {
                                      resul=  Long.parseLong(cantidad.getString())*16;

                                      resultado.setString(String.valueOf(resul));
                                    }
                         else if (tipo.getString().equals(“yen”) || tipo.getString().equals(“Yen”))
                                    {
                                      resul=  Long.parseLong(cantidad.getString())*2;

                                      resultado.setString(String.valueOf(resul));
                                    }
                         else{
                                        resultado.setString(String.valueOf(“No se encontro tipo de moneda”));

                                    }
                                    pantalla.setCurrent(frmMoneda);
                        }
                        break;
                  }
            }
            void limpiar()
    {
                nombre.setString(“”);
                nombre2.setString(“”);
                nombre3.setString(“”);
                descuento.setString(“”);
                tipo.setString(“”);
                cantidad.setString(“”);
                resultado.setString(“”);
            }
//          class Cliente
    class Cliente
    {
        public String clave;
        public String nombre;
        public String tipo;
        private long descuento;
        private long cantidad;

        public void agregar()
        {
                RecordStore rs = null;
                try
                {
                    rs = RecordStore.openRecordStore(BD, false);
                    RecordEnumeration registros = rs.enumerateRecords(null, null, false);

                    ByteArrayOutputStream baos = new ByteArrayOutputStream();
                    DataOutputStream os = new DataOutputStream(baos);
                    try
                    {
                        os.writeUTF(nombre);
                        os.writeLong(descuento);
                        os.flush();
                    }
                    catch (IOException ioe){}

                    byte[] b = baos.toByteArray();
                            try
                            {
                         rs.addRecord(b, 0, b.length);
                    }
                    catch (RecordStoreException rse){}

                    rs.closeRecordStore();
            }
            catch ( RecordStoreException e){}
            }
            public String eliminar()
        {
                int indice;
                RecordStore rs = null;
                String texto = “No se encontro el Registro”;
                try
                {
                    rs = RecordStore.openRecordStore(BD, false);
                    RecordEnumeration registros = rs.enumerateRecords(null, null, false);

                    while (registros.hasNextElement())
                    {
                        indice = registros.nextRecordId();
                        try
                        {
                            ByteArrayInputStream bais = new ByteArrayInputStream(rs.getRecord(indice));
                            DataInputStream is = new DataInputStream(bais);
                            try
                            {
                                clave = is.readUTF();
                            }
                            catch (EOFException eofe) {}
                            catch (IOException ioe){}
                            if (clave.equals(this.nombre))
                            {
                                try
                                        {
                                                rs.deleteRecord(indice);
                                                texto = “El registro “+indice+” ha sido eliminado”;
                                            }
                                            catch(InvalidRecordIDException e){}
                            }
                        }
                        catch (RecordStoreException e){}
                    }
                        rs.closeRecordStore();
                }
                catch (RecordStoreException e){}
                return texto;
                }

            public void cambiar()
        {
                RecordStore rs = null;
                try
                {
                    rs = RecordStore.openRecordStore(BD, false);
                    RecordEnumeration registros = rs.enumerateRecords(null, null, false);

                    ByteArrayOutputStream baos = new ByteArrayOutputStream();
                    DataOutputStream os = new DataOutputStream(baos);
                    try
                    {
                        os.writeUTF(tipo);
                        os.writeLong(cantidad);
                        os.flush();
                    }
                    catch (IOException ioe){}

                    byte[] b = baos.toByteArray();
                            try
                            {
                         rs.addRecord(b, 0, b.length);
                    }
                    catch (RecordStoreException rse){}

                    rs.closeRecordStore();
            }
            catch ( RecordStoreException e){}
            }

            public String buscar()
        {
                String texto = “”;
                String elnombre;
                long eldescto;
                boolean eureka = false;
                RecordStore rs = null;
                int indice;

                try
                {
                    rs = RecordStore.openRecordStore(BD, false);
                    RecordEnumeration registros = rs.enumerateRecords(null, null, false);
             while (registros.hasNextElement())
             {
                    indice=registros.nextRecordId();
                    try
                    {
                            ByteArrayInputStream bais = new ByteArrayInputStream(rs.getRecord(indice));
                            DataInputStream is = new DataInputStream(bais);
                            try
                            {
                                elnombre = is.readUTF();
                                eldescto = is.readLong();
                                if(this.nombre.equals(“*”)|| this.nombre.equals(“ALL”))
                                {
                                        texto += “Numero: “+indice+”\nMoneda: “+elnombre+”\nCantidad: “+eldescto+”\n\n”;
                                        eureka = true;
                                }
                                else
                                {
                                        if(elnombre.equals(nombre))
                                        {
                                            texto += “Moneda: “+indice+”\nMoneda: “+elnombre+”\nCantidad: “+eldescto+”\n\n”;
                                            eureka = true;
                                        }

                                 }

                            }
                            catch (EOFException eofe){}
                            catch (IOException ioe){}
                            bais.reset();
                            }
                            catch (RecordStoreException e){}
                    }
                    rs.closeRecordStore();
                }
                catch (RecordStoreException e){}
                if (!eureka)
                        texto = “No se encontro el registro”;
                return texto;
                            }
                        }
                    }

Codigo

/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
import java.io.*;
import javax.microedition.midlet.*;
import javax.microedition.lcdui.*;
import javax.microedition.io.*;
/**
* @author Alonso Tukuch Cab
*/

public class URLMenu extends MIDlet implements CommandListener {
Display display = null;
List menu = null;
TextBox input = null;
Command ok;
Form pantalla;
private String url = “http://www.nohaytruco14.web44.net/Datos”; // la direccion de mi web host
private String url2 = “http://www.nohaytruco14.web44.net/Informacion”;
static final Command backCommand = new Command (“Back”, Command.BACK,0);
static final Command mainMenuCommand = new Command (“Main”, Command.SCREEN,1);
static final Command okCommand = new Command (“Ver”, Command.OK,2);
static final Command exitCommand = new Command (“Exit”, Command.STOP,3);
String currentMenu = null;

public URLMenu() {
display = Display.getDisplay(this);
}
public void startApp() throws MIDletStateChangeException {
display=Display.getDisplay(this);
menu = new List(“Menu Opcion”, Choice.IMPLICIT);
menu.append(“Datos Generales”, null);
menu.append(“Informacion”, null);
menu.addCommand(okCommand);
menu.addCommand(exitCommand);
menu.setCommandListener(this);

mainMenu();
}
public void pauseApp(){
display = null;
menu = null;
input = null;
}
public void destroyApp(boolean unconditional){
notifyDestroyed();
}
void mainMenu() {
display.setCurrent(menu);
currentMenu = “Main”;
}
public void Datos() {
try{
download(url);
} catch (IOException e) {
System.out.println(“IOException: ” + e);
}
}
public void Informacion() {
try{
download2(url2);
} catch (IOException e) {
System.out.println(“IOException: ” + e);
}
}
public void testItem1() {
Datos();
currentMenu = “Datos Generales”;
}
public void testItem2() {
Informacion();
currentMenu = “Informacion”;
}
private void download (String url) throws IOException {

StringBuffer b = new StringBuffer();
InputStream is = null;
HttpConnection c = null;
TextBox t = null;

try {
long len = 0;
int ch =0;

c = (HttpConnection)Connector.open(url);
is = c.openInputStream();

while ((ch = is.read()) != -1) {
b.append((char)ch);
}

t = new TextBox (“De internet”, b.toString(), 1024, 0);
} finally {
if (is != null)
is.close();
if (c != null)
is.close();

}

display.setCurrent(t);
}
private void download2 (String url2) throws IOException {

StringBuffer b = new StringBuffer();
InputStream is = null;
HttpConnection c = null;
TextBox t = null;

try {
long len = 0;
int ch =0;

c = (HttpConnection)Connector.open(url);
is = c.openInputStream();

while ((ch = is.read()) != -1) {
b.append((char)ch);
}

t = new TextBox (“De internet”, b.toString(), 1024, 0);
} finally {
if (is != null)
is.close();
if (c != null)
is.close();

}

display.setCurrent(t);
}
public void commandAction(Command c, Displayable d) {
String label = c.getLabel();
if (label.equals(“Exit”)) {
destroyApp(true);
} else if (label.equals(“Back”)) {
if (currentMenu.equals(“Datos Generales”) || currentMenu.equals(“Informacion”))
{
mainMenu();
}
} else {
List down = (List)display.getCurrent();
switch(down.getSelectedIndex()) {
case 0: testItem1();break;
case 1: testItem2();break;

}
}
}
}

ZOOLOGICO

Zoolgico: http://nohaytruco14.web44.net/

Mi Sitio Web

http://www.EveryOneWeb.com/nohaytruco

Seguir

Recibe cada nueva publicación en tu buzón de correo electrónico.