http://adesioneonline.ilpopolodellaliberta.it/include/comuni.php?comune=Ades.natoa&prov=Ades.natopr%0A%3Cscript%3Ealert%281%29%3C/script%3E%0A&id=Ades.idcomunens&stato=Ades.statonato&label=1&idprovv=Ades.idprovnascita
There are several xss - I've no time to list them all.
-----------------------------------
We can change any value on the client side, quite no verification on server side.
I've subscribed for 0€
-----------
During the registration as a payment gateway I've choosed this one
www.monetaonline.it/
and it's so strange that this p.g. have only client-side checks!!!
After submitting the data I've got an internal server error and I've got the successful page
at http://adesioneonline.ilpopolodellaliberta.it/s27servertransazioneritorno.php
I've *paid* my *free* subscription to the PDL.
There are several xss - I've no time to list them all.
-----------------------------------
We can change any value on the client side, quite no verification on server side.
I've subscribed for 0€
-----------
During the registration as a payment gateway I've choosed this one
www.monetaonline.it/
and it's so strange that this p.g. have only client-side checks!!!
After submitting the data I've got an internal server error and I've got the successful page
at http://adesioneonline.ilpopolodellaliberta.it/s27servertransazioneritorno.php
I've *paid* my *free* subscription to the PDL.
Comments
Post a Comment