Skip to main content

Ordine dei Giornalisti - http://www.odg.it https://sigef-odg.lansystems.it - Sql injection, xss, system compromise

 http://www.odg.it
Old version of Drupal with several security problems.
It's possible to have admin access and upload a php shell.


 https://sigef-odg.lansystems.it
Access as any user via sql injection.

sample injection
user: ' or ''='
password: ' or ''='

sample screenshot





Sample error 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' and `password`=SHA2('',256) AND IFNULL(UFPC.eliminato,0) NOT IN (1,8,9)' at line 1


NOTE: I have not saved/stored any kind of confidential information and I have no criminal intents of any kind.



1958



---

2018-04 - odg.it has been notified (2 times) of the problems via email . No reply received.
2018-06 - no reply received. The problems are still there.

Comments

Popular posts from this blog

iPod Shuffle reset Utility for 64bit windows 10 (xp and above)

iPod Shuffle reset Utility (if iTunes fails)

Download the uncompressed "iPodResetUtilitySetup.exe" from one of the following links (mirrors):

Download from Onedrive
Mirror -  Tinyupload
Mirror -  Filesharing1
Mirror -  Exoshare
Mirror - EmbedUpload
Mirror - Multiup
Install iTunes for drivers etc (needed on Windows 64bit)Make sure that iTunes is fully installed (the services are running).Check if the iPod can be detected and sync by iTunes.Close iTunes.Run "iPodResetUtility.exe" with Windows XP compatibility mode and "Run as Administrator".If the reset fails try to run  with Windows XP SP2 compatibility mode and "Run as Administrator".

Should work to:
reset iPod Shuffle on Windows XP 32 bit
reset iPod Shuffle on Windows Vista 32 bit
reset iPod Shuffle on Windows 7 32 bit
reset iPod Shuffle on Windows 8 32 bit
reset iPod Shuffle on Windows 8.1 32 bit
reset iPod Shuffle on Windows 10 32 bit

reset iPod Shuffle on Windows XP 64 bit
reset iPod Shuffle on Win…

Force Unmount and Clean up of a Wim Image using DISM

Force Unmount and Clean up of a Wim Image using DISM


When you use RT7 (+ AIK) sometimes an error occurs stating that there's a mounted wim (ex.  boot.wim).
To solve the problem you should run, as administrator, the command:

dism /cleanup-wim
If it doesn't work I've found another solution by editing the registry and deleting all the (necessary) entries within:

"HKLM\SOFTWARE\Microsoft\WIMMount\mounted images\"

It should work as long as you are an administrator.


Hashes Algorithms used in different web applications

Hashes Algorithms used in different web applications.
I've done this list by hand. Not all the hashes algos are correct (I've generically added md5 or ??? where is unkwnown).
If you are interested send corrections and I will update it.
I will publish also a better version with tabs.
You can reproduce it without problems. It's part of the project mdcrack gui on sourceforge.
Use the | as data separator.

-----------------------------------------------------------------------------------------------------------------------------------------------------
| Title | Hash Algorithm | TablePrefix | Table Name | Website |
-----------------------------------------------------------------------------------------------------------------------------------------------------
| 1C Битрикс | md5($pass) | | |http://www.1c-bitrix.ru/
| 1024cms | md5($pass) | | |http://www.1024cms.org/
| 4images | md5($pass) | | |http://www.4homepage…