Skip to main content

Ordine dei Giornalisti - http://www.odg.it https://sigef-odg.lansystems.it - Sql injection, xss, system compromise

 http://www.odg.it
Old version of Drupal with several security problems.
It's possible to have admin access and upload a php shell.


(2019-05 the problem is still there)

 https://sigef-odg.lansystems.it
Access as any user via sql injection.

sample injection
user: ' or ''='
password: ' or ''='

(2019-05 - they tried to fix the problem the previous injection doesn't work)



New injection

' or ''=''--


sample screenshot





Sample error 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' and `password`=SHA2('',256) AND IFNULL(UFPC.eliminato,0) NOT IN (1,8,9)' at line 1


NOTE: I have not saved/stored any kind of confidential information and I have no criminal intents of any kind.



1958



---

2018-04 - odg.it has been notified (2 times) of the problems via email . No reply received.
2018-06 - no reply received. The problems are still there.
2019-05-12 - no reply but they tried to fix the problem on sigef.

Comments

Popular posts from this blog

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      

Database Collation when installing Opencart 3.x, 4.x

  To avoid several problems the database collation for opencart should be as follows: - for Opencart 4.0.1.1 and above it should be " utf8mb4_general_ci " - for Opencart 1.5.51 (Opencart  2.x, Opencart 3.x ) up to Opencart 4.0.1.0 the collation should be " utf8_general_ci " - for Opencart 1.4.1 up to Opencart 1.5.4.1 the collation should be " utf8_bin " - for Opencart <1.1.1 up to Opencart 1.4.0 the collation should be " utf8_unicode_ci " If you are using the latest version of mysql always use " utf8mb4_general_ci ". Never use UTF8mb3*