Tuesday, 11 April 2017

http://www.gurufocus.com/ | data leaks and errors

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/gurufocu/public_html/holdings_ind.php

errors  can be raised by simply manipulating parameters in the queries

chiarelettere.it | XSS and errors


XSS
http://www.chiarelettere.it/php/catalogo.php?cat=assda%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22



Notice: Undefined index: collana in /home/httpd/html/casaleggio/chiarelettere.it/php/avvisamico.php on line 896

Monday, 10 April 2017

https://www.buddybank.com/ | wordpress content injection




https://www.buddybank.com/buddyrunners/wp-json/

You can test it with the most common (python) PoC.

Tuesday, 4 April 2017

eptbenevento.it | file listing - data leak

/var/www/vhosts/eptbenevento.it/httpdocs/