February 15, 2021

Telecom Italia: Responsible Disclosure

Analisi di una vulnerabilità che avrebbe consentito l'accesso non autorizzato al portale https://easyapi.telecomitalia.it

April 05, 2019

Analyzing PHPKB v9: Part three

The third part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Cross-Site Request Forgery.

March 27, 2019

Analyzing PHPKB v9: Part two

The second part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Cross-Site Scripting.

March 19, 2019

Analyzing PHPKB v9: Part one

The first part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Arbitrary File Download, Remote Code Execution, Blind Cross-Site Scripting, Arbitrary File Renaming, Arbitrary Folder Deletion, CSV Injection, Arbitrary File Listing.

March 15, 2019

Fastweb: Responsible Disclosure

Analisi di due vulnerabilità critiche scoperte nell'applicazione android MyFastweb e nel sito web www.fastweb.it.