Telecom Italia: Responsible Disclosure
Analisi di una vulnerabilità che avrebbe consentito l'accesso non autorizzato al portale https://easyapi.telecomitalia.it
Analyzing PHPKB v9: Part three
The third part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Cross-Site Request Forgery.
Analyzing PHPKB v9: Part two
The second part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Cross-Site Scripting.
Analyzing PHPKB v9: Part one
The first part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Arbitrary File Download, Remote Code Execution, Blind Cross-Site Scripting, Arbitrary File Renaming, Arbitrary Folder Deletion, CSV Injection, Arbitrary File Listing.
Fastweb: Responsible Disclosure
Analisi di due vulnerabilità critiche scoperte nell'applicazione android MyFastweb e nel sito web www.fastweb.it.