There is a path disclosure thanks to an error.
https://margot.partitodemocratico.it/nl/cancellami.php?e=test&secure=test
unsubscribe_v2.php
https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=[anything]&question=[anything]&answer=[anything]&e=[anything]&secure=[anything]&mid=[anything]
(original sample - https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=2&question=2&answer=si&e=ZWxpb3BvbGlAdGlzY2FsaS5pdA&secure=04912b36dcc08f33892266834a963bf0&mid=1eea )
It's possible to have access to the system.
Is it an "honeypot" ... as stated in the path?
It's possible but they didn't fix the bugs and it's possible to access to confidential data.
/repository/GCloud-WebRoot/margot.partitodemocratico.it/pd_margot_honeypot/
Comments
Post a Comment