Malicious urls can be generated to redirectusers after login (phishing)
https://supportopersonale.marina.difesa.it/login/?redirect_to=https://[phishing_site_obfuscated]
Usernames can be detected by bruteforcing the password reset. There's no limit.
https://supportopersonale.marina.difesa.it/password-reset/
example of working usernames:
aldo
giovanni
giacomo
Passwords can be changed with a specific bug adding in the string a second email as recipient.
Various users have the password equal to the username.
In the user area it's possible to do stored XSS (tested) and possibly take over other accounts (not tested).
-
The email addresses can be used via https://mail.marina.difesa.it and in various cases passwords are the same as those used in supportopersonale.marina.difesa.it
______________
______________
Another website where is possible to to bruteforce users (not as the previous one)
https://vrmtc.marina.difesa.it/Portal/mail_password
admin
Comments
Post a Comment