Monday, 4 September 2017

https://iscriviti.radicali.it | errors, path disclosure, system compromise



https://iscriviti.radicali.it

directly accessing this url we get an error with the paths
https://iscriviti.radicali.it/Landing/RegistraDati

D:\xampp\htdocs\radicali\landing_iscrizione\index.php

Windows and xampp that are not fitted for a production server that must store data.


I archived the page:
http://archive.is/PFw55

www.leganord.org | various security issues


Vulnerable Phocadownload

Possibility to add different videos from youtube
www.leganord.org/index.php/documenti-politici/68-gianfranco-miglio/8741-quella-rivoluzione-dal-basso?videoid=[youtube video id]

They also got a malware (not from me - a lot of porn stuff)
Google Cache
http://webcache.googleusercontent.com/search?q=cache:r0-Y-VR0oHAJ:www.leganord.org/xIpV58pu_+&cd=11&hl=it&ct=clnk&gl=it

Copy of the cached page:
http://archive.is/7Vhy9


Note: they fixed the problems.

https://margot.partitodemocratico.it - path disclosure, system compromise


There is a path disclosure thanks to an error.
https://margot.partitodemocratico.it/nl/cancellami.php?e=test&secure=test
unsubscribe_v2.php

https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=[anything]&question=[anything]&answer=[anything]&e=[anything]&secure=[anything]&mid=[anything]
(original sample - https://margot.partitodemocratico.it/pdnl/nl3/vogliodareunamano.php?id=2&question=2&answer=si&e=ZWxpb3BvbGlAdGlzY2FsaS5pdA&secure=04912b36dcc08f33892266834a963bf0&mid=1eea )

It's possible to have access to the system.


sample path (It's public - don't bother me)
/repository/GCloud-WebRoot/margot.partitodemocratico.it/pd_margot_honeypot/


http://www.pdcampania.it - content injection, possible admin reset to external MX server

04/09/2017 http://www.pdcampania.it
wordpress 4.2.8

It's possible to inject content and reset the admin password and get the email to an external MX server.

The website is down for restyling but the wordpress scripts are still available to the public.

For example the admin area:
www.pdcampania.it/wp-admin

Sunday, 3 September 2017

Content Models html5

Content Models



Metadata: Content that sets up the presentation or behavior of the rest of the content. These elements are found in the head of the document.
Elements: <base><link><meta><noscript><script><style><title>

Embedded: Content that imports other resources into the document.
Elements: <audio><video><canvas><iframe><img>, <math>, <object><svg>

Interactive: Content specifically intended for user interaction.
Elements: <a><audio><video><button>, <details>, <embed><iframe><img><input><label><object><select><textarea>

Heading: Defines a section header.
Elements: <h1><h2><h3><h4><h5><h6>, <hgroup>

Phrasing: This model has a number of inline level elements in common with HTML4.
Elements: <img>, <span>, <strong><label><br /><small><sub>, and more.

Friday, 1 September 2017

Opencart 2.x - save settings for module or add module to layout





//loading the settings
$this->load->model('setting/setting');
$setting = $this->model_setting_setting->getSetting('mymodule');
//saving the settings
$this->load->model('setting/setting');
$setting = $this->model_setting_setting->editSetting('mymodule');

NOTE: in the form the input name="" must start with the name of the module. Example: mymodule_limit, mymodule_status, mymodule_othersetting


//getting data from the module - usually is loaded by the configured layout
        $this->load->model('extension/module');
$setting = $this->model_extension_module->getModuleByCode('mymodule');



//saving data for the module with new id from the POST (saves a new one that can be loaded from the layout)
        $this->load->model('extension/module');
               if (!isset($this->request->get['module_id'])) { // $this->model_extension_module->addModule('mymodule', $this->request->post);
                } else {
                $this->model_extension_module->editModule($this->request->get['module_id'], $this->request->post);
                }

Saturday, 26 August 2017

www.snaplife.it | vulnerable wordpress

www.snaplife.it
vulnerable/unpatched 4.8 wordpress, vulnerable/unpatched theme, path disclosure.

Twitter Delicious Facebook Digg Stumbleupon Favorites More