Italian provider Fastweb Myfastpage authorization control bypass.

sla.ckers.org is
ha.ckers sla.cking

Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Italian provider Fastweb Myfastpage authorization control bypass.

Posted by: morlaffo

Date: June 03, 2011 12:14PM

Exploiting a XSS in the Italian service provider Fastweb website, is possible bypassing authentication and log into users control panels. The attacker must lure a Fastweb user into forget web page to steal credentials.

Here the working POC: http://disse.cting.org/codes/fastweb.html
Here the blog article: http://disse.cting.org/security-2/fastweb-myfastpage-panel-control-hack/

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login