Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

#OpPedoDoxing - heidymodel.com

By: a guest on Oct 9th, 2012  |  syntax: None  |  size: 3.40 KB  |  views: 3,089  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.         Password Transmitted Over HTTP
  2. Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
  3. Form target action  
  4.  Classification
  5.  PCI 2.0  6.5.4  PCI 1.2  6.5.9  OWASP  A9   CWE  319  CAPEC  65  WASC  04 Vulnerability Details
  6. Netsparker identified that password data is sent over HTTP.
  7. Impact
  8. If an attacker can intercept network traffic he/she can steal users credentials.
  9.  
  10.         Cookie Not Marked As HttpOnly
  11. Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
  12. Identified Cookie PHPSESSID
  13.  Classification
  14.  CWE  16  CAPEC  107  WASC  15 Vulnerability Details
  15. Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
  16. Impact
  17. During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.
  18.  
  19.         Auto Complete Enabled
  20. Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
  21. Identified Field Name amember_remote_login
  22.  Classification
  23.  CWE  16  WASC  15 Vulnerability Details
  24. "Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
  25. Impact
  26. Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.
  27.  
  28.         PHP Version Disclosure
  29. Certainty  
  30. Url  http://www.heidymodel.com/  
  31. Extracted Version 5.2.9
  32.  Classification
  33.  PCI 1.2  6.5.6  OWASP  A6   CWE  16  CAPEC  170  WASC  45 Vulnerability Details
  34. Netsparker identified that the target web server is disclosing the PHP version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
  35. Impact
  36. An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
  37.  
  38.         [Possible] Internal Path Leakage (*nix)
  39. Certainty  
  40. Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=3  
  41. Identified Internal Path(s) /proc/self/fd/2\0.php
  42. Parameter Name amember_remote_login
  43. Parameter Type Post
  44. Attack Pattern ../../../../../../../../../../proc/self/fd/2.php
  45.  Classification
  46.  PCI 1.2  6.5.6  CWE  200  CAPEC  118  WASC  13 Vulnerability Details
  47. Netsparker identified an internal path in the document.
  48. Impact
  49. There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.
  50.  
  51.         [Possible] Internal Path Leakage (*nix)
  52. Certainty  
  53. Url  http://www.heidymodel.com/amember_remote/  
  54. Identified Internal Path(s) /proc/self/fd/2\0.php
  55. Parameter Name amember_remote_login
  56. Parameter Type Post
  57. Attack Pattern ../../../../../../../../../../proc/self/fd/2.php
  58.  Classification
  59.  PCI 1.2  6.5.6  CWE  200  CAPEC  118  WASC  13 Vulnerability Details
  60. Netsparker identified an internal path in the document.
  61. Impact
  62. There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.