1. Cleartext submission of password
1.1. http://www.latinobusinessreview.com/
1.2. http://www.latinobusinessreview.com/site-search
2. Cookie scoped to parent domain
3. Cookie without HttpOnly flag set
4. Password field with autocomplete enabled
4.1. http://www.latinobusinessreview.com/
4.2. http://www.latinobusinessreview.com/site-search
5. Cross-domain Referer leakage
6. Cross-domain script include
6.1. http://www.latinobusinessreview.com/
6.2. http://www.latinobusinessreview.com/site-search
7. HTML uses unrecognised charset
7.1. http://www.latinobusinessreview.com/
7.2. http://www.latinobusinessreview.com/site-search
Severity: | High |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <td id="header-top"><form action="/" accept-charset="UTF-8" method="post" id="user-login" class=" compact-form"> <div> ...[SNIP]... </label> <input type="password" name="pass" id="edit-pass" maxlength="128" size="60" tabindex="2" class="form-text required" /> <div class="description"> ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | /site-search |
GET /site-search?type=All Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Referer: http://www.latinobus Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: www.latinobusinessreview Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: SESS717e6a7c30e1d3f8 |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:42 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Last-Modified: Tue, 14 Dec 2010 15:22:13 GMT ETag: "98cd2639c9ac247aaa4 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 30472 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <td id="header-top"><form action="/site-search?type <div> ...[SNIP]... </label> <input type="password" name="pass" id="edit-pass" maxlength="128" size="60" tabindex="2" class="form-text required" /> <div class="description"> ...[SNIP]... |
Severity: | Low |
Confidence: | Firm |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... |
Severity: | Low |
Confidence: | Firm |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <td id="header-top"><form action="/" accept-charset="UTF-8" method="post" id="user-login" class=" compact-form"> <div> ...[SNIP]... </label> <input type="password" name="pass" id="edit-pass" maxlength="128" size="60" tabindex="2" class="form-text required" /> <div class="description"> ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | /site-search |
GET /site-search?type=All Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Referer: http://www.latinobus Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: www.latinobusinessreview Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: SESS717e6a7c30e1d3f8 |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:42 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Last-Modified: Tue, 14 Dec 2010 15:22:13 GMT ETag: "98cd2639c9ac247aaa4 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 30472 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <td id="header-top"><form action="/site-search?type <div> ...[SNIP]... </label> <input type="password" name="pass" id="edit-pass" maxlength="128" size="60" tabindex="2" class="form-text required" /> <div class="description"> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | /site-search |
GET /site-search?type=All Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Referer: http://www.latinobus Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: www.latinobusinessreview Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: SESS717e6a7c30e1d3f8 |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:42 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Last-Modified: Tue, 14 Dec 2010 15:22:13 GMT ETag: "98cd2639c9ac247aaa4 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 30472 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script src='http://92.48.64.247 ...[SNIP]... <noscript><a target='_blank' href='http://92.48.64.247 ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <a href="javascript:void(0); ...[SNIP]... <noscript><a target='_blank' href='http://92.48.64.247 ...[SNIP]... <div id="footer-message"> Copyright 2010 by White Digital Media Group. All rights reserved | <a href="http://www.whitedm ...[SNIP]... <noscript> <img height="1" width="1" alt="" style="display:none;" src="http://www </noscript> <img src="http://email </div> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script src='http://92.48.64.247 ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.latinobus |
Path: | /site-search |
GET /site-search?type=All Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Referer: http://www.latinobus Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: www.latinobusinessreview Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: SESS717e6a7c30e1d3f8 |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:42 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Last-Modified: Tue, 14 Dec 2010 15:22:13 GMT ETag: "98cd2639c9ac247aaa4 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 30472 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script src='http://92.48.64.247 ...[SNIP]... |
Severity: | Information |
Confidence: | Tentative |
Host: | http://www.latinobus |
Path: | / |
GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.latinobusinessreview |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:36 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Set-Cookie: SESS717e6a7c30e1d3f8 Last-Modified: Tue, 14 Dec 2010 15:08:41 GMT ETag: "02f8c124c9513a1a605 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 80431 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <meta name="revisit-after" content="1 day" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script src='http://92.48.64.247 ...[SNIP]... <META HTTP-EQUIV="CACHE-CONTROL <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1' /> <link type="text/css" rel="stylesheet" media="all" href="/sites/all/modules <link type="text/css" rel="stylesheet" media="all" href="/sites/default ...[SNIP]... |
Severity: | Information |
Confidence: | Tentative |
Host: | http://www.latinobus |
Path: | /site-search |
GET /site-search?type=All Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms Referer: http://www.latinobus Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: www.latinobusinessreview Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: SESS717e6a7c30e1d3f8 |
HTTP/1.1 200 OK Date: Tue, 14 Dec 2010 15:25:42 GMT Server: Apache/2.2.12 (Ubuntu) X-Powered-By: PHP/5.2.10-2ubuntu6.5 Last-Modified: Tue, 14 Dec 2010 15:22:13 GMT ETag: "98cd2639c9ac247aaa4 Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: must-revalidate Content-Type: text/html; charset=utf-8 Content-Length: 30472 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <meta name="revisit-after" content="1 day" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script src='http://92.48.64.247 ...[SNIP]... <META HTTP-EQUIV="CACHE-CONTROL <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1' /> <link type="text/css" rel="stylesheet" media="all" href="/sites/all/modules <link type="text/css" rel="stylesheet" media="all" href="/sites/default ...[SNIP]... |