#OpBilderberg: http://bilderberg.org/ |
------------------------
1) HTML form without CSRF protection
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form
Affected items:
http://bilderberg.org/seahttp://bitbin.it/YINScN7Nrch/search.htm
-------------------------------------------------------------------------------------------------
2) OPTIONS method is enabled
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI.
Affected items:
Web Server
-------------------------------------------------------------------------------------------------
3) Sensitive data not encrypted
Sensitive data such as credit card numbers, social security numbers are sent without using an encrypted connection. Information sent in clear text is not encrypted and therefore, can be intercepted.
Affected items:
http://bilderberg.org/cia.htm
http://bilderberg.org/st/index.htm
-------------------------------------------------------------------------------------------------
4) Slow response time
This page had a slow response time. The response time for this page was 29032 ms while the average response time for this site is 157.86 ms. This types of files can be targetted in denial of service attacks. An attacker can request this page repeatedly from multiple computers until the server becomes overloaded.
Affected items:
http://bilderberg.org/Clearwel2.doc
http://bilderberg.org/g/Bild-az-tab.html
http://bilderberg.org/land/lawofree.htm
http://bilderberg.org/MartinBormann-NaziInExile-PaulManning-1981.doc
http://bilderberg.org/nwo.htm
http://bilderberg.org/pepis02.htm
http://bilderberg.org/sis.htm
http://bilderberg.org/whorunstheworld8.doc
http://bilderberg.org/whorunstheworld9.doc
-------------------------------------------------------------------------------------------------
5) TRACE method is enabled
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Affected items:
Web Server
6) Email address found
One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found.
Affected items:
/1991.htm
/1992.htm
/1997.htm
/1998.htm
/1999.htm
/2000.htm
/2001.htm
/2002.htm
/2003.htm
/2004.htm
/2005.htm
/2006.htm
/2007.htm
/2008.htm
/apostasy.htm
/badlink.htm
/bap.htm
/bernhard.htm
/bilder.htm
/bildhist.htm
/bis.htm
/bohos.htm
/boneswar.htm
/censored.htm
/cgi-bin/htsearch
/changes.htm
/cia.htm
/critic.htm
/davos.htm
/endtimes.htm
/goodlink.htm
/hbomb.htm
/hell.htm
/hgenetix.htm
/homedn.htm
/imf.htm
/index.htm
/infowar.htm
/jewish.htm
/kissing.htm
/land/diggers.htm
/land/index.htm
/land/lawofree.htm
/land/letter.htm
/land/newchai2.htm
/land/petition.htm
/land/poor.htm
/land/solemn.htm
/land/thompson.htm
/land/truerel.htm
/legal.htm
/lucis.htm
/masons.htm
/micwaves.htm
/milne.htm
/monref.htm
/nato.htm
/ncl.htm
/nwo.htm
/nwo2007.htm
/officers.txt
/pepis00.htm
/pepis01.htm
/pepis02.htm
/pepis03.htm
/pepis04.htm
/pepis05.htm
/pepis06.htm
/pepis07.htm
/pepis08.htm
/pepis98.htm
/pepis99.htm
/product.htm
/railways.htm
/rockef.htm
/secret.htm
/shengen.htm
/sis.htm
/skulbone.htm
/st/index.htm
/strigas.htm
/tonyhom.htm
/trib.htm
/trilat.htm
/ugle0304.txt
/usglobal.htm
/wdm.htm
/wwiii.htm
7) GHDB: ht://Dig error message
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Error Messages
The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet. A list of publically available sites that use ht://Dig is available at http://www.htdig.org/uses.html ht://Dig 3.1.1 - 3.2 has a directory traversal and file view vulnerability as described at http://www.securityfocus.com/bid/1026. Attackers can read arbitrary files on the system. If the system is not vulnerable, attackers can still use the error produced by this search to gather information such as administrative email, validation of a cgi-bin executable directory, directory structure, location of a search database file and possible naming conventions.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Affected items:
/cgi-bin/htsearch
-------------------------------------------------------------------------------------------------
GHDB: HTTP 300 status code
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Web Server Detection
This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page that an attacker could use to profile a system.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Affected items:
/land/tenure
/www.bbc.co.uk
/www.bbc.co.uk/bbcfour
/www.bbc.co.uk/bbcfour/documentaries
/www.bbc.co.uk/bbcfour/documentaries/%20features
/www.bbc.co.uk/bbcfour/documentaries/%20features/century_of_the_self.shtml
/www.gifford.co.uk
/www.gifford.co.uk/~bedwards
/www.gifford.co.uk/~bedwards/video
-------------------------------------------------------------------------------------------------
9) GHDB: Possible file lock
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Files containing usernames
These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Affected items:
/endtimes.htm
-------------------------------------------------------------------------------------------------
10) Possible internal IP address disclosure
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks.
Affected items:
/1993.htm
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
List of file extensions:
File extensions can provide information on what technologies are being used on this website.
List of file extensions detected:
htm => 158 file(s)
doc => 21 file(s)
rtf => 14 file(s)
txt => 6 file(s)
sys => 1 file(s)
asc => 1 file(s)
shtml => 2 file(s)
xls => 1 file(s)
html => 24 file(s)
List of email addresses
Description
List of all email addresses found on this host.
19990408082227.10646.rocketmail@web806.mail.yahoo.com
abuse@kundenserver.de
adi@ursula.blythe.org
admcc@admcc.freeserve.co.uk
admin@dmoz.org
admin@lightfilms.com
admin@nprov47.freeserve.co.uk
ahcra@yahoo.com
ahdaf@hotmail.com
a-infos@tao.ca
a-infos-d@tao.ca
a-infos-org@tao.ca
a-infos-work@tao.ca
alan.holton@horology.idps.co.uk
alanandcarole@pgen.net
alf.mitchell@virgin.net
alfred.mendes@virgin.net
anarchobabe@fempages.org
andraitx@tathamroad.swintemet.co.uk
andy.meikle@virgin.net
anglowelsh@theudderground.com
anmlpepl@whidbey.com
Antek5@aol.com
antony.barnett@observer.co.uk
arabisraelites@yahoo.com
arjen.nijeboer@agora-europe.org
aseedeur@antenna.nl
ASillett@amiplan.com
atpearlsteins@washpost.com
avengers@vomit.demon.co.uk
awalshe@nd.edu
beauseant@arms-armor.com
bedspgl@yahoo.co.uk
belfast.gazette@pop.net.ntl.com
BIAC@oecd.org
billder@vtc.net
bobolsen@arcos.org
bobulus@btopenworld.com
borromees@borromees.it
brianclayton@Zoom.co.uk
bristolactivists@yahoogroups.com
brooshooft@shepherdswell.org.uk
burcu.ca...@hyattintl.com
bwright4609@yahoo.co.uk
captjonprice@email.com
caq@igc.org
carobel@aol.com
cberlet@igc.org
ce@bucksprovince.freeserve.co.uk
ceo@xs4all.nl
chapter.oxon@btopenworld.com
chapter@pgl-york.org
charles@craine.net
charles_marshall@msn.com
chasval@avalon54.fsnet.co.uk
chomsky@mit.edu
chosso@travel-net.com
chossudovsky@videotron.ca
chydrick@getus.com
cioj@dircon.co.uk
classwaruk@hotmail.com
clr@igc.apc.org
comments@atlargestudy.org
comodo@squat.net
contact@weforum.org
corp-focus@lists.essential.org
corp-focus-request@lists.essential.org
ctrl@listserv.aol.com
cubahistory@webtv.net
cutts@cs.unc.edu
d.estulin@ctconsultoria.com
dan@southeast.net
davep@exeterleft.freeserve.co.uk
david.leigh@guardian.co.uk
david@berkeleybooks.co.uk
david@google.com
derick-hayes@supanet.com
diggers350@egroups.com
diggers350-subscribe@egroups.com
Diggers350-subscribe@yahoogroups.com
dissent-request@userhome.com
djbennett@blueyonder.co.uk
dmgexternal@bt-sys.bt.co.uk
dmichel@atlargestudy.org
dtoube@cgsh.com
dweston@cqm.co.uk
E1AyBKP-0004Qd-00@mrvnet.kundenserver.de
easterisle@parascope.com
eblack@startribune.com
edbar@lineone.net
edinfo@sussexmasons.org.uk
editor@globalresearch.ca
editor@mediaguardian.co.uk
editor@monetary-reform.on.ca
eibyr.hughes@nfucymruwales.org.uk
emery.mike@btinternet.com
engdc@acsu.buffalo.edu
enquiries@essex-lodges.org
enquiries@freemasonsofcheshire.org.uk
entetu@tpu.fi
eratier@faits-et-documents.com
ericlee@labourstart.org
erik225@knoware.nl
f.diaz@ucl.ac.uk
fabian@unpopular.demon.co.uk
fantasia39@hotmail.com
FBOYLE@LAW.UIUC.EDU
FFWi@aol.com
fpf@chello.nl
freepress@cpbf.org.uk
frendz@marsbard.com
friendly_fireuk@yahoo.co.uk
friestaat@yahoo.com
g.murdock@lboro.ac.uk
Gene.Taft@perseusbooks.com
genvaler@belgacom.net
gerald_bisson@hotmail.com
ghealy@europarl.eu.int
giles.fraser@parishofputney.co.uk
ginnyfelton@compuserve.com
global@devil.com
gordonc@belmont.carenet.org.uk
graham@bowerman.org.uk
grattan_healy@compuserve.com
gregory.palast@guardian.co.uk
griffinb@cwcom.net
groenfr@dds.nl
gshalif@netvision.net.il
gv...@verizon.net
h2o@tekomedia.de
h5414@accor.com
hammond@sunshine-project.org
heather@teknopunx.co.uk
I_Neal@imeche.org.uk
ianneal@fastmail.fm
i-contact@videonetwork.org
info.office@bristol.ac.uk
info@beds-freemasonry.org
info@bod.org.uk
info@engdahl.oilgeopolitics.net
info@hgalert.org
info@hotelasur.com
info@mcspotlight.org
info@milansperanza.it
info@orientexpresshotel.com
info@probe.org
info@uscib.org
iswor@aol.com
j18discussion@gn.apc.org
jamie.shea@nato.gov.world
jamiehartz@gn.apc.org
JAMYOUNG@compuserve.com
jcbeadle@btconnect.com
jfrijns@antenna.nl
jgholdsworth@supanet.com
jimmy.1959@hotmail.co.uk
jmdf@globalnet.co.uk
jmw859@aol.com
jnpresse@pt.lu
john.mas...@multiline.com.au
john.mcneece@jm-pr.com
john.papworth@btinternet.com
john@courtjb.freeserve.co.uk
joncarpenterpublishing@compuserve.com
jpchance@egroups.com
jsansone@rcn.com
jschneider5@bloomberg.net
jshields@sun-sentinel.com
jtwg@bellsouth.net
jtwood3@home.com
juliam@coxnews.com
jw@clearwellcaves.com
jwagner@jupitermedia.com
jwhitley@inforamp.net
jzogby@aaiusa.org
k0012569@kingston.ac.uk
kemal_jebril@hotmail.com
kevin.maguire@guardian.co.uk
keziah@globalismnews.com
kkumar@startribune.com
klaus@hauptgewinn.de
kolyaab@hotmail.com
kristian.vedaa@saas.no
lAK@care4free.net
lauch.martin@utanet.at
lawfirm@danowsky.se
lawya@leeds.ac.uk
lewis@ewhurst5.fsnet.co.uk
libertylobby@earthlink.net
lists@j12.org
ludicrousdivers...@hotmail.com
M.Peters@lmu.ac.uk
maggie.okane@guardian.co.uk
mail@lilliput-information.com
majordomo@tao.ca
mark.campbell10@virgin.net
martin.wolf@ft.com
martyn@daley.co.uk
masons@warwickshirepgl.org
masontruth@aol.com
maurice2000@maurice2000.screaming.net
mayday2000@egroups.com
mayer@oakland.edu
mbi@btinternet.com
mclibel@globalnet.co.uk
meacherm@parliament.uk
merja.kivinen@eduskunta.fi
mgmort@jerseymail.co.uk
michaeljpeters@hotmail.com
michel@icann.org
michellenicolosi@seattlepi.com
mike.manly@btintemet.com
mikeruppert@earthlink.net
mjwalsh@heythrop.ac.uk
mmarkhollingsworth@talk21.com
mpagano@efinancialnews.com
mriemer@YellowTimes.org
msra@fibertel.com.ar
naima.bouteldja@gmail.com
Newsresearcher3@amiplan.com
nick.erran@ntlworld.com
Nigel@warwickshirepgl.org
northsandhunts@provoffice.fsnetco.uk
nwprovince@mason-net.org
office@eastkentfreemasons.org
office@middlesexfreemasons.org.uk
office@tlio.demon.co.uk
oops@spanner.org
p.harwood@ozannes.com
p.preston@guardian.co.uk
palacioestoril@mail.telepac.pt
pasaojan@cc.jyu.fi
paul.nuki@sunday-times.co.uk
pduveen@yahoo.com
pearlsteins@washpost.com
pelasgos@hotmail.com
pepis@googlegroups.com
PEPIS@marsbard.com
PEPIS-subscribe@googlegroups.com
PEPIS-subscribe@yahoogroups.com
peter@hickory65.freeserve.co.uk
petergjones@clara.co.uk
peterj.mason@lineone.net
pga@agp.org
pgc@btconnect.com
pgc@edsw.freeserve.co.uk
pgcleics@hotrnail.com
pgl@durhamfreemason.org
pgl@durharnfreemasons.org
pgl@edsw.freeserve.co.uk
pgl@wrprovince.co.uk
pgl1eics@hotmail.com
pglsuffolk@suffolkfreemason.org.uk
PGScribeE@freemasons-westkent.org.uk
pgsec@freemasons-westkent.org.uk
pgsec@monmasons.org.uk
pgsec@pglcambs.org.uk
plever@waitrose.com
predwood@phonecoop.coop
presidentsregister@cec.eu.int
press@google.com
profdog@thekenneI6.fsnet.co.uk
protein@techsploitation.com
provchapter@btopenworld.com
prov-gchapter-surrey@lineone.net
provgcnfk@aol.com
provgsec@berkspgl.org.uk
ProvGSecretary@pglherts.demon.co.uk
Province@somerset63.freeserve.co.uk
province_of_bristol@lineone.net
provincial@worcestershire-freemasons.org.uk
provincial-secretary@hantsandiow.fsnet.co.uk
psorahan@compuserve.com
pww@pww.org
r.cook@guardian.co.uk
radical@globalnet.co.uk
randsmarshall@btinternet.com
ray@ray-martland.co.uk
rbricknell@aol.com
rdy4battle@aol.com
richard.sambrook@bbc.co.uk
Richard@hardaker4.freeserve.co.uk
right-left@savanne.ch
rlawson@gn.apc.org
rmcgehee@igc.org
robert.r.styles@si.shell.com
robin@lobster.karoo.co.uk
roddyray@cwgsy.net
rodpitham@aol.com
roundtable@geocities.com
roundtable@mail.geocities.com
rowenathursby@onetel.com
RowenaThursby@onetel.net.uk
royalarch@lowin.net
rparry@ix.netcom.com
russjer@hotmail.com
s.milne@guardian.co.uk
salbuchi@fibertel.com.ar
schindler@presroi.de
schnews@brighton.co.uk
scre@btconnect.com
scribee@nottsmasons.org.uk
secretariat@eastlancsmasons.org.uk
secretary@derbyshiremason.org
secretary@nottsmasons.org.uk
secretary@oxfordshiremasons.org.uk
secretary@pglstaffordshire.co.uk
seminars@kissingerassoc.com
service@copvcia.com
smithy@mindspring.com
SMye5@aol.com
social.credit@virgin.net
southern.eye@bbc.co.uk
spectre@worldcom.ch
staff-app@dmoz.org
STEVECLAUDIA@MCR1.poptel.org.uk
stevenswan@earthlink.net
stopnato-subscribe@listbot.com
subscribe@schnews.org.uk
subscribe-kw@icai-online.org
t_taylor@dxy.co.uk
taylormoore@ukgateway.net
tbird331@attbi.com
tburghardt@igc.org
the_roundtable@iname.com
thinkers@tm.net.my
thomasharris@net.ntl.com
titus.alexander@mcr1.poptel.org.uk
tjohnson@herald.com
tmcclu@aol.com
tomto5@yahoo.com
tony.blair@parliament.gov.uk
tony@cultureshop.org.uk
tony@gaia.org
tony@tlio.org.uk
tonyg@citipages.net
trustnowun@yahoo.com
tudormorris@hotmail.com
UK_Left_Network@yahoogroups.com
ukgold@bbc.co.uk
umitsayin@gmail.com
unconfigured@htdig.searchengine.maintainer
valmontnoir@sapo.pt
vi_blir_lurt@yahoo.com
vomituk@my-deja.com
VoxPax@aol.com
wb50years@igc.org
westlancs.masons@btinemet.com
westlancs.masons@btintemet.com
wolvrail@amicro.co.uk
www@xxxxxxxx.net
xxxxx-shadow@xxxxxx.com
xxxxxx@xxxxxx.com
>>>Anonymous Fighters<<<
