#OpBilderberg: http://bilderberg.org/ | ------------------------ 1) HTML form without CSRF protection Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form Affected items: http://bilderberg.org/seahttp://bitbin.it/YINScN7Nrch/search.htm ------------------------------------------------------------------------------------------------- 2) OPTIONS method is enabled HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. Affected items: Web Server ------------------------------------------------------------------------------------------------- 3) Sensitive data not encrypted Sensitive data such as credit card numbers, social security numbers are sent without using an encrypted connection. Information sent in clear text is not encrypted and therefore, can be intercepted. Affected items: http://bilderberg.org/cia.htm http://bilderberg.org/st/index.htm ------------------------------------------------------------------------------------------------- 4) Slow response time This page had a slow response time. The response time for this page was 29032 ms while the average response time for this site is 157.86 ms. This types of files can be targetted in denial of service attacks. An attacker can request this page repeatedly from multiple computers until the server becomes overloaded. Affected items: http://bilderberg.org/Clearwel2.doc http://bilderberg.org/g/Bild-az-tab.html http://bilderberg.org/land/lawofree.htm http://bilderberg.org/MartinBormann-NaziInExile-PaulManning-1981.doc http://bilderberg.org/nwo.htm http://bilderberg.org/pepis02.htm http://bilderberg.org/sis.htm http://bilderberg.org/whorunstheworld8.doc http://bilderberg.org/whorunstheworld9.doc ------------------------------------------------------------------------------------------------- 5) TRACE method is enabled HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. Affected items: Web Server 6) Email address found One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found. Affected items: /1991.htm /1992.htm /1997.htm /1998.htm /1999.htm /2000.htm /2001.htm /2002.htm /2003.htm /2004.htm /2005.htm /2006.htm /2007.htm /2008.htm /apostasy.htm /badlink.htm /bap.htm /bernhard.htm /bilder.htm /bildhist.htm /bis.htm /bohos.htm /boneswar.htm /censored.htm /cgi-bin/htsearch /changes.htm /cia.htm /critic.htm /davos.htm /endtimes.htm /goodlink.htm /hbomb.htm /hell.htm /hgenetix.htm /homedn.htm /imf.htm /index.htm /infowar.htm /jewish.htm /kissing.htm /land/diggers.htm /land/index.htm /land/lawofree.htm /land/letter.htm /land/newchai2.htm /land/petition.htm /land/poor.htm /land/solemn.htm /land/thompson.htm /land/truerel.htm /legal.htm /lucis.htm /masons.htm /micwaves.htm /milne.htm /monref.htm /nato.htm /ncl.htm /nwo.htm /nwo2007.htm /officers.txt /pepis00.htm /pepis01.htm /pepis02.htm /pepis03.htm /pepis04.htm /pepis05.htm /pepis06.htm /pepis07.htm /pepis08.htm /pepis98.htm /pepis99.htm /product.htm /railways.htm /rockef.htm /secret.htm /shengen.htm /sis.htm /skulbone.htm /st/index.htm /strigas.htm /tonyhom.htm /trib.htm /trilat.htm /ugle0304.txt /usglobal.htm /wdm.htm /wwiii.htm 7) GHDB: ht://Dig error message The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Error Messages The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet. A list of publically available sites that use ht://Dig is available at http://www.htdig.org/uses.html ht://Dig 3.1.1 - 3.2 has a directory traversal and file view vulnerability as described at http://www.securityfocus.com/bid/1026. Attackers can read arbitrary files on the system. If the system is not vulnerable, attackers can still use the error produced by this search to gather information such as administrative email, validation of a cgi-bin executable directory, directory structure, location of a search database file and possible naming conventions. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Affected items: /cgi-bin/htsearch ------------------------------------------------------------------------------------------------- GHDB: HTTP 300 status code The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Web Server Detection This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page that an attacker could use to profile a system. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Affected items: /land/tenure /www.bbc.co.uk /www.bbc.co.uk/bbcfour /www.bbc.co.uk/bbcfour/documentaries /www.bbc.co.uk/bbcfour/documentaries/%20features /www.bbc.co.uk/bbcfour/documentaries/%20features/century_of_the_self.shtml /www.gifford.co.uk /www.gifford.co.uk/~bedwards /www.gifford.co.uk/~bedwards/video ------------------------------------------------------------------------------------------------- 9) GHDB: Possible file lock The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing usernames These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Affected items: /endtimes.htm ------------------------------------------------------------------------------------------------- 10) Possible internal IP address disclosure A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks. Affected items: /1993.htm ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- List of file extensions: File extensions can provide information on what technologies are being used on this website. List of file extensions detected: htm => 158 file(s) doc => 21 file(s) rtf => 14 file(s) txt => 6 file(s) sys => 1 file(s) asc => 1 file(s) shtml => 2 file(s) xls => 1 file(s) html => 24 file(s) List of email addresses Description List of all email addresses found on this host. 19990408082227.10646.rocketmail@web806.mail.yahoo.com abuse@kundenserver.de adi@ursula.blythe.org admcc@admcc.freeserve.co.uk admin@dmoz.org admin@lightfilms.com admin@nprov47.freeserve.co.uk ahcra@yahoo.com ahdaf@hotmail.com a-infos@tao.ca a-infos-d@tao.ca a-infos-org@tao.ca a-infos-work@tao.ca alan.holton@horology.idps.co.uk alanandcarole@pgen.net alf.mitchell@virgin.net alfred.mendes@virgin.net anarchobabe@fempages.org andraitx@tathamroad.swintemet.co.uk andy.meikle@virgin.net anglowelsh@theudderground.com anmlpepl@whidbey.com Antek5@aol.com antony.barnett@observer.co.uk arabisraelites@yahoo.com arjen.nijeboer@agora-europe.org aseedeur@antenna.nl ASillett@amiplan.com atpearlsteins@washpost.com avengers@vomit.demon.co.uk awalshe@nd.edu beauseant@arms-armor.com bedspgl@yahoo.co.uk belfast.gazette@pop.net.ntl.com BIAC@oecd.org billder@vtc.net bobolsen@arcos.org bobulus@btopenworld.com borromees@borromees.it brianclayton@Zoom.co.uk bristolactivists@yahoogroups.com brooshooft@shepherdswell.org.uk burcu.ca...@hyattintl.com bwright4609@yahoo.co.uk captjonprice@email.com caq@igc.org carobel@aol.com cberlet@igc.org ce@bucksprovince.freeserve.co.uk ceo@xs4all.nl chapter.oxon@btopenworld.com chapter@pgl-york.org charles@craine.net charles_marshall@msn.com chasval@avalon54.fsnet.co.uk chomsky@mit.edu chosso@travel-net.com chossudovsky@videotron.ca chydrick@getus.com cioj@dircon.co.uk classwaruk@hotmail.com clr@igc.apc.org comments@atlargestudy.org comodo@squat.net contact@weforum.org corp-focus@lists.essential.org corp-focus-request@lists.essential.org ctrl@listserv.aol.com cubahistory@webtv.net cutts@cs.unc.edu d.estulin@ctconsultoria.com dan@southeast.net davep@exeterleft.freeserve.co.uk david.leigh@guardian.co.uk david@berkeleybooks.co.uk david@google.com derick-hayes@supanet.com diggers350@egroups.com diggers350-subscribe@egroups.com Diggers350-subscribe@yahoogroups.com dissent-request@userhome.com djbennett@blueyonder.co.uk dmgexternal@bt-sys.bt.co.uk dmichel@atlargestudy.org dtoube@cgsh.com dweston@cqm.co.uk E1AyBKP-0004Qd-00@mrvnet.kundenserver.de easterisle@parascope.com eblack@startribune.com edbar@lineone.net edinfo@sussexmasons.org.uk editor@globalresearch.ca editor@mediaguardian.co.uk editor@monetary-reform.on.ca eibyr.hughes@nfucymruwales.org.uk emery.mike@btinternet.com engdc@acsu.buffalo.edu enquiries@essex-lodges.org enquiries@freemasonsofcheshire.org.uk entetu@tpu.fi eratier@faits-et-documents.com ericlee@labourstart.org erik225@knoware.nl f.diaz@ucl.ac.uk fabian@unpopular.demon.co.uk fantasia39@hotmail.com FBOYLE@LAW.UIUC.EDU FFWi@aol.com fpf@chello.nl freepress@cpbf.org.uk frendz@marsbard.com friendly_fireuk@yahoo.co.uk friestaat@yahoo.com g.murdock@lboro.ac.uk Gene.Taft@perseusbooks.com genvaler@belgacom.net gerald_bisson@hotmail.com ghealy@europarl.eu.int giles.fraser@parishofputney.co.uk ginnyfelton@compuserve.com global@devil.com gordonc@belmont.carenet.org.uk graham@bowerman.org.uk grattan_healy@compuserve.com gregory.palast@guardian.co.uk griffinb@cwcom.net groenfr@dds.nl gshalif@netvision.net.il gv...@verizon.net h2o@tekomedia.de h5414@accor.com hammond@sunshine-project.org heather@teknopunx.co.uk I_Neal@imeche.org.uk ianneal@fastmail.fm i-contact@videonetwork.org info.office@bristol.ac.uk info@beds-freemasonry.org info@bod.org.uk info@engdahl.oilgeopolitics.net info@hgalert.org info@hotelasur.com info@mcspotlight.org info@milansperanza.it info@orientexpresshotel.com info@probe.org info@uscib.org iswor@aol.com j18discussion@gn.apc.org jamie.shea@nato.gov.world jamiehartz@gn.apc.org JAMYOUNG@compuserve.com jcbeadle@btconnect.com jfrijns@antenna.nl jgholdsworth@supanet.com jimmy.1959@hotmail.co.uk jmdf@globalnet.co.uk jmw859@aol.com jnpresse@pt.lu john.mas...@multiline.com.au john.mcneece@jm-pr.com john.papworth@btinternet.com john@courtjb.freeserve.co.uk joncarpenterpublishing@compuserve.com jpchance@egroups.com jsansone@rcn.com jschneider5@bloomberg.net jshields@sun-sentinel.com jtwg@bellsouth.net jtwood3@home.com juliam@coxnews.com jw@clearwellcaves.com jwagner@jupitermedia.com jwhitley@inforamp.net jzogby@aaiusa.org k0012569@kingston.ac.uk kemal_jebril@hotmail.com kevin.maguire@guardian.co.uk keziah@globalismnews.com kkumar@startribune.com klaus@hauptgewinn.de kolyaab@hotmail.com kristian.vedaa@saas.no lAK@care4free.net lauch.martin@utanet.at lawfirm@danowsky.se lawya@leeds.ac.uk lewis@ewhurst5.fsnet.co.uk libertylobby@earthlink.net lists@j12.org ludicrousdivers...@hotmail.com M.Peters@lmu.ac.uk maggie.okane@guardian.co.uk mail@lilliput-information.com majordomo@tao.ca mark.campbell10@virgin.net martin.wolf@ft.com martyn@daley.co.uk masons@warwickshirepgl.org masontruth@aol.com maurice2000@maurice2000.screaming.net mayday2000@egroups.com mayer@oakland.edu mbi@btinternet.com mclibel@globalnet.co.uk meacherm@parliament.uk merja.kivinen@eduskunta.fi mgmort@jerseymail.co.uk michaeljpeters@hotmail.com michel@icann.org michellenicolosi@seattlepi.com mike.manly@btintemet.com mikeruppert@earthlink.net mjwalsh@heythrop.ac.uk mmarkhollingsworth@talk21.com mpagano@efinancialnews.com mriemer@YellowTimes.org msra@fibertel.com.ar naima.bouteldja@gmail.com Newsresearcher3@amiplan.com nick.erran@ntlworld.com Nigel@warwickshirepgl.org northsandhunts@provoffice.fsnetco.uk nwprovince@mason-net.org office@eastkentfreemasons.org office@middlesexfreemasons.org.uk office@tlio.demon.co.uk oops@spanner.org p.harwood@ozannes.com p.preston@guardian.co.uk palacioestoril@mail.telepac.pt pasaojan@cc.jyu.fi paul.nuki@sunday-times.co.uk pduveen@yahoo.com pearlsteins@washpost.com pelasgos@hotmail.com pepis@googlegroups.com PEPIS@marsbard.com PEPIS-subscribe@googlegroups.com PEPIS-subscribe@yahoogroups.com peter@hickory65.freeserve.co.uk petergjones@clara.co.uk peterj.mason@lineone.net pga@agp.org pgc@btconnect.com pgc@edsw.freeserve.co.uk pgcleics@hotrnail.com pgl@durhamfreemason.org pgl@durharnfreemasons.org pgl@edsw.freeserve.co.uk pgl@wrprovince.co.uk pgl1eics@hotmail.com pglsuffolk@suffolkfreemason.org.uk PGScribeE@freemasons-westkent.org.uk pgsec@freemasons-westkent.org.uk pgsec@monmasons.org.uk pgsec@pglcambs.org.uk plever@waitrose.com predwood@phonecoop.coop presidentsregister@cec.eu.int press@google.com profdog@thekenneI6.fsnet.co.uk protein@techsploitation.com provchapter@btopenworld.com prov-gchapter-surrey@lineone.net provgcnfk@aol.com provgsec@berkspgl.org.uk ProvGSecretary@pglherts.demon.co.uk Province@somerset63.freeserve.co.uk province_of_bristol@lineone.net provincial@worcestershire-freemasons.org.uk provincial-secretary@hantsandiow.fsnet.co.uk psorahan@compuserve.com pww@pww.org r.cook@guardian.co.uk radical@globalnet.co.uk randsmarshall@btinternet.com ray@ray-martland.co.uk rbricknell@aol.com rdy4battle@aol.com richard.sambrook@bbc.co.uk Richard@hardaker4.freeserve.co.uk right-left@savanne.ch rlawson@gn.apc.org rmcgehee@igc.org robert.r.styles@si.shell.com robin@lobster.karoo.co.uk roddyray@cwgsy.net rodpitham@aol.com roundtable@geocities.com roundtable@mail.geocities.com rowenathursby@onetel.com RowenaThursby@onetel.net.uk royalarch@lowin.net rparry@ix.netcom.com russjer@hotmail.com s.milne@guardian.co.uk salbuchi@fibertel.com.ar schindler@presroi.de schnews@brighton.co.uk scre@btconnect.com scribee@nottsmasons.org.uk secretariat@eastlancsmasons.org.uk secretary@derbyshiremason.org secretary@nottsmasons.org.uk secretary@oxfordshiremasons.org.uk secretary@pglstaffordshire.co.uk seminars@kissingerassoc.com service@copvcia.com smithy@mindspring.com SMye5@aol.com social.credit@virgin.net southern.eye@bbc.co.uk spectre@worldcom.ch staff-app@dmoz.org STEVECLAUDIA@MCR1.poptel.org.uk stevenswan@earthlink.net stopnato-subscribe@listbot.com subscribe@schnews.org.uk subscribe-kw@icai-online.org t_taylor@dxy.co.uk taylormoore@ukgateway.net tbird331@attbi.com tburghardt@igc.org the_roundtable@iname.com thinkers@tm.net.my thomasharris@net.ntl.com titus.alexander@mcr1.poptel.org.uk tjohnson@herald.com tmcclu@aol.com tomto5@yahoo.com tony.blair@parliament.gov.uk tony@cultureshop.org.uk tony@gaia.org tony@tlio.org.uk tonyg@citipages.net trustnowun@yahoo.com tudormorris@hotmail.com UK_Left_Network@yahoogroups.com ukgold@bbc.co.uk umitsayin@gmail.com unconfigured@htdig.searchengine.maintainer valmontnoir@sapo.pt vi_blir_lurt@yahoo.com vomituk@my-deja.com VoxPax@aol.com wb50years@igc.org westlancs.masons@btinemet.com westlancs.masons@btintemet.com wolvrail@amicro.co.uk www@xxxxxxxx.net xxxxx-shadow@xxxxxx.com xxxxxx@xxxxxx.com >>>Anonymous Fighters<<<