From c8705de960049d41665f8cd76e8455b15a7a8917 Mon Sep 17 00:00:00 2001
From: bt3gl <mari.wahl9@gmail.com>
Date: Thu, 20 Nov 2014 10:06:55 -0500
Subject: [PATCH] websecurity

---
 Web_Security/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Web_Security/README.md b/Web_Security/README.md
index 20200bc..c8339b3 100644
--- a/Web_Security/README.md
+++ b/Web_Security/README.md
@@ -49,6 +49,7 @@ $ wget -rck <TARGET-WEBSITE>
 
 ```
 $ /wget -r -l1 -H -t1 -nd -N -nd -N -A.swf -erobots=off <WEBSITE> -i output_swf_files.txt
+```
 
 * Once we have identified and downloaded *.swf files, we must analyze the code, the functions (as *loadMovie*) variables in order to identify those that call and allow other types of vulnerabilities such as cross site scripting. Below shows some vulnerable functions:
 
@@ -72,7 +73,7 @@ ExternalInterface.addCallback
 SharedObject.getLocal, SharedObject.getRemote
 ```
 
-		* authentication system: the first thing is to determine if the website stored the credentials in the browser. This could be exploited with attacks on defaults accounts and dictionary attacks. The default accounts are: admin, administrator, root, system, user, default, name application. We can use **hydra** for this:
+* authentication system: the first thing is to determine if the website stored the credentials in the browser. This could be exploited with attacks on defaults accounts and dictionary attacks. The default accounts are: admin, administrator, root, system, user, default, name application. We can use **hydra** for this:
 
 ```
 $ hydra -L users.txt -P pass.txt <WEBSTE> http-head/private