Skip to content

Instantly share code, notes, and snippets.

@afuggini

afuggini/mercadolibre-scan.md

Created February 9, 2026 19:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save afuggini/b89315021bcad2630b1848838e665a10 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save afuggini/b89315021bcad2630b1848838e665a10 to your computer and use it in GitHub Desktop.
Download ZIP
MercadoLibre.com.ar Security Scan
Raw
mercadolibre-scan.md

🎯 MercadoLibre.com.ar - Security Scan

Date: 2026-02-09 19:07 UTC
Scanner: Bounty Hunt CLI v4.0
Target: https://www.mercadolibre.com.ar

📊 Executive Summary

Metric Result
Overall Risk Score 35/100 (Low-Medium) 🟡
Critical Issues 0
High Issues 0
Medium Issues 1
Low Issues 1

🔍 Findings

1. HTTP Methods (Medium Risk)

Issue: Dangerous HTTP methods return 403 instead of 405

Method Response Analysis
PUT 403 ⚠️ Blocked by auth, not by method
DELETE 403 ⚠️ Blocked by auth, not by method
CONNECT Allowed ⚠️ Should be disabled
PATCH 403 ⚠️ Blocked by auth, not by method

Analysis: Better than Clarín (which returns 200), but the proper response should be 405 Method Not Allowed, not 403 Forbidden. The 403 suggests the method is accepted but authorization fails.

Risk: Medium - Methods are blocked but misconfigured

2. Endpoint Discovery

Metric Value
Endpoints Found 3
Hidden Endpoints 1

Discovered:

  • /profile → 301 (redirect)
  • /notifications → 200 ✅
  • /.env → 403 (blocked - good!)

Positive: Sensitive file .env is properly blocked.

3. Email Security

Check Status
SPF ✅ Valid
DMARC ⚠️ Not detected

4. Other Checks

Module Result
API Keys Exposed None found ✅
Serialization Vulns None found ✅
Cloud Buckets None exposed ✅
Cookies Secure ✅
CORS Not vulnerable ✅

🆚 Comparison with Clarín

Aspect MercadoLibre Clarín
PUT Response 403 200 🚨
DELETE Response 403 200 🚨
Risk Level Medium High
.env blocked ✅ Yes ✅ Yes

MercadoLibre has better security posture than Clarín.

🛡️ Security Posture

Strengths

  • ✅ Dangerous methods blocked (403)
  • ✅ Sensitive files protected
  • ✅ SPF email authentication
  • ✅ No exposed credentials
  • ✅ No serialization vulnerabilities
  • ✅ No exposed cloud buckets

Recommendations

  1. [Medium] Return 405 for PUT/DELETE instead of 403
  2. [Low] Configure DMARC for email security

📋 Proof of Concept

# HTTP Methods test
curl -X PUT https://www.mercadolibre.com.ar/ -w "%{http_code}" -o /dev/null
# Returns: 403 (should be 405)

curl -X DELETE https://www.mercadolibre.com.ar/ -w "%{http_code}" -o /dev/null
# Returns: 403 (should be 405)

🎯 Conclusion

MercadoLibre has a solid security posture with only minor configuration improvements recommended. The site properly blocks dangerous operations, protects sensitive files, and has email authentication configured.

Risk Score: 35/100 (Low-Medium) - No critical vulnerabilities found.

Generated by Bounty Hunt CLI v4.0
https://github.com/ArielFuggini/bounty-hunter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment