Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://children-agency.net
- twitter-; @WaveAnonops
- --------------------------------------------------
- - Nikto v2.1.4
- ---------------------------#------------------------------------------------
- + Target IP: 94.102.49.121
- + Target Hostname: children-agency.net
- + Target Port: 80
- + Start Time: 2012-07-16 12:58:56
- ---------------------------------------------------------------------------
- + Server: nginx/1.0.14
- + Retrieved x-powered-by header: PHP/5.1.6
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + Default account found for 'phpMyAdmin localhost' at /phpmyadmin/ (ID 'admin', PW ''). Generic account discovered.
- + OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
- + OSVDB-3092: /phpMyAdmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
- + OSVDB-3092: /manual/: Web server manual found.
- + OSVDB-3268: /icons/: Directory indexing found.
- + OSVDB-3268: /manual/images/: Directory indexing found.
- + OSVDB-3233: /icons/README: Apache default file found.
- + 6448 items checked: 9 error(s) and 10 item(s) reported on remote host
- + End Time: 2012-07-16 13:11:38 (762 seconds)
- ----- children-agency.net -----
- Host's addresses:
- __________________
- children-agency.net 86331 IN A 94.102.49.121
- Name Servers:
- ______________
- ns1.dns-force.net 86400 IN A 94.102.49.121
- ns2.dns-force.net 86400 IN A 94.102.49.121
- Mail (MX) Servers:
- ___________________
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for children-agency.net on ns1.dns-force.net ...
- children-agency.net 86400 IN SOA
- children-agency.net 86400 IN A 94.102.49.121
- children-agency.net 86400 IN NS
- children-agency.net 86400 IN NS
- *.children-agency.net 86400 IN A 94.102.49.121
- ns1.dns-force.net Bind Version: "9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
- Trying Zone Transfer for children-agency.net on ns2.dns-force.net ...
- children-agency.net 86400 IN SOA
- children-agency.net 86400 IN A 94.102.49.121
- children-agency.net 86400 IN NS
- children-agency.net 86400 IN NS
- *.children-agency.net 86400 IN A 94.102.49.121
- ns2.dns-force.net Bind Version: "9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
- Wildcards detected, all subdomains will point to the same IP address
- -----------------------------------------------------------------------------
- Synopsis:
- The remote DNS server could be used in a distributed denial of service attack.
- Description :
- The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
- Synopsis: The remote DNS server is vulnerable to cache snooping attacks.
- Synopsis: The remote name server allows recursive queries to be performed by the host running nessusd.
- ----------------
- Discovered open port 22/tcp on 94.102.49.121
- Discovered open port 80/tcp on 94.102.49.121
- Discovered open port 53/tcp on 94.102.49.121
- --------------
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- 53/tcp open domain
- | dns-zone-transfer:
- | children-agency.net SOA ns1.dns-force.net hostmaster.dns-force.net
- | children-agency.net A 94.102.49.121
- | children-agency.net NS ns1.dns-force.net
- | children-agency.net NS ns2.dns-force.net
- | *.children-agency.net A 94.102.49.121
- |_children-agency.net SOA ns1.dns-force.net hostmaster.dns-force.net
- 80/tcp open http nginx 1.0.14
- | html-title: PRETEEN MODELS | LITTLE MODELS |_NON NUDE MODELS
- 1720/tcp filtered H.323/Q.931
- ------------
- http://admin:@children-agency.net/phpMyAdmin/
- username:admin
- password:*blank*
- --------------------SQLI---------------
- url: children-agency.net/out.php?link=wavewavewavewave
- parameter: link=wavewavewavewave
- type:string
- keyword/actionurl= PRETEEN
- vulnerability= URL SQL INJECTION
- --------------------------------------
- url: children-agency.net/out.php?link=9999999999999
- parameter: link=9999999999999
- type:interger
- vulnerability: URL SQL INJECTION
- ------------------------------
- #We are Anonymous
- #We are Legion
- #We do not forgive
- #We do not forget
- #Expect us
- #OpPedoChat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement