Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
- OpPedoChat --> Scan for boybeauty.com (thx @M3D0X)
- Moar info: http://pastebin.com/rXYfrTKf
- If you deface, use http://i.imgur.com/gbvDT.png
- ---------------------------------------------------------------------------
- + Target IP: 78.41.201.14
- + Target Hostname: boybeauty.com
- + Target Port: 80
- + Start Time: 2012-07-11 22:18:55
- ---------------------------------------------------------------------------
- + Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
- + Retrieved x-powered-by header: PHP/5.3.13
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + robots.txt contains 2 entries which should be manually viewed.
- + mod_ssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may depend on server version)
- + Number of sections in the version string differ from those in the database, the server reports: openssl/1.0.0-fips while the database has: 1.0.0.100. This may cause false positives.
- + OpenSSL/1.0.0-fips appears to be outdated (current is at least 1.0.0d). OpenSSL 0.9.8r is also current.
- + FrontPage/5.0.2.2635 appears to be outdated (current is at least 5.0.4.3) (may depend on server version)
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
- + FrontPage - http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html
- + mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
- + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
- + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-3931: /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-4598: /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-3092: /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals: We seem to have authoring access to the FrontPage web.
- + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-3233: /postinfo.html: Microsoft FrontPage default file found.
- + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
- + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
- + OSVDB-3268: /_vti_bin/: Directory indexing found.
- + OSVDB-3233: /_vti_bin/: FrontPage directory found.
- + OSVDB-3233: /_vti_inf.html: FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).
- + OSVDB-3268: /images/: Directory indexing found.
- + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
- + OSVDB-3093: /FCKeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /Script/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /sites/all/modules/fckeditor/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /modules/fckeditor/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /class/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /inc/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3093: /sites/all/libraries/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
- + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
- + /ampache/update.php: Ampache update page is visible.
- + /readme.html: This WordPress file reveals the installed version.
- + OSVDB-3092: /license.txt: License file found may identify site software.
- + /wordpress/: A Wordpress installation was found.
- + 6448 items checked: 32 error(s) and 43 item(s) reported on remote host
- We are Anonymous.
- We are Legion.
- We do not Forgive.
- We do not Forget.
- Expect Us.
- Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement