London Zoo - #InfoLeak #PawSec #NullAllZoos

1. #PawSecWasHere
2. #Op4Pawz #UnCaged. #NullAllZoos
3. _ _ _ _ _ _ _ _ _ _____
4. | \ | | | | | | | | / \ | | | |__ /___ ___ ___
5. | \| | | | | | | | / _ \ | | | / // _ \ / _ \/ __|
6. | |\ | |_| | |___| |___ / ___ \| | | / /| (_) | (_) \__ \
7. |_|_\_|\___/|_____|_____|_/_/ \_\_|_| /____\___/ \___/|___/
8. _| || |_| | | |_ __ / ___|__ _ __ _ ___ __| |
9. |_ .. _| | | | '_ \| | / _` |/ _` |/ _ \/ _` |
10. |_ _| |_| | | | | |__| (_| | (_| | __/ (_| |
11. |_||_| \___/|_| |_|\____\__,_|\__, |\___|\__,_|
12. _.-"|___/ | "-._
13. _.-"| |" | | | -._
14. _.-"| | | | | | |"-._
15. _.-"| | | | | | | | |"-._
16. _.-"`| | | | | | | | | | |`"-._
17. _.-" | | | __|.-~|~-.| |_..|.__| | | | | "-._
18. " | | | |' | ` | \|~"~| | |`-.| | | | | "
19. | | | /| _ | |) |\ | | | |\ | | | |
20. | | | /`| a)| | | | | | | | `\| | | |
21. | | |:` | | /| | | | | | | | | | |
22. | |`-.||` |.-.| ( | |/ |. | | | `;|\ | | |
23. | |`-.|`--|_.'|.;\|__/| | | .| | ||\\ | | |
24. | _ | |:--| | | | | /| |/ | | .'| \\| | |
25. |("\| /|/ | | | | | ' | | | | / | :|; | |
26. |`\'|_/`| | | .\| |/`~|=-.| | |/ | `| | |
27. | `|_.'| | | /`| || | |\ | |( | | | |
28. | | | | |/ |\ || | | `Y| /| \ | | | |
29. | | | | | /| Y || | | || /`| \| | | |
30. | | | | /| | | | || | | || | || | | | |
31. | | | | "-|-" |/__|| | | /_|_| |/__| | | |
32. | | | | | |'""| | | '"|" |"""| | | |
33. __|___|___|___|___|___|___|___|___|___|___|___|___|___|___|
34. ###################################################################################
35. We'll only be releasing tad nits of information...and a few vuln details.
36. We'll keep the 0day to ourselves. :]
37. ######################################################################################
38. Dumping Interesting/hidden files for the London Zoo...
39.  
40. Progress: 100% |||||||||||||||||||||||||||||||||||||||||||||||||||||||| Time: 00:05:59 4.88 B/s
41. [-] No HTTP/HTTPS provided. Assuming HTTP...
42. [-] Target: http://www.zsl.org
43. [I] Server: cloudflare-nginx
44. [L] X-Generator: Drupal 7 (http://drupal.org)
45. [L] Robots.txt Found: http://www.zsl.org/robots.txt
46. [I] CMS Detection: Drupal
47. [I] Drupal Version: 7.32
48. [M] EDB-ID: 25493 Date: 2013-05-17 Verified: No Title: CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x
49. [I] Drupal Theme: zsl
50. [////////////////////////////////////////]
51. [I] http://www.zsl.org/README.txt
52. [I] http://www.zsl.org/INSTALL.mysql.txt
53. [I] http://www.zsl.org/MAINTAINERS.txt
54. [I] http://www.zsl.org/profiles/standard/translations/README.txt
55. [I] http://www.zsl.org/profiles/minimal/translations/README.txt
56. [I] http://www.zsl.org/INSTALL.pgsql.txt
57. [I] http://www.zsl.org/UPGRADE.txt
58. [I] http://www.zsl.org/CHANGELOG.txt
59. [I] http://www.zsl.org/INSTALL.sqlite.txt
60. [I] http://www.zsl.org/LICENSE.txt
61. [I] http://www.zsl.org/INSTALL.txt
62. [I] http://www.zsl.org/COPYRIGHT.txt
63. [I] http://www.zsl.org/web.config
64. [I] http://www.zsl.org/modules/README.txt
65. [I] http://www.zsl.org/modules/simpletest/files/README.txt
66. [I] http://www.zsl.org/modules/simpletest/files/javascript-1.txt
67. [I] http://www.zsl.org/modules/simpletest/files/php-1.txt
68. [I] http://www.zsl.org/modules/simpletest/files/sql-1.txt
69. [I] http://www.zsl.org/modules/simpletest/files/html-1.txt
70. [I] http://www.zsl.org/modules/simpletest/tests/common_test_info.txt
71. [I] http://www.zsl.org/modules/filter/tests/filter.url-output.txt
72. [I] http://www.zsl.org/modules/filter/tests/filter.url-input.txt
73. [I] http://www.zsl.org/modules/search/tests/UnicodeTest.txt
74. [I] http://www.zsl.org/themes/README.txt
75. [I] http://www.zsl.org/themes/stark/README.txt
76. [I] http://www.zsl.org/sites/README.txt
77. [I] http://www.zsl.org/sites/all/themes/README.txt
78. [I] http://www.zsl.org/modules/simpletest/files/html-2.html
79. [I] http://www.zsl.org/modules/color/preview.html
80. [I] http://www.zsl.org/themes/bartik/color/preview.html
81. [\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]
82. [L] http://www.zsl.org/.bash_profile.txt
83. [L] http://www.zsl.org/.bashrc.txt
84. [L] http://www.zsl.org/.logs.txt
85. [L] http://www.zsl.org/.default.txt
86. [L] http://www.zsl.org/.db_config.txt
87. [L] http://www.zsl.org/.old.txt
88. [L] http://www.zsl.org/.secret.txt
89. [L] http://www.zsl.org/.queries.txt
90. [L] http://www.zsl.org/.private.txt
91. [L] http://www.zsl.org/.sql.txt
92. [L] http://www.zsl.org/.query.txt
93. [L] http://www.zsl.org/.temp.txt
94. [L] http://www.zsl.org/.temp2.txt
95. [L] http://www.zsl.org/.logs.php
96. [L] http://www.zsl.org/.bash_profile.php
97. [L] http://www.zsl.org/.default.php
98. [L] http://www.zsl.org/.db_config.php
99. [L] http://www.zsl.org/.bashrc.php
100. [L] http://www.zsl.org/.queries.php
101. [L] http://www.zsl.org/.private.php
102. [L] http://www.zsl.org/.secret.php
103. [L] http://www.zsl.org/.old.php
104. [L] http://www.zsl.org/.sql.php
105. [L] http://www.zsl.org/.query.php
106. [L] http://www.zsl.org/.temp2.php
107. [L] http://www.zsl.org/.temp.php
108. [L] http://www.zsl.org/install.php
109. [L] http://www.zsl.org/status.php
110. [L] http://www.zsl.org/.default/
111. [L] http://www.zsl.org/.db_config/
112. [L] http://www.zsl.org/.bash_profile/
113. [L] http://www.zsl.org/.bashrc/
114. [L] http://www.zsl.org/.logs/
115. [L] http://www.zsl.org/.query/
116. [L] http://www.zsl.org/.queries/
117. [L] http://www.zsl.org/.old/
118. [L] http://www.zsl.org/.private/
119. [L] http://www.zsl.org/.secret/
120. [L] http://www.zsl.org/.temp/
121. [L] http://www.zsl.org/.sql/
122. [L] http://www.zsl.org/.temp2/
123. [L] http://www.zsl.org/phpmyadmin/
124. [L] http://www.zsl.org/.bashrc.html
125. [L] http://www.zsl.org/.bash_profile.html
126. [L] http://www.zsl.org/.db_config.html
127. [L] http://www.zsl.org/.logs.html
128. [L] http://www.zsl.org/.default.html
129. [L] http://www.zsl.org/.old.html
130. [L] http://www.zsl.org/.queries.html
131. [L] http://www.zsl.org/.private.html
132. [L] http://www.zsl.org/.query.html
133. [L] http://www.zsl.org/.temp.html
134. [L] http://www.zsl.org/.sql.html
135. [L] http://www.zsl.org/.secret.html
136. [L] http://www.zsl.org/.temp2.html
137. [I] Forgotten Password Allows Username Enumeration: http://www.zsl.org/?q=user/password
138. [\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]
139. -] Search Drupal Module ...
140. Progress: 100% |||||||||||||||||||||||||||||||||||||||||||||||||||||||| Time: 00:28:43 6.37 B/s
141. [-] Searching Vulnerable Plugins from ExploitDB website ...
142.  
143. [I] aggregator
144. [I] block
145. [I] blog
146. [I] book
147. [I] color
148. [I] comment
149. [I] contact
150. [I] contextual
151. [I] dashboard
152. [I] dblog
153. [I] field
154. [I] field_ui
155. [I] file
156. [I] filter
157. [I] forum
158. [I] help
159. [I] image
160. [I] locale
161. [I] menu
162. [I] node
163. [I] openid
164. [I] overlay
165. [I] path
166. [I] php
167. [I] poll
168. [I] profile
169. [I] rdf
170. [I] search
171. [I] shortcut
172. [I] simpletest
173. [I] statistics
174. [I] syslog
175. [I] system
176. [I] taxonomy
177. [I] toolbar
178. [I] tracker
179. [I] translation
180. [I] trigger
181. [I] update
182. [I] user
183. [//////////////////////////////////////]
184. Caging animal is NOT cute, it's cruel and inhumane.
185. Welcome to #UnCaged, where we target and expose and and all zoo's we come across.
186. #PawSec