Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
- OpPedoChat --> Target information, Sabrina1.com / Boyplayground.net / www.modernblmag.net
- Moar info: http://pastebin.com/rXYfrTKf
- + Target IP: 85.17.36.172
- + Target Hostname: sabrina1.com
- + Target Port: 80
- + Start Time: 2012-07-10 15:01:45
- ---------------------------------------------------------------------------
- + Server: Apache
- + Server banner has changed from Apache to Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1, this may suggest a WAF or load balancer is in place
- + ETag header found on server, inode: 3603841, size: 3950, mtime: 0xf28b1d80
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
- + OSVDB-3092: /card/: This might be interesting...
- + OSVDB-3268: /im/: Directory indexing found.
- + OSVDB-3092: /im/: This might be interesting... potential country code (Isle Of Man)
- ###############################################################################
- ---------------------------------------------------------------------------
- + Target IP: 208.113.237.165
- + Target Hostname: www.boyplayground.net
- + Target Port: 80
- + Start Time: 2012-07-10 18:07:22
- ---------------------------------------------------------------------------
- + Server: Apache
- + OSVDB-3268: /cgi-bin/: Directory indexing found.
- + robots.txt contains 1 entry which should be manually viewed.
- + ETag header found on server, fields: 0x6f1 0x4c3d9c1de6761
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
- + OSVDB-3092: /forum/: This might be interesting...
- + OSVDB-3092: /cgi-bin/: This might be interesting... possibly a system shell found.
- + OSVDB-3093: /forum/member.php: This might be interesting... has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /forum/newreply.php: This might be interesting... has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /forum/newthread.php: This might be interesting... has been seen in web logs from an unknown scanner.
- ###############################################################################
- ---------------------------------------------------------------------------
- + Target IP: 88.80.30.4
- + Target Hostname: www.modernblmag.net
- + Target Port: 80
- + Start Time: 2012-07-10 19:36:37
- ---------------------------------------------------------------------------
- + Server: Apache/2.2.17 (Ubuntu)
- + Server banner has changed from Apache/2.2.17 (Ubuntu) to Varnish, this may suggest a WAF or load balancer is in place
- + robots.txt contains 36 entries which should be manually viewed.
- + ETag header found on server, fields: 0x1341863242
- + Retrieved x-powered-by header: PHP/5.3.6-13ubuntu3.7
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + /WEB-INF/web.xml: JRUN default file found.
- + OSVDB-3092: /web.config: ASP config file is accessible.
- + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
- + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-2799: /scripts/dose.pl?daily&somefile.txt&|ls|: DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
- + OSVDB-3092: /forum/: This might be interesting...
- + OSVDB-3092: /poll: This might be interesting...
- + OSVDB-3092: /user/: This might be interesting...
- + OSVDB-3268: /icons/: Directory indexing found.
- + OSVDB-3092: /UPGRADE.txt: Default file found.
- + OSVDB-3092: /install.php: Drupal install.php file found.
- + OSVDB-3092: /install.php: install.php file found.
- + OSVDB-3092: /LICENSE.txt: License file found may identify site software.
- + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
- + OSVDB-3233: /INSTALL.mysql.txt: Drupal installation file found.
- + OSVDB-3233: /INSTALL.pgsql.txt: Drupal installation file found.
- + OSVDB-3233: /icons/README: Apache default file found.
- robots.txt
- User-agent: *
- Crawl-delay: 10
- # Directories
- Disallow: /includes/
- Disallow: /misc/
- Disallow: /modules/
- Disallow: /profiles/
- Disallow: /scripts/
- Disallow: /themes/
- # Files
- Disallow: /CHANGELOG.txt
- Disallow: /cron.php
- Disallow: /INSTALL.mysql.txt
- Disallow: /INSTALL.pgsql.txt
- Disallow: /INSTALL.sqlite.txt
- Disallow: /install.php
- Disallow: /INSTALL.txt
- Disallow: /LICENSE.txt
- Disallow: /MAINTAINERS.txt
- Disallow: /update.php
- Disallow: /UPGRADE.txt
- Disallow: /xmlrpc.php
- # Paths (clean URLs)
- Disallow: /admin/
- Disallow: /comment/reply/
- Disallow: /filter/tips/
- Disallow: /node/add/
- Disallow: /search/
- Disallow: /user/register/
- Disallow: /user/password/
- Disallow: /user/login/
- Disallow: /user/logout/
- # Paths (no clean URLs)
- Disallow: /?q=admin/
- Disallow: /?q=comment/reply/
- Disallow: /?q=filter/tips/
- Disallow: /?q=node/add/
- Disallow: /?q=search/
- Disallow: /?q=user/password/
- Disallow: /?q=user/register/
- Disallow: /?q=user/login/
- Disallow: /?q=user/logout/
- We are Anonymous.
- We are Legion.
- We do not Forgive.
- We do not Forget.
- Expect Us.
- Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement