#OpPedoChat - teenboyswank.com info

1. Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
2.  
3. OpPedoChat --> Target information for teenboyswank.com
4. Moar info: http://pastebin.com/rXYfrTKf
5.  
6. If you deface, use http://i.imgur.com/gbvDT.png
7.  
8. ###################################################################
9.  
10. ---------------------------------------------------------------------------
11. + Target IP: 78.41.201.14
12. + Target Hostname: teenboyswank.com
13. + Target Port: 80
14. + Start Time: 2012-07-10 23:09:20
15. ---------------------------------------------------------------------------
16. + Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
17. + Retrieved x-powered-by header: PHP/5.3.13
18. + No CGI Directories found (use '-C all' to force check all possible dirs)
19. + robots.txt contains 2 entries which should be manually viewed.
20. + mod_ssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may depend on server version)
21. + Number of sections in the version string differ from those in the database, the server reports: openssl/1.0.0-fips while the database has: 1.0.0.100. This may cause false positives.
22. + OpenSSL/1.0.0-fips appears to be outdated (current is at least 1.0.0d). OpenSSL 0.9.8r is also current.
23. + FrontPage/5.0.2.2635 appears to be outdated (current is at least 5.0.4.3) (may depend on server version)
24. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
25. + FrontPage - http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html
26. + mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
27. + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted yet. DO IT FOR THE LULZ.
28. + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
29. + /catinfo?<u><b>TESTING: The Interscan Viruswall catinfo script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
30. + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
31. + OSVDB-3931: /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
32. + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
33. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
34. + OSVDB-4598: /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
35. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
36. + OSVDB-3092: /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals: We seem to have authoring access to the FrontPage web.
37. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
38. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
39. + OSVDB-3233: /postinfo.html: Microsoft FrontPage default file found.
40. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
41. + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
42. + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
43. + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
44. + OSVDB-3092: /buy/: This might be interesting...
45. + OSVDB-3092: /download/: This might be interesting...
46. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
47. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
48. + OSVDB-3233: /_vti_inf.html: FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).
49. + OSVDB-3093: /FCKeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
50. + OSVDB-3093: /Script/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
51. + OSVDB-3093: /sites/all/modules/fckeditor/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
52. + OSVDB-3093: /modules/fckeditor/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
53. + OSVDB-3093: /class/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
54. + OSVDB-3093: /inc/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
55. + OSVDB-3093: /sites/all/libraries/fckeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers.
56. + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
57. + /ampache/update.php: Ampache update page is visible.
58. + OSVDB-3092: /ad/: This might be interesting... potential country code (Andorra)
59. + /wp-content/plugins/akismet/readme.txt: The WordPress Akismet plugin 'Tested up to' version usually matches the WordPress version
60. + /readme.html: This WordPress file reveals the installed version.
61. + OSVDB-3092: /license.txt: License file found may identify site software.
62. + /wordpress/: A Wordpress installation was found.
63.  
64.  
65. robots.txt
66.  
67. User-agent: *
68. Disallow: /wp-admin/
69. Disallow: /wp-includes/
70.  
71. Sitemap: http://teenboyswank.com/sitemap.xml.gz
72.  
73. We are Anonymous.
74. We are Legion.
75. We do not Forgive.
76. We do not Forget.
77. Expect Us.
78.  
79. Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne