API tools faq
paste
Advertisement
Wave

#OpPedoChat information and scan: children-agency.net - SQLI

Wave
Jul 15th, 2012
688
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.33 KB | None | 0 0
raw download clone embed print report
  1. http://children-agency.net
  2. twitter-; @WaveAnonops
  3. --------------------------------------------------
  4. - Nikto v2.1.4
  5. ---------------------------#------------------------------------------------
  6. + Target IP: 94.102.49.121
  7. + Target Hostname: children-agency.net
  8. + Target Port: 80
  9. + Start Time: 2012-07-16 12:58:56
  10. ---------------------------------------------------------------------------
  11. + Server: nginx/1.0.14
  12. + Retrieved x-powered-by header: PHP/5.1.6
  13. + No CGI Directories found (use '-C all' to force check all possible dirs)
  14. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  15. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  16. + Default account found for 'phpMyAdmin localhost' at /phpmyadmin/ (ID 'admin', PW ''). Generic account discovered.
  17. + OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  18. + OSVDB-3092: /phpMyAdmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  19. + OSVDB-3092: /manual/: Web server manual found.
  20. + OSVDB-3268: /icons/: Directory indexing found.
  21. + OSVDB-3268: /manual/images/: Directory indexing found.
  22. + OSVDB-3233: /icons/README: Apache default file found.
  23. + 6448 items checked: 9 error(s) and 10 item(s) reported on remote host
  24. + End Time: 2012-07-16 13:11:38 (762 seconds)
  25.  
  26. ----- children-agency.net -----
  27. Host's addresses:
  28. __________________
  29. children-agency.net 86331 IN A 94.102.49.121
  30. Name Servers:
  31. ______________
  32. ns1.dns-force.net 86400 IN A 94.102.49.121
  33. ns2.dns-force.net 86400 IN A 94.102.49.121
  34. Mail (MX) Servers:
  35. ___________________
  36. Trying Zone Transfers and getting Bind Versions:
  37. _________________________________________________
  38. Trying Zone Transfer for children-agency.net on ns1.dns-force.net ...
  39. children-agency.net 86400 IN SOA
  40. children-agency.net 86400 IN A 94.102.49.121
  41. children-agency.net 86400 IN NS
  42. children-agency.net 86400 IN NS
  43. *.children-agency.net 86400 IN A 94.102.49.121
  44.  
  45. ns1.dns-force.net Bind Version: "9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
  46.  
  47. Trying Zone Transfer for children-agency.net on ns2.dns-force.net ...
  48. children-agency.net 86400 IN SOA
  49. children-agency.net 86400 IN A 94.102.49.121
  50. children-agency.net 86400 IN NS
  51. children-agency.net 86400 IN NS
  52. *.children-agency.net 86400 IN A 94.102.49.121
  53.  
  54. ns2.dns-force.net Bind Version: "9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
  55. Wildcards detected, all subdomains will point to the same IP address
  56. -----------------------------------------------------------------------------
  57. Synopsis:
  58. The remote DNS server could be used in a distributed denial of service attack.
  59. 

Description
:
  60. The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.
  61.  
  62. Synopsis: The remote DNS server is vulnerable to cache snooping attacks.
  63.  
  64. Synopsis: The remote name server allows recursive queries to be performed by the host running nessusd.
  65. ----------------
  66. Discovered open port 22/tcp on 94.102.49.121
  67. Discovered open port 80/tcp on 94.102.49.121
  68. Discovered open port 53/tcp on 94.102.49.121
  69. --------------
  70. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
  71. 53/tcp open domain
  72. | dns-zone-transfer:
  73. | children-agency.net SOA ns1.dns-force.net hostmaster.dns-force.net
  74. | children-agency.net A 94.102.49.121
  75. | children-agency.net NS ns1.dns-force.net
  76. | children-agency.net NS ns2.dns-force.net
  77. | *.children-agency.net A 94.102.49.121
  78. |_children-agency.net SOA ns1.dns-force.net hostmaster.dns-force.net
  79. 80/tcp open http nginx 1.0.14
  80. | html-title: PRETEEN MODELS | LITTLE MODELS |_NON NUDE MODELS
  81. 1720/tcp filtered H.323/Q.931
  82. ------------
  83. http://admin:@children-agency.net/phpMyAdmin/
  84. username:admin
  85. password:*blank*
  86. --------------------SQLI---------------
  87. url: children-agency.net/out.php?link=wavewavewavewave
  88. parameter: link=wavewavewavewave
  89. type:string
  90. keyword/actionurl= PRETEEN
  91. vulnerability= URL SQL INJECTION
  92. --------------------------------------
  93. url: children-agency.net/out.php?link=9999999999999
  94. parameter: link=9999999999999
  95. type:interger
  96. vulnerability: URL SQL INJECTION
  97. ------------------------------
  98. #We are Anonymous
  99. #We are Legion
  100. #We do not forgive
  101. #We do not forget
  102. #Expect us
  103. #OpPedoChat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!