API tools faq
paste
Advertisement
RussX9

Vulnrability Analysis Polri.go.id

RussX9
Jul 15th, 2015
400
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.49 KB | None | 0 0
raw download clone embed print report
  1. root@Khoiruddin:~ # uniscan -u http://www.polri.go.id -qweds
  2. ####################################
  3. # Uniscan project #
  4. # http://uniscan.sourceforge.net/ #
  5. ####################################
  6. V. 6.2
  7.  
  8.  
  9. Scan date: 15-7-2015 23:35:6
  10. ===================================================================================================
  11. | Domain: http://www.polri.go.id/
  12. | Server: nginx/1.2.1
  13. | IP: 118.97.127.240
  14. ===================================================================================================
  15. |
  16. | Directory check:
  17. ===================================================================================================
  18. |
  19. | File check:
  20. | [+] CODE: 200 URL: http://www.polri.go.id/index.php
  21. | [+] CODE: 200 URL: http://www.polri.go.id/phpinfo.php
  22. ===================================================================================================
  23. |
  24. | Check robots.txt:
  25. |
  26. | Check sitemap.xml:
  27. ===================================================================================================
  28. |
  29. | Crawler Started:
  30. | Plugin name: phpinfo() Disclosure v.1 Loaded.
  31. | Plugin name: E-mail Detection v.1.1 Loaded.
  32. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  33. | Plugin name: Code Disclosure v.1.1 Loaded.
  34. | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
  35. | Plugin name: Upload Form Detect v.1.1 Loaded.
  36. | Plugin name: FCKeditor upload test v.1 Loaded.
  37. | Plugin name: External Host Detect v.1.2 Loaded.
  38. | [+] Crawling finished, 31 URL's found!
  39. |
  40. | PHPinfo() Disclosure:
  41. | [+] phpinfo() page: http://www.polri.go.id/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
  42. | [+] phpinfo() page: http://www.polri.go.id/phpinfo.php
  43. | System: Linux nginx-php-fastcgi 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64
  44. | PHP version: 5.4.4-14+deb7u5
  45. | allow_url_fopen: On
  46. | allow_url_include: Off
  47. | disable_functions: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
  48. | OpenSSL Library Version: OpenSSL 1.0.1e 11 Feb 2013
  49. |
  50. | E-mails:
  51. | [+] E-mail Found: thm14-07-2015_news280615155824@250.jpg
  52. | [+] E-mail Found: license@php.net
  53. | [+] E-mail Found: 14-07-2015_news280615155824@250.jpg
  54. |
  55. | Timthumb:
  56. |
  57. | Source Code Disclosure:
  58. |
  59. | Web Backdoors:
  60. |
  61. | File Upload Forms:
  62. |
  63. | FCKeditor File Upload:
  64. |
  65. | External hosts:
  66. | [+] External Host Found: http://humas.polri.go.id
  67. | [+] External Host Found: http://wowslider.net
  68. |
  69. | Ignored Files:
  70. ===================================================================================================
  71. | Dynamic tests:
  72. | Plugin name: Learning New Directories v.1.2 Loaded.
  73. | Plugin name: FCKedior tests v.1.1 Loaded.
  74. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  75. | Plugin name: Find Backup Files v.1.2 Loaded.
  76. | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
  77. | Plugin name: Local File Include tests v.1.1 Loaded.
  78. | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
  79. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  80. | Plugin name: Remote File Include tests v.1.2 Loaded.
  81. | Plugin name: SQL-injection tests v.1.2 Loaded.
  82. | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
  83. | Plugin name: Web Shell Finder v.1.3 Loaded.
  84. | [+] 2 New directories added
  85. |
  86. |
  87. | FCKeditor tests:
  88. |
  89. |
  90. | Timthumb < 1.33 vulnerability:
  91. |
  92. |
  93. | Backup Files:
  94. |
  95. |
  96. | Blind SQL Injection:
  97. | [+] Vul [Blind SQL-i]: http://www.polri.go.id/[CENSORED]
  98. | [+] Vul [Blind SQL-i]: http://www.polri.go.id/[CENSORED]
  99. | [+] Keyword: Seruduk
  100. | [+] Keyword: Siapkan
  101. | [+] Vul [Blind SQL-i]: http://www.polri.go.id/[CENSORED]
  102. | [+] Keyword: Ditutup
  103. | [+] Vul [Blind SQL-i]: http://www.polri.go.id/[CENSORED]
  104. | [+] Keyword: Melawi
  105. | [+] Vul [Blind SQL-i]: http://www.polri.go.id/[CENSORED]
  106. | [+] Keyword: mengantisipasi
  107. |
  108. |
  109. | Local File Include:
  110. |
  111. |
  112. | PHP CGI Argument Injection:
  113. |
  114. |
  115. | Remote Command Execution:
  116. |
  117. |
  118. | Remote File Include:
  119. |
  120. |
  121. | SQL Injection:
  122. |
  123. |
  124. | Cross-Site Scripting (XSS):
  125. |
  126. |
  127. | Web Shell Finder:
  128. ===================================================================================================
  129. | Static tests:
  130. | Plugin name: Local File Include tests v.1.1 Loaded.
  131. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  132. | Plugin name: Remote File Include tests v.1.1 Loaded.
  133. |
  134. |
  135. | Local File Include:
  136. |
  137. |
  138. | Remote Command Execution:
  139. |
  140. |
  141. | Remote File Include:
  142. ===================================================================================================
  143. Scan end date: 15-7-2015 23:45:28
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!