Facebook vuls by SUP3RM4N AND KORZUS -CYBER HATS

Facebook vuls by SUP3RM4N AND KORZUS -CYBER HATS

Like any good hacker in your goodbyes, it left a legacy, a legacy that will be followed
 by future generations inspired it. We, the directors of Cyber Hats, Korzus Tesla and
SUP3RM4N to celebrate my "retirement" in the hacker world, I Korzus along to our great
 SUP3RM4N divulge critical vulnerabilities found on facebook. From SQL Injection to many
 others. A hacker never die, they just live a new life in a new way, real life. Our force
 anyone to our firepower is infinite, pixel by pixel is explored by us, byte by byte we
sailed to our goal, in a relentless struggle for knowledge. Cyber Hats, the virtual Lords,
 who run after knowledge, humbly. There is nothing to stop us, no firewall or anti-virus.
 Our strength depends only on our knowledge and ability to learn, we are invulnerable
because we are human, and no machine can beat us. We are Cyber Hats, we are the legend,
 we have a legacy and it will be maintained to the ever ever, beyond infinity.

vul sql :http://apps.facebook.com/g_dircom/index.php?id=1
VUL SQL :http://apps.facebook.com/mobipride/index.php?id=42
vul sql:http://apps.facebook.com/viewmycalendar/index.php?id=161
PROGRAMATION ERROR:http://apps.facebook.com/mobipride/
PROGRAMATION ERROR:http://apps.facebook.com/g_dircom/
PROGRAMARION ERROR:http://apps.facebook.com/viewmycalendar/
JAVA SCRIPTING ERROR:http://apps.facebook.com/galacticosfootball/en/soccer/simulation/playerpublic/6743
REMORE SERVER CAN BE INFECTED WITH THE NINDA VIRUS:http://apps.facebook.com/mobipride/mobipride/readme.eml
POSSIBLE HAVE INFORMATION ABOUT ANY FACEBOOK:https://graph.facebook.com/303943362983320/accounts/test-users?installed=true&name=test&permissions=HaCked+By+SUP3RM4N+CYBER+HATS&method=post&show_stream
CYBER HATS TEAM INFORMATION ABOUT US:https://graph.facebook.com/cyberhats
SERVER AKAMAI:https://fbstatic-a.akamaihd.net/rsrc.php/v2/y1/r/GbL5UMVTlQR.js

+ Target IP:          31.13.73.23
+ Target Hostname:    apps.facebook.com
+ Target Port:        80
+ Start Time:         2013-04-14 22:05:31 (GMT-3)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ Cookie reg_ext_ref created without the httponly flag
+ Cookie reg_fb_gate created without the httponly flag
+ Cookie reg_fb_ref created without the httponly flag
+ Uncommon header 'x-fb-debug' found, with contents: OxWZVhWyT6cCHntxYINhtUGLv7K
Fou7E70xNaK5gfXE=
+ Uncommon header 'x-frame-options' found, with contents: DENY
+ Uncommon header 'x-xss-protection' found, with contents: 0
+ Uncommon header 'x-content-type-options' found, with contents: nosniff
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ lines
+ /crossdomain.xml contains 0 line which should be manually viewed for improper
domains or wildcards.
+ File/dir '<script>window.Bootloader && Bootloader.done(["+mq8P"]);</script><sc
ript>new (require("ServerJS"))().handle({"require":[["removeArrayReduce"],["mark
JSEnabled"],["lowerDomain"],["QuicklingPrelude"],["Primer"]]})</script></head><b
ody class="ego_wide canvas center_fixed_width_app fbx UIPage_LoggedOut liquid hi
deBanner Locale_pt_BR"><div id="FB_HiddenContainer" style="position:absolute; to
p:-10000px; width:0px; height:0px;"></div><div class="_li"><div id="pagelet_blue
bar" data-referrer="pagelet_bluebar"><div id="blueBarHolder"><div id="blueBar"><
div><div class="loggedout_menubar_container"><div class="clearfix loggedout_menu
bar"><a class="lfloat" href="/" title="Ir para a p&' in robots.txt returned a no
n-forbidden or redirect HTTP code (400)
+ "robots.txt" contains 1 entry which should be manually viewed.
+ OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location he
ader. The value is "http://www.facebook.com/mobipride.".
+ Multiple index files found: default.asp, index.jhtml, index.php, index.htm, in
dex.pl, default.htm, index.aspx, default.aspx, index.asp, index.do, index.php3,
index.cfm, index.cgi, index.html, index.shtml
+ /mobipride/kboard/: KBoard Forum 0.3.0 and prior have a security problem in fo
rum_edit_post.php, forum_post.php and forum_reply.php
+ /mobipride/lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilitie
s including remote administrative access, harvesting user info and more. Default
 login to admin interface is admin/phplist
+ /mobipride/splashAdmin.php: Cobalt Qube 3 admin is running. This may have mult
iple security problems as described by www.scan-associates.net. These could not
be tested remotely.
+ /mobipride/ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /mobipride/sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /mobipride/tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be
viewed via a 'URL trick'. Default login/pass could be admin/admin
+ /mobipride/tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted W
iki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admi
n
+ /mobipride/scripts/samples/details.idc: See RFP 9901; www.wiretrip.net
+ OSVDB-396: /mobipride/_vti_bin/shtml.exe: Attackers may be able to crash Front
Page by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempt
ed.
+ OSVDB-637: /mobipride/~root/: Allowed to browse root's home directory.
+ /mobipride/cgi-bin/wrap: comes with IRIX 6.2; allows to view directories
+ /mobipride/forums//admin/config.php: PHP Config file may contain database IDs
and passwords.
+ /mobipride/forums//adm/config.php: PHP Config file may contain database IDs an
d passwords.
+ /mobipride/forums//administrator/config.php: PHP Config file may contain datab
ase IDs and passwords.
+ /mobipride/forums/config.php: PHP Config file may contain database IDs and pas
swords.
+ /mobipride/guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive i
nformation about its configuration.
+ /mobipride/guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the
admin password.
+ /mobipride/help/: Help directory should not be accessible
+ OSVDB-2411: /mobipride/hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-
cms-1.2.9-10 may reveal the administrator ID and password.
+ OSVDB-8103: /mobipride/global.inc: PHP-Survey's include file should not be ava
ilable via the web. Configure the web server to ignore .inc files or change this
 to global.inc.php
+ OSVDB-59620: /mobipride/inc/common.load.php: Bookmark4U v1.8.3 include files a
re not protected and may contain remote source injection by using the 'prefix' v
ariable.
+ OSVDB-59619: /mobipride/inc/config.php: Bookmark4U v1.8.3 include files are no
t protected and may contain remote source injection by using the 'prefix' variab
le.
+ OSVDB-59618: /mobipride/inc/dbase.php: Bookmark4U v1.8.3 include files are not
 protected and may contain remote source injection by using the 'prefix' variabl
e.
+ OSVDB-2703: /mobipride/geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains
 a SQL injection vulnerability that lets a remote attacker reset admin password.

+ OSVDB-8204: /mobipride/gb/index.php?login=true: gBook may allow admin login by
 setting the value 'login' equal to 'true'.
+ /mobipride/guestbook/admin.php: Guestbook admin page available without authent
ication.
+ /mobipride/getaccess: This may be an indication that the server is running get
Access for SSO
+ /mobipride/cfdocs/expeval/openfile.cfm: Can use to expose the system/server pa
th.
+ /mobipride/tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_i
ndex.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /mobipride/vgn/performance/TMT: Vignette CMS admin/maintenance script availabl
e.
+ /mobipride/vgn/performance/TMT/Report: Vignette CMS admin/maintenance script a
vailable.
+ /mobipride/vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance scri
pt available.
+ /mobipride/vgn/performance/TMT/reset: Vignette CMS admin/maintenance script av
ailable.
+ /mobipride/vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /mobipride/vgn/previewer: Vignette CMS admin/maintenance script available.
+ /mobipride/vgn/record/previewer: Vignette CMS admin/maintenance script availab
le.
+ /mobipride/vgn/stylepreviewer: Vignette CMS admin/maintenance script available
.
+ /mobipride/vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /mobipride/vgn/vr/Editing: Vignette CMS admin/maintenance script available.
+ /mobipride/vgn/vr/Saving: Vignette CMS admin/maintenance script available.
+ /mobipride/vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /mobipride/scripts/iisadmin/bdir.htr: This default script shows host info, may
 allow file browsing and buffer a overrun in the Chunked Encoding data transfer
mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.
com/technet/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-20
02-09.html.
+ /mobipride/scripts/iisadmin/ism.dll: Allows you to mount a brute force attack
on passwords
+ /mobipride/scripts/tools/ctss.idc: This CGI allows remote users to view and mo
dify SQL DB contents, server paths, docroot and more.
+ /mobipride/bigconf.cgi: BigIP Configuration CGI
+ /mobipride/blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed thr
ough a vulnerable SSI call.
+ OSVDB-4910: /mobipride/vgn/style: Vignette server may reveal system informatio
n through this file.
+ OSVDB-17653: /mobipride/SiteServer/Admin/commerce/foundation/domain.asp: Displ
ays known domains of which that server is involved.
+ OSVDB-17654: /mobipride/SiteServer/Admin/commerce/foundation/driver.asp: Displ
ays a list of installed ODBC drivers.
+ OSVDB-17655: /mobipride/SiteServer/Admin/commerce/foundation/DSN.asp: Displays
 all DSNs configured for selected ODBC drivers.
+ OSVDB-17652: /mobipride/SiteServer/admin/findvserver.asp: Gives a list of inst
alled Site Server components.
+ /mobipride/SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current
search catalog configurations
+ /mobipride/basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1
contains a XSS issue in 'message list' function/page
+ /mobipride/basilix/message-read.php3: BasiliX webmail application prior to 1.1
.1 contains a XSS issue in 'read message' function/page
+ /mobipride/clusterframe.jsp: Macromedia JRun 4 build 61650 remote administrati
on interface is vulnerable to several XSS attacks.
+ /mobipride/IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability
. Previous versions contain other non-descript vulnerabilities.
+ /mobipride/bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /mobipride/cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it
contains a backdoor to allow attackers to execute arbitrary commands.
+ OSVDB-6591: /mobipride/scripts/Carello/Carello.dll: Carello 1.3 may allow comm
ands to be executed on the server by replacing hidden form elements. This could
not be tested by Nikto.
+ /mobipride/scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
+ /mobipride/scripts/tools/dsnform: Allows creation of ODBC Data Source
+ OSVDB-17656: /mobipride/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.as
p: Used to create, modify, and potentially delete LDAP users and groups.
+ OSVDB-17657: /mobipride/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
: Used to create, modify, and potentially delete LDAP users and groups.
+ /mobipride/prd.i/pgen/: Has MS Merchant Server 1.0
+ /mobipride/readme.eml: Remote server may be infected with the Nimda virus.
+ /mobipride/scripts/httpodbc.dll: Possible IIS backdoor found.
+ /mobipride/scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
+ /mobipride/SiteServer/admin/: Site Server components admin. Default account ma
y be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp
/p/doc.asp/i1/d69.htm
+ /mobipride/siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
+ /mobipride/pccsmysqladm/incs/dbconnect.inc: This file should not be accessible
, as it contains database connectivity information. Upgrade to version 1.2.5 or
higher.
+ /mobipride/iisadmin/: Access to /iisadmin should be restricted to localhost or
 allowed hosts only.
+ /mobipride/PDG_Cart/oder.log: Shopping cart software log
+ /mobipride/ows/restricted%2eshow: OWS may allow restricted files to be viewed
by replacing a character with its encoded equivalent.
+ /mobipride/WEB-INF./web.xml: Multiple implementations of j2ee servlet containe
rs allow files to be retrieved from WEB-INF by appending a '.' to the directory
name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS,
Pramati and others. See http://www.westpoint.l
+ /mobipride/view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the
 system to be viewed by using \..\ directory traversal. This script may be vulne
rable.
+ /mobipride/w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbi
trary PHP scripts via URL includes in include/*.php and user/*.php files. Defaul
t account is 'admin' but password set during install.
+ OSVDB-42680: /mobipride/vider.php3: MySimpleNews may allow deleting of news it
ems without authentication.
+ OSVDB-6181: /mobipride/officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Offices
can allows you to skip the login page and access some CGI programs directly.
+ /mobipride/pbserver/pbserver.dll: This may contain a buffer overflow. http://w
ww.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/secu
rity/bulletin/ms00-094.asp.asp
+ /mobipride/administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.
12 BETA and below may allow upload of any file type simply putting '.jpg' before
 the real file extension.
+ /mobipride/pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow f
ile upload without authentication.
+ /mobipride/phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior ar
e vulnerable to file upload bug.
+ /mobipride/servlet/com.unify.servletexec.UploadServlet: This servlet allows at
tackers to upload files to the server.
+ /mobipride/scripts/cpshost.dll: Posting acceptor possibly allows you to upload
 files
+ /mobipride/upload.asp: An ASP page that allows attackers to upload files to se
rver
+ /mobipride/uploadn.asp: An ASP page that allows attackers to upload files to s
erver
+ /mobipride/uploadx.asp: An ASP page that allows attackers to upload files to s
erver
+ /mobipride/wa.exe: An ASP page that allows attackers to upload files to server
+ /scripts/bannereditor.cgi: This CGI may allow attackers to read any file on th
e system.
+ /scripts/architext_query.pl: Versions older than 1.1 of Excite for Web Servers
 allow attackers to execute arbitrary commands.
+ /scripts/bizdb1-search.cgi: This CGI may allow attackers to execute commands r
emotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
+ /scripts/blog/: A blog was found. May contain security problems in CGIs, weak
passwords, and more.
+ /scripts/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be
able to reconfigure or reload.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow fil
e browsing and buffer a overrun in the Chunked Encoding data transfer mechanism,
 request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.com/techne
t/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-2002-09.html
.
+ /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwor
ds
+ /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL D
B contents, server paths, docroot and more.
+ OSVDB-2878: /scripts/moin.cgi?test: MoinMoin 1.1 and prior contain at least tw
o XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulner
ability
+ OSVDB-6591: /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be
 executed on the server by replacing hidden form elements. This could not be tes
ted by Nikto.
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source
+ /scripts/httpodbc.dll: Possible IIS backdoor found.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
+ /scripts/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow http://www.sec
urityfocus.com/bid/4684. Prior to 2.1.3 contained unspecified security bugs
+ /scripts/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow
. If this is version 1.0 it should be upgraded.
+ OSVDB-2017: /scripts/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may ha
ve a buffer overflow. Upgrade to a version newer than 0.9.8alpha.
+ /scripts/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer ove
rflow.
+ /scripts/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer ove
rflow.
+ /scripts/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overf
low.
+ OSVDB-11740: /scripts/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buff
er overflow (not tested or confirmed). Verify Foxweb is the latest available ver
sion.
+ OSVDB-11741: /scripts/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buff
er overflow (not tested or confirmed). Verify Foxweb is the latest available ver
sion.
+ /scripts/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnera
ble to multiple buffer overflows. Upgrade to 9.x.
+ /scripts/wconsole.dll: It may be possible to overflow this dll with 1024 bytes
 of data.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to
 upload files to the server.
+ /scripts/uploader.exe: This CGI allows attackers to upload files to the server
 and then execute them.
+ /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files
+ /scripts/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /scripts/.cobalt: May allow remote admin of CGI scripts.
+ OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allo
ws download of SQL database which contains admin password.
+ OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available f
or browsing. This should not be allowed via the web server.
+ OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotel
y. It should be moved from the default location to a directory outside the web r
oot.
+ OSVDB-319: /scripts/mailit.pl: Sambar may allow anonymous email to be sent fro
m any host via this CGI.
+ /scripts/.access: Contains authorization information
+ OSVDB-11093: /scripts/%2e%2e/abyss.conf: The Abyss configuration file was succ
essfully retrieved. Upgrade with the latest version/patches for 1.0 from http://
www.aprelium.com/
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allow
s JSP source viewed through a vulnerable SSI call.
+ /webcart/carts/: This may allow attackers to read credit card data. Reconfigur
e to make this dir not accessible via the web.
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigu
re to make this dir not accessible via the web.
+ /webcart/config/clients.txt: This may allow attackers to read credit card data
. Reconfigure to make this file not accessible via the web.
+ /webcart/orders/: This may allow attackers to read credit card data. Reconfigu
re to make this dir not accessible via the web.
+ /webcart/orders/import.txt: This may allow attackers to read credit card data.
 Reconfigure to make this file not accessible via the web.
+ OSVDB-11871: /scripts/MsmMask.exe: MondoSearch 4.4 may allow source code viewi
ng by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real A
SP file.
+ /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous
versions contain other non-descript vulnerabilities.
+ /scripts/addbanner.cgi: This CGI may allow attackers to read any file on the s
ystem.
+ /scripts/shtml.dll: This may allow attackers to retrieve document source.
+ /scripts/aglimpse.cgi: This CGI may allow attackers to execute remote commands
.
+ /scripts/aglimpse: This CGI may allow attackers to execute remote commands.
+ /scripts/architext_query.cgi: Versions older than 1.1 of Excite for Web Server
s allow attackers to execute arbitrary commands.
+ OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet f
ound, which may allow remote command execution. See http://www.iss.net/issEn/del
ivery/xforce/alertdetail.jsp?oid=21999
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execut
e arbitrary commands.
+ OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet
found, which may allow remote command execution. See http://www.iss.net/issEn/de
livery/xforce/alertdetail.jsp?oid=21999
+ /scripts/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands
+ /scripts/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands
+ /scripts/hello.bat?&dir+c:\\: This batch file may allow attackers to execute r
emote commands.
+ /scripts/post32.exe|dir%20c:\\: post32 can execute arbitrary commands
+ /webmail/: Web based mail package installed.
+ /scripts/archie: Gateway to the unix command, may be able to submit extra comm
ands
+ /scripts/calendar.pl: Gateway to the unix command, may be able to submit extra
 commands
+ /scripts/calendar: Gateway to the unix command, may be able to submit extra co
mmands
+ /scripts/date: Gateway to the unix command, may be able to submit extra comman
ds
+ /scripts/fortune: Gateway to the unix command, may be able to submit extra com
mands
+ /scripts/redirect: Redirects via URL from form
+ /scripts/uptime: Gateway to the unix command, may be able to submit extra comm
ands
+ /scripts/wais.pl: Gateway to the unix command, may be able to submit extra com
mands
+ OSVDB-8450: /phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import
&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ OSVDB-8450: /phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import
&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ /scripts/mail: Simple Perl mailing script to send form data to a pre-configure
d email address
+ /scripts/nph-error.pl: Gives more information in error messages
+ /scripts/post-query: Echoes back result of your POST
+ /scripts/query: Echoes back result of your GET
+ /scripts/test-cgi.tcl: May echo environment variables or give directory listin
gs
+ /scripts/test-env: May echo environment variables or give directory listings
+ /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a
later version and secure according to the documents on the WASD web site.
+ /scripts/cgitest.exe: This CGI allows remote users to download other CGI sourc
e code. May have a buffer overflow in the User-Agent header.
+ OSVDB-6666: /scripts/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools m
ay be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times
.
+ /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see htt
p://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
+ OSVDB-55370: /scripts/Pbcgi.exe: Sambar may be vulnerable to a DOS when a long
 string is passed to Pbcgi.exe (not attempted). Default CGI should be removed fr
om web servers.
+ OSVDB-55369: /scripts/testcgi.exe: Sambar may be vulnerable to a DOS when a lo
ng string is passed to testcgi.exe (not attempted). Default CGI should be remove
d from web servers.
+ /scripts/snorkerz.bat: Arguments passed to DOS CGI without checking
+ /scripts/snorkerz.cmd: Arguments passed to DOS CGI without checking
+ /scripts/webfind.exe?keywords=01234567890123456789: May be vulnerable to a buf
fer overflow (request 2000 bytes of data). Upgrade to WebSitePro 2.5 or greater
+ OSVDB-724: /scripts/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's News S
ystem allows commands to be issued remotely.
+ OSVDB-724: /scripts/ans/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's Ne
ws System allows commands to be issued remotely.
+ OSVDB-4969: /scripts/ezshopper/search.cgi?user_id=id&database=dbase1.exm&templ
ate=../../../../../../../etc/passwd&distinct=1: EZShopper search CGI allows arbi
trary files to be read
+ OSVDB-2511: /scripts/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retriev
al of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sit
ebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../
../../../../etc/passwd
+ OSVDB-7715: /scripts/talkback.cgi?article=../../../../../../../../etc/passwd%0
0&action=view&matchview=1: Talkback CGI displays arbitrary files
+ /scripts/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL i
njection attacks.
+ /scripts/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cro
ss Site Scripting (XSS) in posted contents. Upgrade to the latest version from h
ttp://www.levcgi.com/.  http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-21366: /scripts/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) s
cript may give system information to attackers, and may be vulnerable to Cross S
ite Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /catinfo?<u><b>TESTING: The Interscan Viruswall catinfo script is vulnerable t
o Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/sc
ript%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
+ /anthill/login.php: Anthill bug tracking system may be installed. Versions low
er than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login req
uirements. http://anthill.vmlinuz.ca/ and http://www.cert.org/advisories/CA-2000
-02.html
+ OSVDB-19772: /scripts/title.cgi: HNS's title.cgi is vulnerable to Cross Site S
cripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 an
d earlier, and Lite 0.8 and earlier.
+ OSVDB-21365: /scripts/compatible.cgi: This COWS (CGI Online Worldweb Shopping)
 script may give system information to attackers, and may be vulnerable to Cross
 Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /scripts/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: Thi
s might be interesting... has been seen in web logs from a scanner.
+ /scripts/probecontrol.cgi?command=enable&username=cancer&password=killer: This
 might be interesting... has been seen in web logs from a scanner.
+ /scripts/retrieve_password.pl: May not be vulnerable, but see http://www.dcscr
ipts.com/bugtrac/DCForumID7/3.html for information.
+ /scripts/wwwadmin.pl: Administration CGI?
+ /scripts/webmap.cgi: nmap front end... could be fun
+ /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pa
ss to the admin page is admin/muze.
+ /scripts/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default lo
gin is Admin/ImageFolio.
+ /scripts/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Ad
min/ImageFolio.
+ /scripts/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. Ma
y be able to reconfigure or reload.
+ /scripts/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be ab
le to reconfigure or reload.
+ /scripts/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view syste
m information.
+ OSVDB-17111: /scripts/dcshop/auth_data/auth_user_file.txt: The DCShop installa
tion allows credit card numbers to be viewed remotely. See dcscripts.com for fix
 information.
+ OSVDB-17111: /scripts/DCShop/auth_data/auth_user_file.txt: The DCShop installa
tion allows credit card numbers to be viewed remotely. See dcscripts.com for fix
 information.
+ OSVDB-596: /scripts/dcshop/orders/orders.txt: The DCShop installation allows c
redit card numbers to be viewed remotely. See dcscripts.com for fix information.

+ OSVDB-596: /scripts/DCShop/orders/orders.txt: The DCShop installation allows c
redit card numbers to be viewed remotely. See dcscripts.com for fix information.

+ /scripts/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /scripts/mkilog.exe: This CGI can give an attacker a lot of information.
+ /scripts/mkplog.exe: This CGI can give an attacker a lot of information.
+ OSVDB-596: /scripts/orders/orders.txt: The DCShop installation allows credit c
ard numbers to be viewed remotely. See dcscripts.com for fix information.
+ /scripts/processit.pl: This CGI returns environment variables, giving attacker
s valuable information.
+ /scripts/rpm_query: This CGI allows anyone to see the installed RPMs
+ OSVDB-17111: /scripts/shop/auth_data/auth_user_file.txt: The DCShop installati
on allows credit card numbers to be viewed remotely. See dcscripts.com for fix i
nformation.
+ OSVDB-596: /scripts/shop/orders/orders.txt: The DCShop installation allows cre
dit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ /scripts/ws_ftp.ini: Can contain saved passwords for ftp sites
+ /scripts/WS_FTP.ini: Can contain saved passwords for ftp sites
+ /scripts/view-source?view-source: This allows remote users to view source code
.
+ OSVDB-13978: /scripts/ibill.pm: iBill.pm is installed. This may allow brute fo
rcing of passwords.
+ OSVDB-9332: /scripts/scoadminreg.cgi: This script (part of UnixWare WebTop) ma
y have a local root exploit. It is also an system admin script and should be pro
tected via the web.
+ OSVDB-4663: /scripts/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasour
ce.r2.ru stores the admin password in a plain text file.
+ /scripts/icat: Multiple versions of icat allow attackers to read arbitrary fil
es. Make sure the latest version is running.
+ /scripts/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=
0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug
+ OSVDB-6192: /scripts/update.dpgs: Duma Photo Gallery System may allow remote u
sers to write to any file on the system. See http://b0iler.eyeonsecurity.net for
 details. This could not be remotely tested.
+ /scripts/view-source: This may allow remote arbitrary file retrieval.
+ /scripts/wrap: This CGI lets users read any file with 755 perms. It should not
 be in the CGI directory.
+ /scripts/cgiwrap: Some versions of cgiwrap allow anyone to execute commands re
motely.
+ /scripts/Count.cgi: This may allow attackers to execute arbitrary commands on
the server
+ /scripts/echo.bat: This CGI may allow attackers to execute remote commands.
+ OSVDB-4571: /scripts/ImageFolio/admin/admin.cgi: ImageFolio (default accout Ad
min/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=
111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
+ /scripts/info2www: This CGI allows attackers to execute commands.
+ /scripts/infosrch.cgi: This CGI allows attackers to execute commands.
+ /scripts/listrec.pl: This CGI allows attackers to execute commands on the host
.
+ /scripts/mailnews.cgi: Some versions allow attacker to execute commands as htt
p daemon. Upgrade or remove.
+ /scripts/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade t
o version 3.0.26 or higher.
+ /scripts/pagelog.cgi: Some versions of this allow you to create system files.
Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.
+ /scripts/perl?-v: Perl is installed in the CGI directory. This essentially giv
es attackers a system shell. Remove Perl from the CGI dir.
+ /scripts/perl.exe?-v: Perl is installed in the CGI directory. This essentially
 gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /scripts/perl.exe: Perl is installed in the CGI directory. This essentially gi
ves attackers a system shell. Remove Perl from the CGI dir.
+ /scripts/perl: Perl is installed in the CGI directory. This essentially gives
attackers a system shell. Remove Perl from the CGI dir.
+ /scripts/plusmail: This CGI may allow attackers to execute commands remotely.
+ /scripts/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remot
e execution vulnerability use ?keywords=|/bin/ls| or your favorite command
+ /scripts/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To che
ck for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite c
ommand
+ OSVDB-54034: /scripts/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to
remote execution by sending 8000 x 'a' characters (check to see if you get a 500
 error message)
+ OSVDB-10598: /scripts/sscd_suncourier.pl: Sunsolve CD script may allow users t
o execute arbitrary commands. The script was confirmed to exist, but the test wa
s not done.
+ OSVDB-13981: /scripts/viralator.cgi: May be vulnerable to command injection, u
pgrade to 0.9pre2 or newer. This flaw could not be confirmed.


+ Server: No banner retrieved
+ Cookie reg_ext_ref created without the httponly flag
+ Cookie reg_fb_gate created without the httponly flag
+ Cookie reg_fb_ref created without the httponly flag
+ Uncommon header 'x-fb-debug' found, with contents: NDGJxkwgcnrAOYSA/785kjLeEuu
ddv/GterA6Gc4x04=
+ Uncommon header 'x-frame-options' found, with contents: DENY
+ Uncommon header 'x-xss-protection' found, with contents: 0
+ Uncommon header 'x-content-type-options' found, with contents: nosniff
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ lines
+ /crossdomain.xml contains 0 line which should be manually viewed for improper
domains or wildcards.
+ "robots.txt" contains 1 entry which should be manually viewed.
+ Multiple index files found: default.asp, index.jhtml, index.php, index.htm, in
dex.pl, default.htm, index.aspx, default.aspx, index.asp, index.do, index.php3,
index.cfm, index.cgi, index.html, index.shtml
+ Server banner has changed from '' to 'nginx/1.3.7' which may suggest a WAF, lo
ad balancer or proxy is in place
+ /g_dircom/kboard/: KBoard Forum 0.3.0 and prior have a security problem in for
um_edit_post.php, forum_post.php and forum_reply.php
+ /g_dircom/lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities
 including remote administrative access, harvesting user info and more. Default
login to admin interface is admin/phplist
+ /g_dircom/splashAdmin.php: Cobalt Qube 3 admin is running. This may have multi
ple security problems as described by www.scan-associates.net. These could not b
e tested remotely.
+ /g_dircom/ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /g_dircom/sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /g_dircom/tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be v
iewed via a 'URL trick'. Default login/pass could be admin/admin
+ /g_dircom/tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wi
ki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin

+ /g_dircom/scripts/samples/details.idc: See RFP 9901; www.wiretrip.net
+ OSVDB-396: /g_dircom/_vti_bin/shtml.exe: Attackers may be able to crash FrontP
age by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempte
d.
+ OSVDB-637: /g_dircom/~root/: Allowed to browse root's home directory.
+ /g_dircom/cgi-bin/wrap: comes with IRIX 6.2; allows to view directories
+ /g_dircom/forums//admin/config.php: PHP Config file may contain database IDs a
nd passwords.
+ /g_dircom/forums//adm/config.php: PHP Config file may contain database IDs and
 passwords.
+ /g_dircom/forums//administrator/config.php: PHP Config file may contain databa
se IDs and passwords.
+ /g_dircom/forums/config.php: PHP Config file may contain database IDs and pass
words.
+ /g_dircom/guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive in
formation about its configuration.
+ /g_dircom/guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the a
dmin password.
+ /g_dircom/help/: Help directory should not be accessible
+ OSVDB-2411: /g_dircom/hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-c
ms-1.2.9-10 may reveal the administrator ID and password.
+ OSVDB-8103: /g_dircom/global.inc: PHP-Survey's include file should not be avai
lable via the web. Configure the web server to ignore .inc files or change this
to global.inc.php
+ OSVDB-59620: /g_dircom/inc/common.load.php: Bookmark4U v1.8.3 include files ar
e not protected and may contain remote source injection by using the 'prefix' va
riable.
+ OSVDB-59619: /g_dircom/inc/config.php: Bookmark4U v1.8.3 include files are not
 protected and may contain remote source injection by using the 'prefix' variabl
e.
+ OSVDB-59618: /g_dircom/inc/dbase.php: Bookmark4U v1.8.3 include files are not
protected and may contain remote source injection by using the 'prefix' variable
.
+ OSVDB-2703: /g_dircom/geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains
a SQL injection vulnerability that lets a remote attacker reset admin password.
+ OSVDB-8204: /g_dircom/gb/index.php?login=true: gBook may allow admin login by
setting the value 'login' equal to 'true'.
+ /g_dircom/guestbook/admin.php: Guestbook admin page available without authenti
cation.
+ /g_dircom/getaccess: This may be an indication that the server is running getA
ccess for SSO
+ /g_dircom/cfdocs/expeval/openfile.cfm: Can use to expose the system/server pat
h.
+ /g_dircom/tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_in
dex.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /g_dircom/vgn/performance/TMT: Vignette CMS admin/maintenance script available
.
+ /g_dircom/vgn/performance/TMT/Report: Vignette CMS admin/maintenance script av
ailable.
+ /g_dircom/vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance scrip
t available.
+ /g_dircom/vgn/performance/TMT/reset: Vignette CMS admin/maintenance script ava
ilable.
+ /g_dircom/vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/previewer: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/record/previewer: Vignette CMS admin/maintenance script availabl
e.
+ /g_dircom/vgn/stylepreviewer: Vignette CMS admin/maintenance script available.

+ /g_dircom/vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/vr/Editing: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/vr/Saving: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /g_dircom/scripts/iisadmin/bdir.htr: This default script shows host info, may
allow file browsing and buffer a overrun in the Chunked Encoding data transfer m
echanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.c
om/technet/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-200
2-09.html.
+ /g_dircom/scripts/iisadmin/ism.dll: Allows you to mount a brute force attack o
n passwords
+ /g_dircom/scripts/tools/ctss.idc: This CGI allows remote users to view and mod
ify SQL DB contents, server paths, docroot and more.
+ /g_dircom/bigconf.cgi: BigIP Configuration CGI
+ /g_dircom/blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed thro
ugh a vulnerable SSI call.
+ OSVDB-4910: /g_dircom/vgn/style: Vignette server may reveal system information
 through this file.
+ OSVDB-17653: /g_dircom/SiteServer/Admin/commerce/foundation/domain.asp: Displa
ys known domains of which that server is involved.
+ OSVDB-17654: /g_dircom/SiteServer/Admin/commerce/foundation/driver.asp: Displa
ys a list of installed ODBC drivers.
+ OSVDB-17655: /g_dircom/SiteServer/Admin/commerce/foundation/DSN.asp: Displays
all DSNs configured for selected ODBC drivers.
+ OSVDB-17652: /g_dircom/SiteServer/admin/findvserver.asp: Gives a list of insta
lled Site Server components.
+ /g_dircom/SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current s
earch catalog configurations
+ /g_dircom/basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 c
ontains a XSS issue in 'message list' function/page
+ /g_dircom/basilix/message-read.php3: BasiliX webmail application prior to 1.1.
1 contains a XSS issue in 'read message' function/page
+ /g_dircom/clusterframe.jsp: Macromedia JRun 4 build 61650 remote administratio
n interface is vulnerable to several XSS attacks.
+ /g_dircom/IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability.
 Previous versions contain other non-descript vulnerabilities.
+ /g_dircom/bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /g_dircom/cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it c
ontains a backdoor to allow attackers to execute arbitrary commands.
+ OSVDB-6591: /g_dircom/scripts/Carello/Carello.dll: Carello 1.3 may allow comma
nds to be executed on the server by replacing hidden form elements. This could n
ot be tested by Nikto.
+ /g_dircom/scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
+ /g_dircom/scripts/tools/dsnform: Allows creation of ODBC Data Source
+ OSVDB-17656: /g_dircom/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
: Used to create, modify, and potentially delete LDAP users and groups.
+ OSVDB-17657: /g_dircom/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp:
 Used to create, modify, and potentially delete LDAP users and groups.
+ /g_dircom/prd.i/pgen/: Has MS Merchant Server 1.0
+ /g_dircom/readme.eml: Remote server may be infected with the Nimda virus.
+ /g_dircom/scripts/httpodbc.dll: Possible IIS backdoor found.
+ /g_dircom/scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
+ /g_dircom/SiteServer/admin/: Site Server components admin. Default account may
 be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp/
p/doc.asp/i1/d69.htm
+ /g_dircom/siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
+ /g_dircom/pccsmysqladm/incs/dbconnect.inc: This file should not be accessible,
 as it contains database connectivity information. Upgrade to version 1.2.5 or h
igher.
+ /g_dircom/iisadmin/: Access to /iisadmin should be restricted to localhost or
allowed hosts only.
+ /g_dircom/PDG_Cart/oder.log: Shopping cart software log
+ /g_dircom/ows/restricted%2eshow: OWS may allow restricted files to be viewed b
y replacing a character with its encoded equivalent.
+ /g_dircom/WEB-INF./web.xml: Multiple implementations of j2ee servlet container
s allow files to be retrieved from WEB-INF by appending a '.' to the directory n
ame. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, P
ramati and others. See http://www.westpoint.l
+ /g_dircom/view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the
system to be viewed by using \..\ directory traversal. This script may be vulner
able.
+ /g_dircom/w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbit
rary PHP scripts via URL includes in include/*.php and user/*.php files. Default
 account is 'admin' but password set during install.
+ OSVDB-42680: /g_dircom/vider.php3: MySimpleNews may allow deleting of news ite
ms without authentication.
+ OSVDB-6181: /g_dircom/officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officesc
an allows you to skip the login page and access some CGI programs directly.
+ /g_dircom/pbserver/pbserver.dll: This may contain a buffer overflow. http://ww
w.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/secur
ity/bulletin/ms00-094.asp.asp
+ /g_dircom/administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.1
2 BETA and below may allow upload of any file type simply putting '.jpg' before
the real file extension.
+ /g_dircom/pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow fi
le upload without authentication.
+ /g_dircom/phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are
 vulnerable to file upload bug.
+ /g_dircom/servlet/com.unify.servletexec.UploadServlet: This servlet allows att
ackers to upload files to the server.
+ /g_dircom/scripts/cpshost.dll: Posting acceptor possibly allows you to upload
files
+ /g_dircom/upload.asp: An ASP page that allows attackers to upload files to ser
ver
+ /g_dircom/uploadn.asp: An ASP page that allows attackers to upload files to se
rver
+ /g_dircom/uploadx.asp: An ASP page that allows attackers to upload files to se
rver
+ /g_dircom/wa.exe: An ASP page that allows attackers to upload files to server
+ /g_dircom/basilix/compose-attach.php3: BasiliX webmail application prior to 1.
1.1 contains a non-descript security vulnerability in compose-attach.php3 relate
d to attachment uploads
+ /g_dircom/server/: If port 8000, Macromedia JRun 4 build 61650 remote administ
ration interface is vulnerable to several XSS attacks.
+ /g_dircom/vgn/ac/data: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/ac/delete: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/ac/edit: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script availa
ble.
+ /g_dircom/vgn/asp/previewer: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/asp/style: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/errors: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/jsp/controller: Vignette CMS admin/maintenance script available.

+ /g_dircom/vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/jsp/initialize: Vignette CMS admin/maintenance script available.

+ /g_dircom/vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available
.
+ /g_dircom/vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script availa
ble.
+ /g_dircom/vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/jsp/style: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /g_dircom/vgn/login: Vignette server may allow user enumeration based on the l
ogin attempts to this file.
+ OSVDB-35707: /g_dircom/forum/admin/wwforum.mdb: Web Wiz Forums password databa
se found.
+ /g_dircom/fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of cu
stomers is available via the web.
+ OSVDB-52975: /g_dircom/guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Man
ager allows download of SQL database which contains admin password.
+ OSVDB-15971: /g_dircom/midicart.mdb: MIDICART database is available for browsi
ng. This should not be allowed via the web server.
+ OSVDB-15971: /g_dircom/MIDICART/midicart.mdb: MIDICART database is available f
or browsing. This should not be allowed via the web server.
+ OSVDB-41850: /g_dircom/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb:
 MPCSoftWeb Guest Book passwords retrieved.
+ /g_dircom/news/news.mdb: Web Wiz Site News release v3.06 admin password databa
se is available and unencrypted.
+ OSVDB-53413: /g_dircom/shopping300.mdb: VP-ASP shopping cart application allow
s .mdb files (which may include customer data) to be downloaded via the web. The
se should not be available.
+ OSVDB-53413: /g_dircom/shopping400.mdb: VP-ASP shopping cart application allow
s .mdb files (which may include customer data) to be downloaded via the web. The
se should not be available.
+ OSVDB-15971: /g_dircom/shoppingdirectory/midicart.mdb: MIDICART database is av
ailable for browsing. This should not be allowed via the web server.
+ OSVDB-4398: /g_dircom/database/db2000.mdb: Max Web Portal database is availabl
e remotely. It should be moved from the default location to a directory outside
the web root.
+ /g_dircom/admin/config.php: PHP Config file may contain database IDs and passw
ords.
+ /g_dircom/adm/config.php: PHP Config file may contain database IDs and passwor
ds.
+ /g_dircom/administrator/config.php: PHP Config file may contain database IDs a
nd passwords.
+ /g_dircom/contents.php?new_language=elvish&mode=select: Requesting a file with
 an invalid language selection from DC Portal may reveal the system path.
+ OSVDB-6467: /g_dircom/pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCa
rt, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt f
or more information.
+ /g_dircom/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFus
ion allows JSP source viewed through a vulnerable SSI call.
+ /g_dircom/shopa_sessionlist.asp: VP-ASP shopping cart test application is avai
lable from the web. This page may give the location of .mdb files which may also
 be available.
+ OSVDB-53303: /g_dircom/simplebbs/users/users.php: Simple BBS 1.0.6 allows user
 information and passwords to be viewed remotely.
+ /g_dircom/typo3conf/: This may contain sensitive Typo3 files.
+ /g_dircom/typo3conf/database.sql: Typo3 SQL file found.
+ /g_dircom/typo3conf/localconf.php: Typo3 config file found.
+ OSVDB-53386: /g_dircom/vchat/msg.txt: VChat allows user information to be retr
ieved.
+ OSVDB-4907: /g_dircom/vgn/license: Vignette server license file found.
+ /g_dircom/webcart-lite/config/import.txt: This may allow attackers to read cre
dit card data. Reconfigure to make this file not accessible via the web.
+ /g_dircom/webcart-lite/orders/import.txt: This may allow attackers to read cre
dit card data. Reconfigure to make this file not accessible via the web.
+ /g_dircom/webcart/carts/: This may allow attackers to read credit card data. R
econfigure to make this dir not accessible via the web.
+ /g_dircom/webcart/config/: This may allow attackers to read credit card data.
Reconfigure to make this dir not accessible via the web.
+ /g_dircom/webcart/config/clients.txt: This may allow attackers to read credit
card data. Reconfigure to make this file not accessible via the web.
+ /g_dircom/webcart/orders/: This may allow attackers to read credit card data.
Reconfigure to make this dir not accessible via the web.
+ /g_dircom/webcart/orders/import.txt: This may allow attackers to read credit c
ard data. Reconfigure to make this file not accessible via the web.
+ /g_dircom/ws_ftp.ini: Can contain saved passwords for FTP sites
+ /g_dircom/WS_FTP.ini: Can contain saved passwords for FTP sites
+ /g_dircom/_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, incl
uding host and port.
+ OSVDB-17659: /g_dircom/SiteServer/Admin/knowledge/persmbr/vs.asp: Expose vario
us LDAP service and backend configuration parameters
+ OSVDB-17661: /g_dircom/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose
 various LDAP service and backend configuration parameters

---------------------------------------------------------------------------
+ Target IP: 31.13.73.23
+ Target Hostname: graph.facebook.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=
*.facebook.com
Ciphers: RC4-SHA
Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriS
ign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIA
BILITY LTD.(c)97 VeriSign
+ Start Time: 2013-04-13 21:50:45 (GMT-3)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ The anti-clickjacking X-Frame-Options header is not present.
+ Uncommon header 'x-fb-rev' found, with contents: 784561
+ Uncommon header 'x-fb-debug' found, with contents: uSOE1rKPfqvR+V0PvHv8M4bRzfT
uYUQDblAIvknrlXE=
+ Uncommon header 'access-control-allow-origin' found, with contents: *
+ Server leaks inodes via ETags, header found with file /cgi.cgi/, fields: 0x250
a0eb3ea3e9866522b45dfb59bdb06755487bd
+ /crossdomain.xml contains a full wildcard entry. See http://jeremiahgrossman.b/
logspot.com/2008/05/crossdomainxml-invites-cross-site.html
+ /crossdomain.xml contains 0 line which should be manually viewed for improper
domains or wildcards.
+ "robots.txt" contains 1 entry which should be manually viewed.
+ Multiple index files found: default.asp, default.aspx, index.asp, index.shtml,
index.aspx
+ Server is using a wildcard certificate: '*.facebook.com'
+ Cookie datr created without the secure flag
+ Cookie reg_ext_ref created without the secure flag
+ Cookie reg_ext_ref created without the httponly flag
+ Cookie reg_fb_gate created without the secure flag
+ Cookie reg_fb_gate created without the httponly flag
+ Cookie reg_fb_ref created without the secure flag
+ Cookie reg_fb_ref created without the httponly flag
+ Uncommon header 'x-frame-options' found, with contents: DENY
+ Uncommon header 'x-xss-protection' found, with contents: 0
+ Uncommon header 'x-content-type-options' found, with contents: nosniff
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_p
ost.php, forum_post.php and forum_reply.php
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via
the web. Configure the web server to ignore .inc files or change this to global
.inc.php
+ /getaccess: This may be an indication that the server is running getAccess for
SSO
+ /tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?
/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP
scripts via URL includes in include/*.php and user/*.php files. Default account
is 'admin' but password set during install.
+ /wa.exe: An ASP page that allows attackers to upload files to server
+ /server/: If port 8000, Macromedia JRun 4 build 61650 remote administration in
terface is vulnerable to several XSS attacks.
+ /names.nsf: User names and groups can be accessed remotely (possibly password
hashes as well)
+ /mail.box: The mail database can be read without authentication.
+ OSVDB-4015: /jigsaw/: Jigsaw server may be installed. Versions lower than 2.2.
1 are vulnerable to Cross Site Scripting (XSS) in the error page.
+ /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pa
ss to the admin page is admin/muze.
+ /cgi.cgi/photo/manage.cgi: My Photo Gallery management interface. May allow fu
ll access to photo galleries and more.
+ /webcgi/photo/manage.cgi: My Photo Gallery management interface. May allow ful
l access to photo galleries and more.
+ /bin/photo/manage.cgi: My Photo Gallery management interface. May allow full a
ccess to photo galleries and more.
+ /cgi-perl/photo/manage.cgi: My Photo Gallery management interface. May allow f
ull access to photo galleries and more.
+ /krysalis/: Krysalis pre 1.0.3 may allow remote users to read arbitrary files
outside docroot
+ OSVDB-561: /server-status: This reveals Apache information. Comment out approp
riate line in httpd.conf or restrict access to allowed hosts.
+ OSVDB-2117: /cpanel/: Web-based control panel
+ OSVDB-2695: /cgi.cgi/photo/: My Photo Gallery pre 3.6 contains multiple vulner
abilities including directory traversal, unspecified vulnerabilities and remote
management interface access.
+ OSVDB-2695: /webcgi/photo/: My Photo Gallery pre 3.6 contains multiple vulnera
bilities including directory traversal, unspecified vulnerabilities and remote m
anagement interface access.
+ OSVDB-2695: /bin/photo/: My Photo Gallery pre 3.6 contains multiple vulnerabil
ities including directory traversal, unspecified vulnerabilities and remote mana
gement interface access.
+ OSVDB-2695: /cgi-perl/photo/: My Photo Gallery pre 3.6 contains multiple vulne
rabilities including directory traversal, unspecified vulnerabilities and remote
management interface access.

#SUP3RM4N and KORZUS
TEAM:http://www.facebook.com/CyberHats


                                 /:------------------------------------:/
                                 o                                      o
                                 o     http://goo.gl/XuWOX              o
                                 s`                                    `s
                                 `--------------------------------------`

                                                                 `-://///+oo+/:.
`-/:--:.                  -o                                  ..//+:```````.:yNNmho-
 -M-``.od-            `s  -M                                .-/+-`            +NNNNNd/
 -M.    hm /o-s+ -d+o+/M:..M-/y+                          `-:s:        ````   `NNNNNNNy`
 -M.    hm -/-sd  N:  .M  .M` /m                         --hy.     `+hmmmmmmhs/NNNNNNNNs
 -M.  .od- h+`od` N:  .M``.M  /m                        -`hd`      /y/+yNNNNNNNNNNNNNNNN
`:o/-::-`  :o:-o..+:`  +/.-o-`:+.                      - :dm+.`......../NNNNNNNNNNNNNNNN.
                                                      -` --m:`        `-sdNNNNNNNNNNNNNN-
                                                    `-. :/s-`...`        .:+ydNNNNNNNNNN:
 .-...-`              .:`     .-                  `/:` -soddmmmdmh+`     yd` /NNNNNNNNNN/
 :N-``-/              .M.     .-                 `hNdhdmm//NNNN-ymNd:    yN+-dNNNNNNNNNN+
 -M-`.- .o: .s- .:-++ `M.`+:``++ .s/:oo  ./-/+:` -NNNNNNo  mNNh`.+NNN+   /NNNNNNNNNNNNNNy
 -M:.:/  ho  m: m- `/ `M/o.   oy `m+``M. yo `M-  .NNNNmy`  +/-` `./+mN/  `mNNNNNNNNNNNNNN:
 -M.     yo `m/ N+``-``M:yo`  oy  d/  M- :y::/   `NNmo.  :hy/--:shdmNNN-`/sNNNNNNNNNNNNNNm.
`:h:`    :y+-y+`-sso: -y:`so-`+s`.y/`-y: osoooo   NN/+:`/oydNNNNNNNNNNNm`/mNNNNNNNNNNNNNNNh`
                                        .h:---+   mNhNNo`  `:yNNmhs+omNNy yNNNNNNNNNNNNNNNNs
                                         .---.    hNNNNNs`    //+oymNNNNN-.NNNNNNNNNNNNNNNNNo
 ```    ``           `.                           hmNyh++o   -+ooosNNNNNNh yNNNNNNNNNNNNNNNNN/
`/d:   `s:           :N`                        `.o:/.:./::oydmNNNNNNNNNNN+/oyNNNNNNNNNNNNNNNN/
  sd`  -+  `::/.  .::/M` `-:/. -/.+`           .++.../shNNNNNNNNNNNNNNNNNNNNNmNNNNNNNNNNNNNNNNN:
   yh`.o   +/`oh -h` -M`.h--sh`+m.:`                   `-+ymNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNm.
   `dso`   /+-od sd  `M`:m`  . /d                          `-+yNmmNNNmh+/+Ny:yNNNNNNNNNNNNNNyyo:`
    .h.    hs:+d-.hs//m:`ohso:`+d.                          `-:/`.---`    /++.dNNNNNNNNNNNNmo:`
            `  `   `` `    `                          `````.-o+```   ``./shdNNNNNNNNNNNNNNNNNNd+`
                                                 `+shhhhhhhhmNNh+/.-hdmNNNNNNNNNNNNNNNNNNNNNNNNNd/`
                                                `+++NNNNNNNNmNy`  /NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNm
                                              .odmNNNNNmo+/.-h   oNNNNNNh:yNNNNNNNNNNNNNNNNNNNNNNNm
                                            `oNNNNNNNNh`   `h`  ym.dNNNo  od/dNNNNNNNNNNNNNNNNNNNNm
                                           .dNNNNNNNNh`    s:  yN-+NNN/  oNNo`yNNNNNNNNNNNNNNNNNNNm
                                          `dNNNNNNNNh`    /s  +N/.NNd.  oNNNNs`dNNNNNNNNNNNNNNNNNNm
                                          yNNNNNNNNd`    .d` .Ny hNs`  oNNNNNNo-NNNNNNNNNNNNNNNNNNm
                                          syyyyyyyy`     o-  +y`.s-   -yyyyyyss`+sssooooooooooooooo