Advertisement
Guest User

cgilparma

a guest
Jun 8th, 2015
240
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.04 KB | None | 0 0
  1. Target: http://portal.cgilparma.it
  2.  
  3. [+] Emails found:
  4. ------------------
  5. fidenza@cgilparma.it
  6. info@cgilparma.it
  7. lcavalcanti@cgilparma.it
  8. rventura@cgilparma.it
  9. sunia@cgilparma.it
  10. informazioni@cgilparma.it
  11. mcosta@cgilparma.it
  12. flc@cgilparma.it
  13. fiom@cgilparma.it
  14. lferrari@cgilparma.it
  15. roalandrachecco@cgilparma.it
  16. mbernardi@cgilparma.it
  17. infosercoop@cgilparma.it
  18. filcams@cgilparma.it
  19. gbiselli@cgilparma.it
  20. dbarbieri@cgilparma.it
  21. teatro30aprile@cgilparma.it
  22. langhirano@cgilparma.it
  23. @cgilparma.it
  24.  
  25. [+] Hosts found in search engines:
  26. ------------------------------------
  27. [-] Resolving hostnames IPs...
  28. 195.110.124.188:www.cgilparma.it
  29. 195.110.124.188:tabellesercoop.cgilparma.it
  30. 54.72.52.58:www.cgilsalerno.itwww.cgilparma.it
  31. 54.72.52.58:awww.cgilparma.it
  32. 195.110.124.188:730.cgilparma.it
  33. 54.72.52.58:fwww.cgilparma.it
  34. 195.110.124.188:portal.cgilparma.it
  35. 195.110.124.188:Portal.cgilparma.it
  36. 54.72.52.58:www.portal.cgilparma.it
  37.  
  38. Vulnerabilities Discovered
  39. ==========================
  40.  
  41. # 1
  42. Info -> Core: Multiple XSS/CSRF Vulnerability
  43. Versions Affected: 1.5.9 <=
  44. Check: /?1.5.9-x
  45. Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
  46. Vulnerable? N/A
  47.  
  48. # 2
  49. Info -> Core: JSession SSL Session Disclosure Vulnerability
  50. Versions effected: Joomla! 1.5.8 <=
  51. Check: /?1.5.8-x
  52. Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session.
  53. Vulnerable? N/A
  54.  
  55. # 3
  56. Info -> Core: Frontend XSS Vulnerability
  57. Versions effected: 1.5.10 <=
  58. Check: /?1.5.10-x
  59. Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
  60. Vulnerable? N/A
  61.  
  62. # 4
  63. Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
  64. Versions effected: 1.5.11 <=
  65. Check: /?1.5.11-x-http_ref
  66. Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
  67. Vulnerable? N/A
  68.  
  69. # 5
  70. Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
  71. Versions effected: 1.5.11 <=
  72. Check: /?1.5.11-x-php-s3lf
  73. Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
  74. Vulnerable? N/A
  75.  
  76. # 6
  77. Info -> Core: Path Disclosure Vulnerability
  78. Versions effected: Joomla! 1.5.3 <=
  79. Check: /?1.5.3-path-disclose
  80. Exploit: Crafted URL can disclose absolute path
  81. Vulnerable? N/A
  82.  
  83. # 7
  84. Info -> Core: User redirected Spamming Vulnerability
  85. Versions effected: Joomla! 1.5.3 <=
  86. Check: /?1.5.3-spam
  87. Exploit: User redirect spam
  88. Vulnerable? N/A
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement