Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Target:http://www.lidovky.cz/
- 1.Cleartext Password Over Http:
- ============================================================================
- >HIGH< ;D
- *GET /design.aspx
- *GET /diskuse.aspx?iddiskuse=A110106_123226_ln_redakce_glu
- *GET /diskuse.aspx
- *GET /Dokumenty.aspx
- *GET /lide.aspx
- *GET /patek.aspx
- *GET /pieta-za-padle-vojaky.aspx
- *GET /shp.aspx
- *GET /zpravy-archiv.aspx
- ============================================================================
- 2.Cross-Site Script:
- *GET /foto.aspx
- *=*Local domain: www.lidovky.cz
- Script source: http://1gr.cz/m/js/galerie.js?rr=075
- ============================================================================
- 3.Flash Cross-Domain Wildcard Allow-Access-From Domain:
- <*#*>GET /machacek-kdovi-zda-je-brexit-hotova-vec-dyj-/crossdomain.xml
- :<?xml version="1.0"?>
- <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
- <cross-domain-policy>
- <allow-access-from domain="*" secure="false" />
- <allow-http-request-headers-from domain="*.lidovky.cz" headers="*" />
- </cross-domain-policy>
- ============================================================================
- 4.Local Filesystem Paths Found:
- <GET /kapitulace-pred-autoritarem-erdoganem-bulhari-vydali-ankare-teroristu-13x-/zpravy-svet.aspx?c=A160817_112300_ln_zahranici_msl>
- <@>=/media/video.aspx
- ============================================================================
- 5.Flash Cross-Domain Allow-Access-From Secure Flag False:
- <GET /machacek-kdovi-zda-je-brexit-hotova-vec-dyj-/crossdomain.xml>
- :<>;<?xml version="1.0"?>
- <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
- <cross-domain-policy>
- <allow-access-from domain="*" secure="false" />
- <allow-http-request-headers-from domain="*.lidovky.cz" headers="*" />
- </cross-domain-policy>
- ============================================================================
- 6.Form Password With Autocomplete Enabled:
- *GET /design.aspx
- *GET /diskuse.aspx?iddiskuse=A110106_123226_ln_redakce_glu
- *GET /Dokumenty.aspx
- *GET /lide.aspx
- *GET /patek.aspx
- *GET /pieta-za-padle-vojaky.aspx
- *GET /shp.aspx
- *GET /zpravy-archiv.aspx
- *GET /
- ============================================================================
- 7.Flash Cross-Domain Wildcard Allow-HTTP-Request-Headers-From Headers:
- <GET /machacek-kdovi-zda-je-brexit-hotova-vec-dyj-/crossdomain.xml>
- :<?xml version="1.0"?>
- <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
- <cross-domain-policy>
- <allow-access-from domain="*" secure="false" />
- <allow-http-request-headers-from domain="*.lidovky.cz" headers="*" />
- </cross-domain-policy>
- ============================================================================
- 8.Interesting Meta Tag:
- <GET /?setver=touch>
- ;<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1, user-scalable=no">
- ============================================================================
- 9.Permissive Cookie Domain Scope (/):
- <GET /?setver=touch>
- ;<personalizace=setver=touch; domain=.lidovky.cz; expires=Fri, 01-Feb-2019 23:00:00 GMT; path=/
- >
- ============================================================================
- 10./Data.aspx/ 2.:
- *<#>personalizace=setver=touch; domain=.lidovky.cz; expires=Fri, 01-Feb-2019 23:00:00 GMT; path=/
- *<#>mUID=42c1b139335b679e75a58b7d6f1038ca; expires=Thu, 31-Dec-2099 23:00:00 GMT; path=/
- ============================================================================
- ;D
Add Comment
Please, Sign In to add comment