API tools faq
paste
Advertisement
chris_defaulter007

Vulnerability Found In Indian Hacking Group Official Website

chris_defaulter007
May 22nd, 2013
533
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. Vulnerability Found In Best Indian Hacking Group Official Website ( Fucked )
  2.  
  3. Vulnerability Found By - Nakul Mohan (Cia)
  4.  
  5. #Target - http://www.indiancyberarmy.org/en/index.php
  6.  
  7. 1st Vulnerability - Apache mod_negotiation filename bruteforcing
  8.  
  9. mod_negotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. This behaviour can help an attacker to learn more about his target, for example, generate a list of base names, generate a list of interesting extensions, look for backup files and so on.
  10.  
  11. 2th - Possible sensitive files
  12.  
  13. A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target.
  14.  
  15. 3th Vulnerability - Session Cookie without HttpOnly flag set
  16.  
  17. This session cookie doesn't have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies.
  18.  
  19. 4th Vulnerability - Session Cookie without Secure flag set
  20.  
  21. This session cookie doesn't have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.
  22.  
  23. Some Broken Links Of - http://www.indiancyberarmy.org/en/index.php
  24.  
  25. A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was linked from the website but it is inaccessible.
  26.  
  27. /en/become_partner.php
  28. /en/projects/www.silencehour.com
  29. /en/reg_foi.php
  30. /en/reghacksafe.php
  31. /en/renewmembership.php
  32. /en/SpryAssets/SpryTabbedPanels.js
  33.  
  34.  
  35. Join Us - https://www.facebook.com/groups/nakul.anonymous/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!