daily pastebin goal
4%
SHARE
TWEET

#OpPedoChat - More target info

TheAnon0ne Jul 9th, 2012 8,797 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
  2.  
  3. OpPedoChat --> Target information, Sabrina1.com / Boyplayground.net / www.modernblmag.net
  4. Moar info: http://pastebin.com/rXYfrTKf
  5.  
  6. + Target IP:          85.17.36.172
  7. + Target Hostname:    sabrina1.com
  8. + Target Port:        80
  9. + Start Time:         2012-07-10 15:01:45
  10. ---------------------------------------------------------------------------
  11. + Server: Apache
  12. + Server banner has changed from Apache to Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1, this may suggest a WAF or load balancer is in place
  13. + ETag header found on server, inode: 3603841, size: 3950, mtime: 0xf28b1d80
  14. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
  15. + OSVDB-3092: /card/: This might be interesting...
  16. + OSVDB-3268: /im/: Directory indexing found.
  17. + OSVDB-3092: /im/: This might be interesting... potential country code (Isle Of Man)
  18.  
  19.  
  20. ###############################################################################
  21.  
  22.  
  23. ---------------------------------------------------------------------------
  24. + Target IP:          208.113.237.165
  25. + Target Hostname:    www.boyplayground.net
  26. + Target Port:        80
  27. + Start Time:         2012-07-10 18:07:22
  28. ---------------------------------------------------------------------------
  29. + Server: Apache
  30. + OSVDB-3268: /cgi-bin/: Directory indexing found.
  31. + robots.txt contains 1 entry which should be manually viewed.
  32. + ETag header found on server, fields: 0x6f1 0x4c3d9c1de6761
  33. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  34. + OSVDB-3092: /forum/: This might be interesting...
  35. + OSVDB-3092: /cgi-bin/: This might be interesting... possibly a system shell found.
  36. + OSVDB-3093: /forum/member.php: This might be interesting... has been seen in web logs from an unknown scanner.
  37. + OSVDB-3093: /forum/newreply.php: This might be interesting... has been seen in web logs from an unknown scanner.
  38. + OSVDB-3093: /forum/newthread.php: This might be interesting... has been seen in web logs from an unknown scanner.
  39.  
  40.  
  41. ###############################################################################
  42.  
  43.  
  44. ---------------------------------------------------------------------------
  45. + Target IP:          88.80.30.4
  46. + Target Hostname:    www.modernblmag.net
  47. + Target Port:        80
  48. + Start Time:         2012-07-10 19:36:37
  49. ---------------------------------------------------------------------------
  50. + Server: Apache/2.2.17 (Ubuntu)
  51. + Server banner has changed from Apache/2.2.17 (Ubuntu) to Varnish, this may suggest a WAF or load balancer is in place
  52. + robots.txt contains 36 entries which should be manually viewed.
  53. + ETag header found on server, fields: 0x1341863242
  54. + Retrieved x-powered-by header: PHP/5.3.6-13ubuntu3.7
  55. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  56. + /WEB-INF/web.xml: JRUN default file found.
  57. + OSVDB-3092: /web.config: ASP config file is accessible.
  58. + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
  59. + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  60. + OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  61. + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  62. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  63. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  64. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  65. + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  66. + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  67. + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  68. + OSVDB-2799: /scripts/dose.pl?daily&somefile.txt&|ls|: DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
  69. + OSVDB-3092: /forum/: This might be interesting...
  70. + OSVDB-3092: /poll: This might be interesting...
  71. + OSVDB-3092: /user/: This might be interesting...
  72. + OSVDB-3268: /icons/: Directory indexing found.
  73. + OSVDB-3092: /UPGRADE.txt: Default file found.
  74. + OSVDB-3092: /install.php: Drupal install.php file found.
  75. + OSVDB-3092: /install.php: install.php file found.
  76. + OSVDB-3092: /LICENSE.txt: License file found may identify site software.
  77. + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
  78. + OSVDB-3233: /INSTALL.mysql.txt: Drupal installation file found.
  79. + OSVDB-3233: /INSTALL.pgsql.txt: Drupal installation file found.
  80. + OSVDB-3233: /icons/README: Apache default file found.
  81.  
  82.  
  83. robots.txt
  84.  
  85. User-agent: *
  86. Crawl-delay: 10
  87. # Directories
  88. Disallow: /includes/
  89. Disallow: /misc/
  90. Disallow: /modules/
  91. Disallow: /profiles/
  92. Disallow: /scripts/
  93. Disallow: /themes/
  94. # Files
  95. Disallow: /CHANGELOG.txt
  96. Disallow: /cron.php
  97. Disallow: /INSTALL.mysql.txt
  98. Disallow: /INSTALL.pgsql.txt
  99. Disallow: /INSTALL.sqlite.txt
  100. Disallow: /install.php
  101. Disallow: /INSTALL.txt
  102. Disallow: /LICENSE.txt
  103. Disallow: /MAINTAINERS.txt
  104. Disallow: /update.php
  105. Disallow: /UPGRADE.txt
  106. Disallow: /xmlrpc.php
  107. # Paths (clean URLs)
  108. Disallow: /admin/
  109. Disallow: /comment/reply/
  110. Disallow: /filter/tips/
  111. Disallow: /node/add/
  112. Disallow: /search/
  113. Disallow: /user/register/
  114. Disallow: /user/password/
  115. Disallow: /user/login/
  116. Disallow: /user/logout/
  117. # Paths (no clean URLs)
  118. Disallow: /?q=admin/
  119. Disallow: /?q=comment/reply/
  120. Disallow: /?q=filter/tips/
  121. Disallow: /?q=node/add/
  122. Disallow: /?q=search/
  123. Disallow: /?q=user/password/
  124. Disallow: /?q=user/register/
  125. Disallow: /?q=user/login/
  126. Disallow: /?q=user/logout/
  127.  
  128. We are Anonymous.
  129. We are Legion.
  130. We do not Forgive.
  131. We do not Forget.
  132. Expect Us.
  133.  
  134. Twitter @TheAnon0ne | E: theanon0ne@hushmail.com | Voicemail: +1 (615)-Anon0ne
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top