API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 19th, 2019
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.72 KB | None | 0 0
raw download clone embed print report
  1. ___ ___ .__ ___ ___ _________ ___________
  2. / | \ ____ | | ___.__./ | \ \_ ___ \\_ _____/
  3. / ~ \/ _ \| |< | / ~ \/ \ \/ | __)
  4. \ Y ( <_> ) |_\___ \ Y /\ \____| \
  5. \___|_ / \____/|____/ ____|\___|_ / \______ /\___ /
  6. \/ \/ \/ \/ \/
  7. =============================================================
  8. {Backend IPS & Domains}
  9.  
  10. holyh.cf - 66.70.180.164 (HTTPS)
  11. store.holyh.cf - 149.56.130.214 (HTTPS)
  12. ts.holyh.cf - 149.56.130.214 (TS3)
  13.  
  14. holypvp.net - 149.56.130.214 (HTTPS)
  15. www.holypvp.net - 149.56.130.214 (HTTPS)
  16. stats.holypvp.net - 149.56.130.214 (HTTPS)
  17. server.holypvp.net - 66.70.180.164 (HTTPS)
  18. store.holypvp.net - 104.27.140.164 (HTTP Proxy)
  19. =============================================================
  20. {Domain Whois Information}
  21.  
  22. Holypvp.net
  23.  
  24. Name- PvP, Holy
  25. Address - Bermudez, 858
  26. City - BSAS
  27. State / Province - BS
  28. Postal Code - 1406
  29. Country - AR
  30. Phone - +1.149141763
  31. Fax - +1.149141763
  32. =============================================================
  33. {PHP Onpage Information}
  34.  
  35. HTTP/1.1 200 OK
  36. Date: Thu, 30 Nov 2017 22:00:27 GMT
  37. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
  38. X-Powered-By: PHP/5.4.16
  39. Set-Cookie: PHPSESSID=rpal5cd4io0nr9d54s6m522361; path=/
  40. Expires: Thu, 19 Nov 1981 08:52:00 GMT
  41. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  42. Pragma: no-cache
  43. Content-Type: text/html; charset=UTF-8
  44. =============================================================
  45. {IP Open Ports}
  46.  
  47. 66.70.180.164:
  48.  
  49. Discovered open port 22/tcp on 66.70.180.164
  50. Discovered open port 554/tcp on 66.70.180.164
  51. Discovered open port 80/tcp on 66.70.180.164
  52. Discovered open port 3306/tcp on 66.70.180.164
  53.  
  54. 149.56.130.214:
  55.  
  56. Discovered open port 80/tcp on 149.56.130.214
  57. Discovered open port 3306/tcp on 149.56.130.214
  58. Discovered open port 554/tcp on 149.56.130.214
  59. Discovered open port 22/tcp on 149.56.130.214
  60. =============================================================
  61. {Exploits and Errors on Websites}
  62.  
  63. holypvp.net:
  64.  
  65. Error name: X-Frame-Options - Header Not Set
  66. URL: http://www.holypvp.net/
  67. Risk: Medium
  68. Confidence: Medium
  69. Parameter: X-Frame-Options
  70. Attack: N/A
  71. Evidence:
  72. - GET: http://www.holypvp.net/
  73. - GET: http://www.holypvp.net/index.php?route=/
  74. - GET: http://www.holypvp.net/index.php?route=/forgot_password
  75. - GET: http://www.holypvp.net/index.php?route=/login
  76. - GET: http://www.holypvp.net/index.php?route=/register
  77. - GET: http://www.holypvp.net/index.php?route=/statistics
  78. - GET: http://www.holypvp.net/index.php?route=/store
  79. - GET: http://www.holypvp.net/index.php?route=/terms
  80. - POST: http://www.holypvp.net/index.php?route=/forgot_password
  81. - POST: http://www.holypvp.net/index.php?route=/login
  82. - POST: http://www.holypvp.net/index.php?route=/register
  83.  
  84. Source: Passive
  85. Description:
  86. X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
  87.  
  88.  
  89. Solution:
  90. Most modern Web browsers support the X-Frame-Options HTTP header.
  91. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server
  92. (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN,
  93. otherwise if you never expect the page to be framed, you should use DENY.
  94. ALLOW-FROM allows specific websites to frame the web page in supported web browsers).
  95.  
  96.  
  97. Error name: Cookie No HttpOnly Flag
  98. URL: http://www.holypvp.net/
  99. Risk: Low
  100. Confidence: Medium
  101. Parameter: PHPSESSID
  102. Attack: N/A
  103. Evidence:
  104. - Set-Cookie: PHPSESSID
  105. - GET: http://www.holypvp.net/
  106. - GET: http://www.holypvp.net/index.php?route=/
  107. - GET: http://www.holypvp.net/index.php?route=/forgot_password
  108. - GET: http://www.holypvp.net/index.php?route=/login
  109. - GET: http://www.holypvp.net/index.php?route=/register
  110. - GET: http://www.holypvp.net/index.php?route=/statistics
  111. - GET: http://www.holypvp.net/index.php?route=/store
  112. - GET: http://www.holypvp.net/index.php?route=/terms
  113. - POST: http://www.holypvp.net/index.php?route=/forgot_password
  114. - POST: http://www.holypvp.net/index.php?route=/login
  115. - POST: http://www.holypvp.net/index.php?route=/register
  116.  
  117. Source: Passive
  118. Description:
  119. A cookie has been set without the HttpOnly flag,
  120. which means that the cookie can be accessed by JavaScript.
  121. If a malicious script can be run on this page then the cookie will be
  122. accessible and can be transmitted to another site. If this is a session cookie
  123. then session
  124. hijacking may be possible.
  125.  
  126. Solution:
  127. Ensure that the HttpOnly flag is set for all cookies.
  128.  
  129.  
  130. Error name: Cross-Domain JavaScript Source File Inclusion
  131. URL: http://www.holypvp.net/
  132. Risk: Low
  133. Confidence: Medium
  134. Parameter: //platform.twitter.com/widgets.js
  135. Attack: N/A
  136. Evidence:
  137. - <script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
  138. - GET: http://www.holypvp.net/
  139. - GET: http://www.holypvp.net/index.php?route=/
  140.  
  141. Source: Passive
  142. Description: The page includes one or more script files from a third-party domain.
  143.  
  144. Solution:
  145. Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
  146.  
  147.  
  148. Error name: Password Autocomplete in Browser
  149. URL: http://www.holypvp.net/index.php?route=/register
  150. Risk: Low
  151. Confidence: Medium
  152. Parameter: password
  153. Attack: N/A
  154. Evidence:
  155. - <input type="password" name="password" id="password" class="form-control form-control-lg" placeholder="Password" tabindex="4">
  156. - GET: http://www.holypvp.net/index.php?route=/register
  157. - GET: http://www.holypvp.net/index.php?route=/register
  158. - POST: http://www.holypvp.net/index.php?route=/register
  159. - POST: http://www.holypvp.net/index.php?route=/register
  160.  
  161. Source: Passive
  162. Description:
  163. The AUTOCOMPLETE attribute is not disabled on an HTML FORM/INPUT element containing password type input.
  164. Passwords may be stored in browsers and retrieved.
  165.  
  166. Solution:
  167. Turn off the AUTOCOMPLETE attribute in forms or individual input elements containing password inputs by using AUTOCOMPLETE='OFF'.
  168.  
  169.  
  170. Error name: Web Browser XSS Protection Not Enabled
  171. URL: http://www.holypvp.net/
  172. Risk: Low
  173. Confidence: Medium
  174. Parameter: X-XSS-Protection
  175. Attack: N/A
  176. Evidence:
  177. - GET: http://www.holypvp.net/
  178. - GET: http://www.holypvp.net/index.php?route=/
  179. - GET: http://www.holypvp.net/index.php?route=/forgot_password
  180. - GET: http://www.holypvp.net/index.php?route=/login
  181. - GET: http://www.holypvp.net/index.php?route=/register
  182. - GET: http://www.holypvp.net/index.php?route=/statistics
  183. - GET: http://www.holypvp.net/index.php?route=/store
  184. - GET: http://www.holypvp.net/index.php?route=/terms
  185. - GET: http://www.holypvp.net/robots.txt
  186. - GET: http://www.holypvp.net/sitemap.xml
  187. - POST: http://www.holypvp.net/index.php?route=/forgot_password
  188. - POST: http://www.holypvp.net/index.php?route=/login
  189. - POST: http://www.holypvp.net/index.php?route=/register
  190.  
  191. Source: Passive
  192. Description:
  193. Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server.
  194.  
  195. Other Info:
  196. The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser's XSS protection mechanism. The following values would attempt to enable it:
  197. X-XSS-Protection: 1; mode=block
  198. X-XSS-Protection: 1; report=http://www.example.com/xss
  199. The following values would disable it:
  200. X-XSS-Protection: 0
  201. The X-XSS-Protection HTTP response header is currently supported on Internet Explorer,
  202. Chrome and Safari (WebKit).
  203. Note that this alert is only raised if the response body could potentially contain an XSS payload
  204. (with a text-based content type, with a non-zero length).
  205.  
  206. Solution:
  207. Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.
  208.  
  209.  
  210. Error name: X-Content-Type-Options Header Missing
  211. URL: http://www.holypvp.net/
  212. Risk: Low
  213. Confidence: Medium
  214. Parameter: X-Content-Type-Options
  215. Attack: N/A
  216. Evidence:
  217. - GET: http://www.holypvp.net/
  218. - GET: http://www.holypvp.net/core/assets/css/custom.css
  219. - GET: http://www.holypvp.net/core/assets/css/font-awesome.min.css
  220. - GET: http://www.holypvp.net/core/assets/plugins/emoji/css/emojione.min.css
  221. - GET: http://www.holypvp.net/core/assets/plugins/emoji/js/emojione.min.js
  222. - GET: http://www.holypvp.net/core/assets/plugins/toastr/toastr.min.css
  223. - GET: http://www.holypvp.net/core/assets/plugins/toastr/toastr.min.js
  224. - GET: http://www.holypvp.net/custom/templates/Default/css/bootstrap.min.css
  225. - GET: http://www.holypvp.net/custom/templates/Default/css/custom.css
  226. - GET: http://www.holypvp.net/custom/templates/Default/js/bootstrap.min.js
  227. - GET: http://www.holypvp.net/custom/templates/Default/js/jquery.min.js
  228. - GET: http://www.holypvp.net/custom/templates/Default/js/tether.min.js
  229. - GET: http://www.holypvp.net/index.php?route=/
  230. - GET: http://www.holypvp.net/index.php?route=/forgot_password
  231. - GET: http://www.holypvp.net/index.php?route=/login
  232. - GET: http://www.holypvp.net/index.php?route=/register
  233. - GET: http://www.holypvp.net/index.php?route=/statistics
  234. - GET: http://www.holypvp.net/index.php?route=/store
  235. - GET: http://www.holypvp.net/index.php?route=/terms
  236. - POST: http://www.holypvp.net/index.php?route=/forgot_password
  237. - POST: http://www.holypvp.net/index.php?route=/login
  238. - POST: http://www.holypvp.net/index.php?route=/register
  239.  
  240. Source: Passive
  241. Description:
  242. The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'.
  243. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body,
  244. potentially causing the response body to be interpreted and displayed as a content type other than the declared content type.
  245. Current (early 2014) and legacy versions of Firefox will use the declared content type
  246. (if one is set), rather than performing MIME-sniffing.
  247.  
  248. Other Info:
  249. This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues,
  250. in which case there is still concern for browsers sniffing pages away from their actual content type.
  251. At "High" threshold this scanner will not alert on client or server error responses.
  252.  
  253. Solution:
  254. Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the
  255. X-Content-Type-Options header to 'nosniff' for all web pages.
  256. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform
  257. MIME-sniffing at all, or that can be directed by the
  258. web application/web server to not perform MIME-sniffing.
  259. =============================================================
  260. {Open Directories & Vectors}
  261.  
  262. holypvp.net
  263.  
  264. - /statsk/ - OK
  265. - /core/ - OK
  266. - /icons/ - OK
  267. - /custom/ - OK
  268. - /uploads/ - OK
  269. - /modules/ - OK
  270. - /cgi-bin/ - Forbidden
  271. - /core/assets/
  272. - /core/assets/css/
  273. - /core/assets/fonts/
  274. - /core/assets/img/
  275. - /core/assets/img/ping/
  276. - /core/assets/js/
  277. - /core/assets/plugins/
  278. - /core/assets/plugins/bootstrap-colorpicker/
  279. - /core/assets/plugins/bootstrap-colorpicker/css/
  280. - /core/assets/plugins/bootstrap-colorpicker/img/
  281. - /core/assets/plugins/bootstrap-colorpicker/img/bootstrap-colorpicker/
  282. - /core/assets/plugins/bootstrap-colorpicker/js/
  283. - /core/assets/plugins/bootstrap-datepicker
  284. - /core/assets/plugins/bootstrap-datepicker/css
  285. - /core/assets/plugins/bootstrap-datepicker/js
  286. - /core/assets/plugins/bootstrap-datepicker/locales
  287. - /core/assets/plugins/charts
  288. - /core/assets/plugins/ckeditor
  289. - /core/assets/plugins/ckeditor/adapters
  290. - /core/assets/plugins/ckeditor/lang
  291. - /core/assets/plugins/ckeditor/plugins
  292. - /core/assets/plugins/ckeditor/plugins/a11yhelp
  293. - /core/assets/plugins/ckeditor/plugins/a11yhelp/dialogs
  294. - /core/assets/plugins/ckeditor/plugins/a11yhelp/dialogs/lang
  295. - /core/assets/plugins/ckeditor/plugins/about
  296. - /core/assets/plugins/ckeditor/plugins/about/dialogs
  297. - /core/assets/plugins/ckeditor/plugins/about/dialogs/hidpi
  298. - /core/assets/plugins/ckeditor/plugins/ckawesome
  299. - /core/assets/plugins/ckeditor/plugins/ckawesome/dialogs
  300. - /core/assets/plugins/ckeditor/plugins/ckawesome/resources
  301. - /core/assets/plugins/ckeditor/plugins/ckawesome/resources/select2
  302. - /core/assets/plugins/ckeditor/plugins/codesnippet
  303. - /core/assets/plugins/ckeditor/plugins/codesnippet/dialogs
  304. - /core/assets/plugins/ckeditor/plugins/codesnippet/lib
  305. - /core/assets/plugins/ckeditor/plugins/codesnippet/lib/highlight
  306. - /core/assets/plugins/ckeditor/plugins/codesnippet/lib/highlight/styles
  307. - /core/assets/plugins/ckeditor/plugins/codesnippetgeshi
  308. - /core/assets/plugins/ckeditor/plugins/colordialog
  309. - /core/assets/plugins/ckeditor/plugins/colordialog/dialogs
  310. - /core/assets/plugins/ckeditor/plugins/copyformatting
  311. - /core/assets/plugins/ckeditor/plugins/copyformatting/cursors
  312. - /core/assets/plugins/ckeditor/plugins/copyformatting/styles
  313. - /core/assets/plugins/ckeditor/plugins/dialog
  314. - /core/assets/plugins/ckeditor/plugins/div
  315. - /core/assets/plugins/ckeditor/plugins/div/dialogs
  316. - /core/assets/plugins/ckeditor/plugins/emojione
  317. - /core/assets/plugins/ckeditor/plugins/emojione/dialogs
  318. - /core/assets/plugins/ckeditor/plugins/emojione/icons
  319. - /core/assets/plugins/ckeditor/plugins/emojione/sprites
  320. - /core/assets/plugins/ckeditor/plugins/emojione/styles
  321. - /core/assets/plugins/ckeditor/plugins/find
  322. - /core/assets/plugins/ckeditor/plugins/find/dialogs
  323. - /core/assets/plugins/ckeditor/plugins/flash
  324. - /core/assets/plugins/ckeditor/plugins/flash/dialogs
  325. - /core/assets/plugins/ckeditor/plugins/flash/images
  326. - /core/assets/plugins/ckeditor/plugins/iframe
  327. - /core/assets/plugins/ckeditor/plugins/iframe/dialogs
  328. - /core/assets/plugins/ckeditor/plugins/iframe/images
  329. - /core/assets/plugins/ckeditor/plugins/image
  330. - /core/assets/plugins/ckeditor/plugins/image/dialogs
  331. - /core/assets/plugins/ckeditor/plugins/image/images
  332. - /core/assets/plugins/ckeditor/plugins/image2
  333. - /core/assets/plugins/ckeditor/plugins/image2/dialogs
  334. - /core/assets/plugins/ckeditor/plugins/link
  335. - /core/assets/plugins/ckeditor/plugins/link/dialogs
  336. - /core/assets/plugins/ckeditor/plugins/link/images
  337. - /core/assets/plugins/ckeditor/plugins/link/images/hidpi
  338. - /core/assets/plugins/ckeditor/plugins/liststyle
  339. - /core/assets/plugins/ckeditor/plugins/liststyle/dialogs
  340. - /core/assets/plugins/ckeditor/plugins/magicline
  341. - /core/assets/plugins/ckeditor/plugins/magicline/images
  342. - /core/assets/plugins/ckeditor/plugins/magicline/images/hidpi
  343. - /core/assets/plugins/ckeditor/plugins/markdown
  344. - /core/assets/plugins/ckeditor/plugins/markdown/css
  345. - /core/assets/plugins/ckeditor/plugins/markdown/js
  346. - /core/assets/plugins/ckeditor/plugins/markdown/theme
  347. - /core/assets/plugins/ckeditor/plugins/pagebreak
  348. - /core/assets/plugins/ckeditor/plugins/pagebreak/images
  349. - /core/assets/plugins/ckeditor/plugins/pastefromword
  350. - /core/assets/plugins/ckeditor/plugins/pastefromword/filter
  351. - /core/assets/plugins/ckeditor/plugins/preview
  352. - /core/assets/plugins/ckeditor/plugins/scayt
  353. - /core/assets/plugins/ckeditor/plugins/scayt/dialogs
  354. - /core/assets/plugins/ckeditor/plugins/scayt/skins
  355. - /core/assets/plugins/ckeditor/plugins/scayt/skins/moono-lisa
  356. - /core/assets/plugins/ckeditor/plugins/showblocks
  357. - /core/assets/plugins/ckeditor/plugins/showblocks/images
  358. - /core/assets/plugins/ckeditor/plugins/smiley
  359. - /core/assets/plugins/ckeditor/plugins/smiley/dialogs
  360. - /core/assets/plugins/ckeditor/plugins/smiley/images
  361. - /core/assets/plugins/ckeditor/plugins/specialchar
  362. - /core/assets/plugins/ckeditor/plugins/specialchar/dialogs
  363. - /core/assets/plugins/ckeditor/plugins/specialchar/dialogs/lang
  364. - /core/assets/plugins/ckeditor/plugins/spoiler
  365. - /core/assets/plugins/ckeditor/plugins/spoiler/css
  366. - /core/assets/plugins/ckeditor/plugins/spoiler/images
  367. - /core/assets/plugins/ckeditor/plugins/spoiler/js
  368. - /core/assets/plugins/ckeditor/plugins/table
  369. - /core/assets/plugins/ckeditor/plugins/table/dialogs
  370. - /core/assets/plugins/ckeditor/plugins/tableselection
  371. - /core/assets/plugins/ckeditor/plugins/tableselection/styles
  372. - /core/assets/plugins/ckeditor/plugins/tabletools
  373. - /core/assets/plugins/ckeditor/plugins/tabletools/dialogs
  374. - /core/assets/plugins/ckeditor/plugins/templates
  375. - /core/assets/plugins/ckeditor/plugins/templates/dialogs
  376. - /core/assets/plugins/ckeditor/plugins/templates/templates
  377. - /core/assets/plugins/ckeditor/plugins/templates/templates/images
  378. - /core/assets/plugins/c/core/templateskeditor/plugins/tliyoutube2
  379. - /core/assets/plugins/ckeditor/plugins/tliyoutube2/dialogs
  380. - /core/assets/plugins/ckeditor/plugins/widget
  381. - /core/assets/plugins/ckeditor/plugins/widget/images
  382. - /core/assets/plugins/ckeditor/plugins/wsc
  383. - /core/assets/plugins/ckeditor/plugins/wsc/dialogs
  384. - /core/assets/plugins/ckeditor/plugins/wsc/skins
  385. - /core/assets/plugins/ckeditor/plugins/wsc/skins/moono-lisa
  386. - /core/assets/plugins/ckeditor/samples/
  387. - /core/assets/plugins/codemirror
  388. - /core/assets/plugins/codemirror/lib
  389. - /core/assets/plugins/codemirror/mode/
  390. - /core/assets/plugins/dataTables
  391. - /core/assets/plugins/dropzone
  392. - /core/assets/plugins/emoji
  393. - /core/assets/plugins/emoji/css
  394. - /core/assets/plugins/emoji/js
  395. - /core/assets/plugins/emoji/sprites
  396. - /core/assets/plugins/emojionearea
  397. - /core/assets/plugins/emojionearea/js
  398. - /core/assets/plugins/google-code-prettify
  399. - /core/assets/plugins/image-picker
  400. - /core/assets/plugins/moment
  401. - /core/assets/plugins/switchery
  402. - /core/assets/plugins/toastr
  403. - /core/avatar
  404. - /core/avatar/cache
  405. - /core/classes/
  406. - /core/includes
  407. - /core/includes/TeamSpeak3
  408. - /core/includes/TeamSpeak3/Adapter
  409. - /core/includes/TeamSpeak3/Adapter/Blacklist
  410. - /core/includes/TeamSpeak3/Adapter/FileTransfer
  411. - /core/includes/TeamSpeak3/Adapter/ServerQuery
  412. - /core/includes/TeamSpeak3/Adapter/TSDNS
  413. - /core/includes/TeamSpeak3/Adapter/Update
  414. - /core/includes/TeamSpeak3/Helper
  415. - /core/includes/TeamSpeak3/Helper/Profiler
  416. - /core/includes/TeamSpeak3/Helper/Signal
  417. - /core/includes/TeamSpeak3/Node
  418. - /core/includes/TeamSpeak3/Transport
  419. - /core/includes/TeamSpeak3/Viewer
  420. - /core/includes/bulletproof
  421. - /core/includes/bulletproof/utils
  422. - /core/includes/emojione
  423. - /core/includes/htmlpurifier
  424. - /core/includes/htmlpurifier/standalone
  425. - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema
  426. - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder
  427. - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange
  428. - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema
  429. - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache
  430. - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer
  431. - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS
  432. - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML
  433. - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI
  434. - /core/includes/htmlpurifier/standalone/HTMLPurifier/EntityLookup
  435. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Filter
  436. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language
  437. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language/classes
  438. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language/messages
  439. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Lexer
  440. - /core/includes/htmlpurifier/standalone/HTMLPurifier/Printer
  441. - /core/includes/geshi
  442. - /core/includes/geshi/contrib
  443. - /core/includes/geshi/docs
  444. - /core/includes/geshi/geshi
  445. - /core/includes/markdown
  446. - /core/includes/markdown/tohtml
  447. - /core/includes/markdown/tomarkdown
  448. - /core/includes/markdown/tomarkdown/Converter
  449. - /core/includes/phpmailer
  450. - /core/includes/smarty
  451. - /core/includes/smarty/plugins
  452. - /core/includes/smarty/sysplugins
  453. - /core/includes/updates
  454. - /core/installation
  455. - /core/installation/views
  456. - /core/integration
  457. - /core/integration/banner
  458. - /core/integration/status
  459. - /core/templates
  460. - /custom/languages
  461. - /custom/languages/EnglishUK
  462. - /custom/templates
  463. - /custom/templates/Default/ - Contains Default Template of Admin panel! (Can download php files to execute XSS!)
  464. - /uploads/avatars
  465. - /uploads/avatars/defaults
  466. - /uploads/backgrounds
  467. - /uploads/banners
  468. - /uploads/profile_images
  469. - /modules/Core
  470. - /modules/Core/queries
  471. - /modules/Core/views
  472. - /modules/Core/views/admin
  473. - /modules/Core/widgets
  474. - /modules/Forum/classes
  475. - /modules/Forum/language
  476. - /modules/Forum/language/Dutch
  477. - /modules/Forum/language/EnglishUK
  478. - /modules/Forum/language/EnglishUS
  479. - /modules/Forum/language/French
  480. - /modules/Forum/language/German
  481. - /modules/Forum/language/Romanian/
  482. - /modules/Statistics
  483. - /modules/Statistics/languages
  484. - /modules/Statistics/languages/EnglishUK
  485. - /modules/Statistics/pages
  486. - /modules/Store
  487. - /modules/Store/languages
  488. - /modules/Store/languages/EnglishUK
  489. - /modules/Store/pages
  490.  
  491. holyh.cf
  492.  
  493. - /icons/ - OK
  494. - /icons/small/ - OK
  495. - /fonts/ - 404
  496. - /fonts/Light/ - 404
  497. - /noindex/ - 404
  498. - /noindex/css/ - 404
  499. - /phpmyadmin/ - OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!