Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ___ ___ .__ ___ ___ _________ ___________
- / | \ ____ | | ___.__./ | \ \_ ___ \\_ _____/
- / ~ \/ _ \| |< | / ~ \/ \ \/ | __)
- \ Y ( <_> ) |_\___ \ Y /\ \____| \
- \___|_ / \____/|____/ ____|\___|_ / \______ /\___ /
- \/ \/ \/ \/ \/
- =============================================================
- {Backend IPS & Domains}
- holyh.cf - 66.70.180.164 (HTTPS)
- store.holyh.cf - 149.56.130.214 (HTTPS)
- ts.holyh.cf - 149.56.130.214 (TS3)
- holypvp.net - 149.56.130.214 (HTTPS)
- www.holypvp.net - 149.56.130.214 (HTTPS)
- stats.holypvp.net - 149.56.130.214 (HTTPS)
- server.holypvp.net - 66.70.180.164 (HTTPS)
- store.holypvp.net - 104.27.140.164 (HTTP Proxy)
- =============================================================
- {Domain Whois Information}
- Holypvp.net
- Name- PvP, Holy
- Address - Bermudez, 858
- City - BSAS
- State / Province - BS
- Postal Code - 1406
- Country - AR
- Phone - +1.149141763
- Fax - +1.149141763
- =============================================================
- {PHP Onpage Information}
- HTTP/1.1 200 OK
- Date: Thu, 30 Nov 2017 22:00:27 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- Set-Cookie: PHPSESSID=rpal5cd4io0nr9d54s6m522361; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Content-Type: text/html; charset=UTF-8
- =============================================================
- {IP Open Ports}
- 66.70.180.164:
- Discovered open port 22/tcp on 66.70.180.164
- Discovered open port 554/tcp on 66.70.180.164
- Discovered open port 80/tcp on 66.70.180.164
- Discovered open port 3306/tcp on 66.70.180.164
- 149.56.130.214:
- Discovered open port 80/tcp on 149.56.130.214
- Discovered open port 3306/tcp on 149.56.130.214
- Discovered open port 554/tcp on 149.56.130.214
- Discovered open port 22/tcp on 149.56.130.214
- =============================================================
- {Exploits and Errors on Websites}
- holypvp.net:
- Error name: X-Frame-Options - Header Not Set
- URL: http://www.holypvp.net/
- Risk: Medium
- Confidence: Medium
- Parameter: X-Frame-Options
- Attack: N/A
- Evidence:
- - GET: http://www.holypvp.net/
- - GET: http://www.holypvp.net/index.php?route=/
- - GET: http://www.holypvp.net/index.php?route=/forgot_password
- - GET: http://www.holypvp.net/index.php?route=/login
- - GET: http://www.holypvp.net/index.php?route=/register
- - GET: http://www.holypvp.net/index.php?route=/statistics
- - GET: http://www.holypvp.net/index.php?route=/store
- - GET: http://www.holypvp.net/index.php?route=/terms
- - POST: http://www.holypvp.net/index.php?route=/forgot_password
- - POST: http://www.holypvp.net/index.php?route=/login
- - POST: http://www.holypvp.net/index.php?route=/register
- Source: Passive
- Description:
- X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
- Solution:
- Most modern Web browsers support the X-Frame-Options HTTP header.
- Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server
- (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN,
- otherwise if you never expect the page to be framed, you should use DENY.
- ALLOW-FROM allows specific websites to frame the web page in supported web browsers).
- Error name: Cookie No HttpOnly Flag
- URL: http://www.holypvp.net/
- Risk: Low
- Confidence: Medium
- Parameter: PHPSESSID
- Attack: N/A
- Evidence:
- - Set-Cookie: PHPSESSID
- - GET: http://www.holypvp.net/
- - GET: http://www.holypvp.net/index.php?route=/
- - GET: http://www.holypvp.net/index.php?route=/forgot_password
- - GET: http://www.holypvp.net/index.php?route=/login
- - GET: http://www.holypvp.net/index.php?route=/register
- - GET: http://www.holypvp.net/index.php?route=/statistics
- - GET: http://www.holypvp.net/index.php?route=/store
- - GET: http://www.holypvp.net/index.php?route=/terms
- - POST: http://www.holypvp.net/index.php?route=/forgot_password
- - POST: http://www.holypvp.net/index.php?route=/login
- - POST: http://www.holypvp.net/index.php?route=/register
- Source: Passive
- Description:
- A cookie has been set without the HttpOnly flag,
- which means that the cookie can be accessed by JavaScript.
- If a malicious script can be run on this page then the cookie will be
- accessible and can be transmitted to another site. If this is a session cookie
- then session
- hijacking may be possible.
- Solution:
- Ensure that the HttpOnly flag is set for all cookies.
- Error name: Cross-Domain JavaScript Source File Inclusion
- URL: http://www.holypvp.net/
- Risk: Low
- Confidence: Medium
- Parameter: //platform.twitter.com/widgets.js
- Attack: N/A
- Evidence:
- - <script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
- - GET: http://www.holypvp.net/
- - GET: http://www.holypvp.net/index.php?route=/
- Source: Passive
- Description: The page includes one or more script files from a third-party domain.
- Solution:
- Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
- Error name: Password Autocomplete in Browser
- URL: http://www.holypvp.net/index.php?route=/register
- Risk: Low
- Confidence: Medium
- Parameter: password
- Attack: N/A
- Evidence:
- - <input type="password" name="password" id="password" class="form-control form-control-lg" placeholder="Password" tabindex="4">
- - GET: http://www.holypvp.net/index.php?route=/register
- - GET: http://www.holypvp.net/index.php?route=/register
- - POST: http://www.holypvp.net/index.php?route=/register
- - POST: http://www.holypvp.net/index.php?route=/register
- Source: Passive
- Description:
- The AUTOCOMPLETE attribute is not disabled on an HTML FORM/INPUT element containing password type input.
- Passwords may be stored in browsers and retrieved.
- Solution:
- Turn off the AUTOCOMPLETE attribute in forms or individual input elements containing password inputs by using AUTOCOMPLETE='OFF'.
- Error name: Web Browser XSS Protection Not Enabled
- URL: http://www.holypvp.net/
- Risk: Low
- Confidence: Medium
- Parameter: X-XSS-Protection
- Attack: N/A
- Evidence:
- - GET: http://www.holypvp.net/
- - GET: http://www.holypvp.net/index.php?route=/
- - GET: http://www.holypvp.net/index.php?route=/forgot_password
- - GET: http://www.holypvp.net/index.php?route=/login
- - GET: http://www.holypvp.net/index.php?route=/register
- - GET: http://www.holypvp.net/index.php?route=/statistics
- - GET: http://www.holypvp.net/index.php?route=/store
- - GET: http://www.holypvp.net/index.php?route=/terms
- - GET: http://www.holypvp.net/robots.txt
- - GET: http://www.holypvp.net/sitemap.xml
- - POST: http://www.holypvp.net/index.php?route=/forgot_password
- - POST: http://www.holypvp.net/index.php?route=/login
- - POST: http://www.holypvp.net/index.php?route=/register
- Source: Passive
- Description:
- Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server.
- Other Info:
- The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser's XSS protection mechanism. The following values would attempt to enable it:
- X-XSS-Protection: 1; mode=block
- X-XSS-Protection: 1; report=http://www.example.com/xss
- The following values would disable it:
- X-XSS-Protection: 0
- The X-XSS-Protection HTTP response header is currently supported on Internet Explorer,
- Chrome and Safari (WebKit).
- Note that this alert is only raised if the response body could potentially contain an XSS payload
- (with a text-based content type, with a non-zero length).
- Solution:
- Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.
- Error name: X-Content-Type-Options Header Missing
- URL: http://www.holypvp.net/
- Risk: Low
- Confidence: Medium
- Parameter: X-Content-Type-Options
- Attack: N/A
- Evidence:
- - GET: http://www.holypvp.net/
- - GET: http://www.holypvp.net/core/assets/css/custom.css
- - GET: http://www.holypvp.net/core/assets/css/font-awesome.min.css
- - GET: http://www.holypvp.net/core/assets/plugins/emoji/css/emojione.min.css
- - GET: http://www.holypvp.net/core/assets/plugins/emoji/js/emojione.min.js
- - GET: http://www.holypvp.net/core/assets/plugins/toastr/toastr.min.css
- - GET: http://www.holypvp.net/core/assets/plugins/toastr/toastr.min.js
- - GET: http://www.holypvp.net/custom/templates/Default/css/bootstrap.min.css
- - GET: http://www.holypvp.net/custom/templates/Default/css/custom.css
- - GET: http://www.holypvp.net/custom/templates/Default/js/bootstrap.min.js
- - GET: http://www.holypvp.net/custom/templates/Default/js/jquery.min.js
- - GET: http://www.holypvp.net/custom/templates/Default/js/tether.min.js
- - GET: http://www.holypvp.net/index.php?route=/
- - GET: http://www.holypvp.net/index.php?route=/forgot_password
- - GET: http://www.holypvp.net/index.php?route=/login
- - GET: http://www.holypvp.net/index.php?route=/register
- - GET: http://www.holypvp.net/index.php?route=/statistics
- - GET: http://www.holypvp.net/index.php?route=/store
- - GET: http://www.holypvp.net/index.php?route=/terms
- - POST: http://www.holypvp.net/index.php?route=/forgot_password
- - POST: http://www.holypvp.net/index.php?route=/login
- - POST: http://www.holypvp.net/index.php?route=/register
- Source: Passive
- Description:
- The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'.
- This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body,
- potentially causing the response body to be interpreted and displayed as a content type other than the declared content type.
- Current (early 2014) and legacy versions of Firefox will use the declared content type
- (if one is set), rather than performing MIME-sniffing.
- Other Info:
- This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues,
- in which case there is still concern for browsers sniffing pages away from their actual content type.
- At "High" threshold this scanner will not alert on client or server error responses.
- Solution:
- Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the
- X-Content-Type-Options header to 'nosniff' for all web pages.
- If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform
- MIME-sniffing at all, or that can be directed by the
- web application/web server to not perform MIME-sniffing.
- =============================================================
- {Open Directories & Vectors}
- holypvp.net
- - /statsk/ - OK
- - /core/ - OK
- - /icons/ - OK
- - /custom/ - OK
- - /uploads/ - OK
- - /modules/ - OK
- - /cgi-bin/ - Forbidden
- - /core/assets/
- - /core/assets/css/
- - /core/assets/fonts/
- - /core/assets/img/
- - /core/assets/img/ping/
- - /core/assets/js/
- - /core/assets/plugins/
- - /core/assets/plugins/bootstrap-colorpicker/
- - /core/assets/plugins/bootstrap-colorpicker/css/
- - /core/assets/plugins/bootstrap-colorpicker/img/
- - /core/assets/plugins/bootstrap-colorpicker/img/bootstrap-colorpicker/
- - /core/assets/plugins/bootstrap-colorpicker/js/
- - /core/assets/plugins/bootstrap-datepicker
- - /core/assets/plugins/bootstrap-datepicker/css
- - /core/assets/plugins/bootstrap-datepicker/js
- - /core/assets/plugins/bootstrap-datepicker/locales
- - /core/assets/plugins/charts
- - /core/assets/plugins/ckeditor
- - /core/assets/plugins/ckeditor/adapters
- - /core/assets/plugins/ckeditor/lang
- - /core/assets/plugins/ckeditor/plugins
- - /core/assets/plugins/ckeditor/plugins/a11yhelp
- - /core/assets/plugins/ckeditor/plugins/a11yhelp/dialogs
- - /core/assets/plugins/ckeditor/plugins/a11yhelp/dialogs/lang
- - /core/assets/plugins/ckeditor/plugins/about
- - /core/assets/plugins/ckeditor/plugins/about/dialogs
- - /core/assets/plugins/ckeditor/plugins/about/dialogs/hidpi
- - /core/assets/plugins/ckeditor/plugins/ckawesome
- - /core/assets/plugins/ckeditor/plugins/ckawesome/dialogs
- - /core/assets/plugins/ckeditor/plugins/ckawesome/resources
- - /core/assets/plugins/ckeditor/plugins/ckawesome/resources/select2
- - /core/assets/plugins/ckeditor/plugins/codesnippet
- - /core/assets/plugins/ckeditor/plugins/codesnippet/dialogs
- - /core/assets/plugins/ckeditor/plugins/codesnippet/lib
- - /core/assets/plugins/ckeditor/plugins/codesnippet/lib/highlight
- - /core/assets/plugins/ckeditor/plugins/codesnippet/lib/highlight/styles
- - /core/assets/plugins/ckeditor/plugins/codesnippetgeshi
- - /core/assets/plugins/ckeditor/plugins/colordialog
- - /core/assets/plugins/ckeditor/plugins/colordialog/dialogs
- - /core/assets/plugins/ckeditor/plugins/copyformatting
- - /core/assets/plugins/ckeditor/plugins/copyformatting/cursors
- - /core/assets/plugins/ckeditor/plugins/copyformatting/styles
- - /core/assets/plugins/ckeditor/plugins/dialog
- - /core/assets/plugins/ckeditor/plugins/div
- - /core/assets/plugins/ckeditor/plugins/div/dialogs
- - /core/assets/plugins/ckeditor/plugins/emojione
- - /core/assets/plugins/ckeditor/plugins/emojione/dialogs
- - /core/assets/plugins/ckeditor/plugins/emojione/icons
- - /core/assets/plugins/ckeditor/plugins/emojione/sprites
- - /core/assets/plugins/ckeditor/plugins/emojione/styles
- - /core/assets/plugins/ckeditor/plugins/find
- - /core/assets/plugins/ckeditor/plugins/find/dialogs
- - /core/assets/plugins/ckeditor/plugins/flash
- - /core/assets/plugins/ckeditor/plugins/flash/dialogs
- - /core/assets/plugins/ckeditor/plugins/flash/images
- - /core/assets/plugins/ckeditor/plugins/iframe
- - /core/assets/plugins/ckeditor/plugins/iframe/dialogs
- - /core/assets/plugins/ckeditor/plugins/iframe/images
- - /core/assets/plugins/ckeditor/plugins/image
- - /core/assets/plugins/ckeditor/plugins/image/dialogs
- - /core/assets/plugins/ckeditor/plugins/image/images
- - /core/assets/plugins/ckeditor/plugins/image2
- - /core/assets/plugins/ckeditor/plugins/image2/dialogs
- - /core/assets/plugins/ckeditor/plugins/link
- - /core/assets/plugins/ckeditor/plugins/link/dialogs
- - /core/assets/plugins/ckeditor/plugins/link/images
- - /core/assets/plugins/ckeditor/plugins/link/images/hidpi
- - /core/assets/plugins/ckeditor/plugins/liststyle
- - /core/assets/plugins/ckeditor/plugins/liststyle/dialogs
- - /core/assets/plugins/ckeditor/plugins/magicline
- - /core/assets/plugins/ckeditor/plugins/magicline/images
- - /core/assets/plugins/ckeditor/plugins/magicline/images/hidpi
- - /core/assets/plugins/ckeditor/plugins/markdown
- - /core/assets/plugins/ckeditor/plugins/markdown/css
- - /core/assets/plugins/ckeditor/plugins/markdown/js
- - /core/assets/plugins/ckeditor/plugins/markdown/theme
- - /core/assets/plugins/ckeditor/plugins/pagebreak
- - /core/assets/plugins/ckeditor/plugins/pagebreak/images
- - /core/assets/plugins/ckeditor/plugins/pastefromword
- - /core/assets/plugins/ckeditor/plugins/pastefromword/filter
- - /core/assets/plugins/ckeditor/plugins/preview
- - /core/assets/plugins/ckeditor/plugins/scayt
- - /core/assets/plugins/ckeditor/plugins/scayt/dialogs
- - /core/assets/plugins/ckeditor/plugins/scayt/skins
- - /core/assets/plugins/ckeditor/plugins/scayt/skins/moono-lisa
- - /core/assets/plugins/ckeditor/plugins/showblocks
- - /core/assets/plugins/ckeditor/plugins/showblocks/images
- - /core/assets/plugins/ckeditor/plugins/smiley
- - /core/assets/plugins/ckeditor/plugins/smiley/dialogs
- - /core/assets/plugins/ckeditor/plugins/smiley/images
- - /core/assets/plugins/ckeditor/plugins/specialchar
- - /core/assets/plugins/ckeditor/plugins/specialchar/dialogs
- - /core/assets/plugins/ckeditor/plugins/specialchar/dialogs/lang
- - /core/assets/plugins/ckeditor/plugins/spoiler
- - /core/assets/plugins/ckeditor/plugins/spoiler/css
- - /core/assets/plugins/ckeditor/plugins/spoiler/images
- - /core/assets/plugins/ckeditor/plugins/spoiler/js
- - /core/assets/plugins/ckeditor/plugins/table
- - /core/assets/plugins/ckeditor/plugins/table/dialogs
- - /core/assets/plugins/ckeditor/plugins/tableselection
- - /core/assets/plugins/ckeditor/plugins/tableselection/styles
- - /core/assets/plugins/ckeditor/plugins/tabletools
- - /core/assets/plugins/ckeditor/plugins/tabletools/dialogs
- - /core/assets/plugins/ckeditor/plugins/templates
- - /core/assets/plugins/ckeditor/plugins/templates/dialogs
- - /core/assets/plugins/ckeditor/plugins/templates/templates
- - /core/assets/plugins/ckeditor/plugins/templates/templates/images
- - /core/assets/plugins/c/core/templateskeditor/plugins/tliyoutube2
- - /core/assets/plugins/ckeditor/plugins/tliyoutube2/dialogs
- - /core/assets/plugins/ckeditor/plugins/widget
- - /core/assets/plugins/ckeditor/plugins/widget/images
- - /core/assets/plugins/ckeditor/plugins/wsc
- - /core/assets/plugins/ckeditor/plugins/wsc/dialogs
- - /core/assets/plugins/ckeditor/plugins/wsc/skins
- - /core/assets/plugins/ckeditor/plugins/wsc/skins/moono-lisa
- - /core/assets/plugins/ckeditor/samples/
- - /core/assets/plugins/codemirror
- - /core/assets/plugins/codemirror/lib
- - /core/assets/plugins/codemirror/mode/
- - /core/assets/plugins/dataTables
- - /core/assets/plugins/dropzone
- - /core/assets/plugins/emoji
- - /core/assets/plugins/emoji/css
- - /core/assets/plugins/emoji/js
- - /core/assets/plugins/emoji/sprites
- - /core/assets/plugins/emojionearea
- - /core/assets/plugins/emojionearea/js
- - /core/assets/plugins/google-code-prettify
- - /core/assets/plugins/image-picker
- - /core/assets/plugins/moment
- - /core/assets/plugins/switchery
- - /core/assets/plugins/toastr
- - /core/avatar
- - /core/avatar/cache
- - /core/classes/
- - /core/includes
- - /core/includes/TeamSpeak3
- - /core/includes/TeamSpeak3/Adapter
- - /core/includes/TeamSpeak3/Adapter/Blacklist
- - /core/includes/TeamSpeak3/Adapter/FileTransfer
- - /core/includes/TeamSpeak3/Adapter/ServerQuery
- - /core/includes/TeamSpeak3/Adapter/TSDNS
- - /core/includes/TeamSpeak3/Adapter/Update
- - /core/includes/TeamSpeak3/Helper
- - /core/includes/TeamSpeak3/Helper/Profiler
- - /core/includes/TeamSpeak3/Helper/Signal
- - /core/includes/TeamSpeak3/Node
- - /core/includes/TeamSpeak3/Transport
- - /core/includes/TeamSpeak3/Viewer
- - /core/includes/bulletproof
- - /core/includes/bulletproof/utils
- - /core/includes/emojione
- - /core/includes/htmlpurifier
- - /core/includes/htmlpurifier/standalone
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/EntityLookup
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Filter
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language/classes
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Language/messages
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Lexer
- - /core/includes/htmlpurifier/standalone/HTMLPurifier/Printer
- - /core/includes/geshi
- - /core/includes/geshi/contrib
- - /core/includes/geshi/docs
- - /core/includes/geshi/geshi
- - /core/includes/markdown
- - /core/includes/markdown/tohtml
- - /core/includes/markdown/tomarkdown
- - /core/includes/markdown/tomarkdown/Converter
- - /core/includes/phpmailer
- - /core/includes/smarty
- - /core/includes/smarty/plugins
- - /core/includes/smarty/sysplugins
- - /core/includes/updates
- - /core/installation
- - /core/installation/views
- - /core/integration
- - /core/integration/banner
- - /core/integration/status
- - /core/templates
- - /custom/languages
- - /custom/languages/EnglishUK
- - /custom/templates
- - /custom/templates/Default/ - Contains Default Template of Admin panel! (Can download php files to execute XSS!)
- - /uploads/avatars
- - /uploads/avatars/defaults
- - /uploads/backgrounds
- - /uploads/banners
- - /uploads/profile_images
- - /modules/Core
- - /modules/Core/queries
- - /modules/Core/views
- - /modules/Core/views/admin
- - /modules/Core/widgets
- - /modules/Forum/classes
- - /modules/Forum/language
- - /modules/Forum/language/Dutch
- - /modules/Forum/language/EnglishUK
- - /modules/Forum/language/EnglishUS
- - /modules/Forum/language/French
- - /modules/Forum/language/German
- - /modules/Forum/language/Romanian/
- - /modules/Statistics
- - /modules/Statistics/languages
- - /modules/Statistics/languages/EnglishUK
- - /modules/Statistics/pages
- - /modules/Store
- - /modules/Store/languages
- - /modules/Store/languages/EnglishUK
- - /modules/Store/pages
- holyh.cf
- - /icons/ - OK
- - /icons/small/ - OK
- - /fonts/ - 404
- - /fonts/Light/ - 404
- - /noindex/ - 404
- - /noindex/css/ - 404
- - /phpmyadmin/ - OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement