DevDripzie DOX

==============================================
*********DOXED BY ANONYMOUS*****
==============================================
Owner: DevDripzie#8879
Email: devdripzieinc@gmail.com
==============================================
Websites & Profiles:
Old ass: https://odripzieinccontrollers.site123.me/
Old 2017 Website: https://devdripzieinc.wordpress.com/
Website URL: https://skidbooter.com
Profile: https://www.nulled.to/user/1362835-devdripzie
Profile Twitch: https://www.twitch.tv/odripzie
==============================================
Twitter 1: https://twitter.com/devdripzie
Twitter 2: https://twitter.com/odripzie5
Twitter 3: https://twitter.com/DripzieInc
Twitter 4: https://twitter.com/oDripzieInc
Joined March 2017
"Tweets The latest Tweets from Dev Dripzie
(@DevDripzie). Web Developer
NFO/VPN Seller Xbox Modder NFO Spots -
$5 a Month VPN Spots - $3 a Month Bo2 Recovery
$3 Ghost Camo - $2."
ENJOY FAGGOT!!
================================================================================================================================
Vulnerability Scan of his website very shitty
======================================================================================================================================
skidbooter.com
Scan time
Scan started
2018-02-27 03:44
Scan finished
2018-02-27 07:12
Finding summary
Email Spoofing / Missing SPF
Record
1
Login Cross Site Request
Forgery (CSRF/XSRF)
2
Unencrypted Login Sessions 3
Directory Listing 8
CSRF Token Leakage Through
HTTP GET
4
Technology Disclosure 2
Script Integrity Attribute Not
Implemented
4
Invalid HTML Content 2
Referrer-Policy Not
Implemented
5
Empty Document 2
Crawled URL's 1
Discovered Host(s) 1
Email Enumeration 1
External Resources 2
Fingerprinted Software 2
Scan settings
Scan subdomains Yes
Scan as device Detectify
HTML Comments 2
Lacking DMARC Policy 1
Missing Content Type 6
Remote Administration Portal 4
Service Providers 1
Content Sniffing 34
Email Spoofing / Missing SPF Record
What does this mean?
The domain lacks a DNS SPF policy record. SPF policies must to be applied on every domain
(including subdomains) having either an A, AAAA or MX record.
here (http://support.detectify.com/customer/en/portal/articles/2166468-missing-spf-record).
here
(https://support.detectify.com/customer/en/portal/articles/2466214-missing-insufficient-dmarc-record).
What can happen?
An attacker will be able to spoof emails originating from the domain, allowing for phishing attacks or
other scams.
Summary
Entry Found at CVSS
1 skidbooter.com 6.2
1. Email Spoofing / Missing SPF Record
Summary
Found At
skidbooter.com
CVSS
6.2 of 10.0
Resources
REMEDIATION - Detectify Support Center - Missing/insufficient SPF record
DETECTIFY - Misconfigured email servers open the door to spoofed emails from top domains
DETECTIFY - How to identify a phishing email
MISC - SPF Validator (dmarcanalyzer.com)
Login Cross Site Request Forgery (CSRF/XSRF)
What does this mean?
The web site seems to be lacking CSRF token on a login form.
our knowledge base (http://support.detectify.com/customer/portal/articles/1969819-login-csrf).
What can happen?
An attacker can force an unsuspecting user to sign in to the attacker's account. What can be done
from there depends on the application. Example: An attacker can force an unsuspecting user to login
to the attacker's account and when the user buys something, the credit card is added to the attacker's
account.
Summary
Entry Found at CVSS
1 http://skidbooter.com/register.php 6.2
2 https://skidbooter.com/register.php 6.2
1. Login Cross Site Request Forgery (CSRF/XSRF)
Summary
Found At
http://skidbooter.com/register.php
CVSS
6.2 of 10.0
Request Headers
GET /register.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Cache-Control no-store, no-cache, must-revalidate
Server cloudflare
CF-RAY 3f383f06059e6a9d-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 19 Nov 1981 08:52:00 GMT
Pragma no-cache
Date Tue, 27 Feb 2018 04:02:01 GMT
Content-Type text/html; charset=UTF-8
<form class="js-validation-register form-horizontal push-50-t push-50" method="post"
novalidate="novalidate">
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="text"
id="register-username" name="register-username" placeholder="Please enter a username">
 <label for="register-username">Username</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="email"
id="register-email" name="register-email" placeholder="Please provide your email">
 <label for="register-email">Email</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password" name="register-password" placeholder="Choose a strong password">
 <label for="register-password">Password</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password2" name="register-password2" placeholder="..and confirm it">
 <label for="register-password2">Confirm Password</label>
 </div>
 </div>
 </div>
				<div class="form-group">
 <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
 <div class="g-recaptcha"
data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <label class="css-input switch switch-sm switch-success">
 <input required="" type="checkbox" id="register-terms"
name="register-terms"><span></span> I agree with terms &amp; conditions
 </label>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12 col-sm-6 col-md-5">
 <button name="doCreate" value="create" class="btn btn-block
btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
 </div>
 </div>
 </form>
Resources
REMEDIATION - Detectify Support Center - Login CSRF
REMEDIATION - Detectify Support Center - CSRF
STACK OVERFLOW - How to protect against login CSRF?
VIDEO - What is a CSRF?
1. Login Cross Site Request Forgery (CSRF/XSRF)
Summary
Found At
https://skidbooter.com/register.php
CVSS
6.2 of 10.0
Request Headers
GET /register.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383bd6cb3969d7-LHR
Connection keep-alive
Pragma no-cache
Date Tue, 27 Feb 2018 03:59:50 GMT
Cache-Control no-store, no-cache, must-revalidate
Content-Encoding gzip
Set-Cookie PHPSESSID=18n1ckqomkpbrhklpjhtltpl44; path=/
Vary Accept-Encoding
Expires Thu, 19 Nov 1981 08:52:00 GMT
Content-Type text/html; charset=UTF-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
<form class="js-validation-register form-horizontal push-50-t push-50" method="post"
novalidate="novalidate">
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="text"
id="register-username" name="register-username" placeholder="Please enter a username">
 <label for="register-username">Username</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="email"
id="register-email" name="register-email" placeholder="Please provide your email">
 <label for="register-email">Email</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password" name="register-password" placeholder="Choose a strong password">
 <label for="register-password">Password</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password2" name="register-password2" placeholder="..and confirm it">
 <label for="register-password2">Confirm Password</label>
 </div>
 </div>
 </div>
				<div class="form-group">
 <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
 <div class="g-recaptcha"
data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <label class="css-input switch switch-sm switch-success">
 <input required="" type="checkbox" id="register-terms"
name="register-terms"><span></span> I agree with terms &amp; conditions
 </label>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12 col-sm-6 col-md-5">
 <button name="doCreate" value="create" class="btn btn-block
btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
 </div>
 </div>
 </form>
Resources
REMEDIATION - Detectify Support Center - Login CSRF
REMEDIATION - Detectify Support Center - CSRF
STACK OVERFLOW - How to protect against login CSRF?
VIDEO - What is a CSRF?
Unencrypted Login Sessions
What does this mean?
The login form isn't using HTTPS.
here (http://support.detectify.com/customer/portal/articles/2792104-unencrypted-login-sessions).
What can happen?
An attacker can, if intercepting the traffic, read login credentials in plain text.
Summary
Entry Found at CVSS
1 http://skidbooter.com/phpmyadmin/ 5.5
2 http://skidbooter.com/phpmyadmin/index.php 5.5
3 http://skidbooter.com/register.php 5.5
1. Unencrypted Login Sessions
Summary
Found At
http://skidbooter.com/phpmyadmin/
CVSS
5.5 of 10.0
Request Headers
GET /phpmyadmin/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383dcbd49e6ba3-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:01:11 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:02:13 +0000
Content-Type text/html; charset=utf-8
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>Log in<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
class="icon ic_b_help"></a></legend><div class="item">
 <label for="input_username">Username:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">Password:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
value="561988dc337f5e14462e9e1d9d786982"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
1. Unencrypted Login Sessions
Summary
Found At
http://skidbooter.com/phpmyadmin/index.php
CVSS
5.5 of 10.0
Request Headers
GET
/phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383f8332976b55-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:02:21 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
path=/phpmyadmin/; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:03:24 +0000
Content-Type text/html; charset=utf-8
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>Log in<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
class="icon ic_b_help"></a></legend><div class="item">
 <label for="input_username">Username:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">Contrasigno:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="Vade" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="token"
value="ed03f5241d278db93cac7a89eb07c6e2"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
1. Unencrypted Login Sessions
Summary
Found At
http://skidbooter.com/register.php
CVSS
5.5 of 10.0
Request Headers
GET /register.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Cache-Control no-store, no-cache, must-revalidate
Server cloudflare
CF-RAY 3f383f06059e6a9d-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 19 Nov 1981 08:52:00 GMT
Pragma no-cache
Date Tue, 27 Feb 2018 04:02:01 GMT
Content-Type text/html; charset=UTF-8
<form class="js-validation-register form-horizontal push-50-t push-50" method="post"
novalidate="novalidate">
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="text"
id="register-username" name="register-username" placeholder="Please enter a username">
 <label for="register-username">Username</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="email"
id="register-email" name="register-email" placeholder="Please provide your email">
 <label for="register-email">Email</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password" name="register-password" placeholder="Choose a strong password">
 <label for="register-password">Password</label>
 </div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <div class="form-material form-material-success">
 <input required="" class="form-control" type="password"
id="register-password2" name="register-password2" placeholder="..and confirm it">
 <label for="register-password2">Confirm Password</label>
 </div>
 </div>
 </div>
				<div class="form-group">
 <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
 <div class="g-recaptcha"
data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12">
 <label class="css-input switch switch-sm switch-success">
 <input required="" type="checkbox" id="register-terms"
name="register-terms"><span></span> I agree with terms &amp; conditions
 </label>
 </div>
 </div>
 <div class="form-group">
 <div class="col-xs-12 col-sm-6 col-md-5">
 <button name="doCreate" value="create" class="btn btn-block
btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
 </div>
 </div>
 </form>
Resources
REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
Directory Listing
What does this mean?
Directory Listing is enabled which means an attacker can see all files in a directory.
What can happen?
An attacker can use this to discover sensitive files.
Summary
Entry Found at CVSS
1 http://skidbooter.com/assets/ 5
2 http://skidbooter.com/assets/ 5
3 http://skidbooter.com/assets/css/ 5
4 http://skidbooter.com/assets/css/ 5
5 http://skidbooter.com/assets/fonts/ 5
6 http://skidbooter.com/assets/fonts/ 5
7 https://skidbooter.com/ajax/ 5
8 https://skidbooter.com/ajax/ 5
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/
CVSS
5 of 10.0
Request Headers
GET /assets/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383d56b2536ba3-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:00:52 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/
CVSS
5 of 10.0
Request Headers
GET /assets/?C=D;O=A HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f38562e65da6b55-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:17:49 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/css/
CVSS
5 of 10.0
Request Headers
GET /assets/css/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f385639e05c6b55-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:17:51 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/css/
CVSS
5 of 10.0
Request Headers
GET /assets/css/?C=S;O=A HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f38566a22bb6b55-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:17:59 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/fonts/
CVSS
5 of 10.0
Request Headers
GET /assets/fonts/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f38591856d66b55-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:19:49 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
http://skidbooter.com/assets/fonts/
CVSS
5 of 10.0
Request Headers
GET /assets/fonts/?C=M;O=A HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f38593a86e86b55-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:19:54 GMT
Content-Type text/html;charset=UTF-8
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
https://skidbooter.com/ajax/
CVSS
5 of 10.0
Request Headers
GET /ajax/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383d992b6769fb-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:01:02 GMT
Content-Type text/html;charset=UTF-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
1. Directory Listing
Summary
Found At
https://skidbooter.com/ajax/
CVSS
5 of 10.0
Request Headers
GET /ajax/?C=M;O=A HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f384cb34fa60b7b-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Date Tue, 27 Feb 2018 04:11:21 GMT
Content-Type text/html;charset=UTF-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
CSRF Token Leakage Through HTTP GET
What does this mean?
The CSRF token is in the GET-request.
What can happen?
The CSRF token may be leaked in several ways, such as in browser history and/or HTTP log files. If
there is a link to an external site the token may also leak in the Referer header, which means the
external site gets the victim's token.
Summary
Entry Found at CVSS
1 http://skidbooter.com/phpmyadmin/ 3.9
2 http://skidbooter.com/phpmyadmin/index.php 3.9
3 https://skidbooter.com/phpmyadmin/ 3.9
4 https://skidbooter.com/phpmyadmin/index.php 3.9
1. CSRF Token Leakage Through HTTP GET
Summary
Found At
http://skidbooter.com/phpmyadmin/
CVSS
3.9 of 10.0
Request Headers
GET /phpmyadmin/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383dcbd49e6ba3-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:01:11 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:02:13 +0000
Content-Type text/html; charset=utf-8
<form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
value=""><input type="hidden" name="table" value=""><input type="hidden" name="lang"
value="en"><input type="hidden" name="collation_connection" value="utf8_general_ci"><input
type="hidden" name="token" value="561988dc337f5e14462e9e1d9d786982"><fieldset><legend
lang="en" dir="ltr">Language</legend><select name="lang" class="autosubmit" lang="en"
dir="ltr" id="sel-lang"><option
value="ar">&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577; - Arabic<option
value="az">Az&#601;rbaycanca - Azerbaijani<option
value="bg">&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080; -
Bulgarian<option value="bn">????? - Bangla<option value="ca">Catal&agrave; -
Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
value="de">Deutsch - German<option
value="el">&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940; - Greek<option
value="en" selected="selected">English<option value="en_GB">English (United
Kingdom)<option value="es">Espa&ntilde;ol - Spanish<option value="et">Eesti -
Estonian<option value="fi">Suomi - Finnish<option value="fr">Fran&ccedil;ais - French<option
value="gl">Galego - Galician<option
value="hi">&#2361;&#2367;&#2344;&#2381;&#2342;&#2368; - Hindi<option
value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
value="ja">&#26085;&#26412;&#35486; - Japanese<option
value="ko">&#54620;&#44397;&#50612; - Korean<option value="lt">Lietuvi&#371; -
Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
value="pl">Polski - Polish<option value="pt">Portugu&ecirc;s - Portuguese<option
value="pt_BR">Portugu&ecirc;s - Brazilian portuguese<option value="ro">Rom&acirc;n&#259; -
Romanian<option value="ru">&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; -
Russian<option value="si">&#3523;&#3538;&#3458;&#3524;&#3517; - Sinhala<option
value="sk">Sloven&#269;ina - Slovak<option value="sl">Sloven&scaron;&#269;ina -
Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
Swedish<option value="tr">T&uuml;rk&ccedil;e - Turkish<option
value="uk">&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1089;&#1100;&#1082;&#1072;
- Ukrainian<option value="uz">&#1038;&#1079;&#1073;&#1077;&#1082;&#1095;&#1072; -
Uzbek-cyrillic<option value="uz@latin">O&lsquo;zbekcha - Uzbek-latin<option
value="zh_CN">&#20013;&#25991; - Chinese simplified<option
value="zh_TW">&#20013;&#25991; - Chinese traditional</select></fieldset></form>
Resources
REMEDIATION - Detectify Support Center - CSRF
MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
VIDEO - What is a CSRF?
1. CSRF Token Leakage Through HTTP GET
Summary
Found At
http://skidbooter.com/phpmyadmin/index.php
CVSS
3.9 of 10.0
Request Headers
GET
/phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383f8332976b55-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:02:21 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
path=/phpmyadmin/; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:03:24 +0000
Content-Type text/html; charset=utf-8
<form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
value=""><input type="hidden" name="table" value=""><input type="hidden" name="token"
value="ed03f5241d278db93cac7a89eb07c6e2"><fieldset><legend lang="en" dir="ltr">Linguage
- <em>Language</em></legend><select name="lang" class="autosubmit" lang="en" dir="ltr"
id="sel-lang"><option value="ar">&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577; -
Arabic<option value="az">Az&#601;rbaycanca - Azerbaijani<option
value="bg">&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080; -
Bulgarian<option value="bn">????? - Bangla<option value="ca">Catal&agrave; -
Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
value="de">Deutsch - German<option
value="el">&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940; - Greek<option
value="en">English<option value="en_GB">English (United Kingdom)<option
value="es">Espa&ntilde;ol - Spanish<option value="et">Eesti - Estonian<option
value="fi">Suomi - Finnish<option value="fr">Fran&ccedil;ais - French<option
value="gl">Galego - Galician<option
value="hi">&#2361;&#2367;&#2344;&#2381;&#2342;&#2368; - Hindi<option
value="hu">Magyar - Hungarian<option value="ia" selected="selected">Interlingua -
Interlingua<option value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano -
Italian<option value="ja">&#26085;&#26412;&#35486; - Japanese<option
value="ko">&#54620;&#44397;&#50612; - Korean<option value="lt">Lietuvi&#371; -
Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
value="pl">Polski - Polish<option value="pt">Portugu&ecirc;s - Portuguese<option
value="pt_BR">Portugu&ecirc;s - Brazilian portuguese<option value="ro">Rom&acirc;n&#259; -
Romanian<option value="ru">&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; -
Russian<option value="si">&#3523;&#3538;&#3458;&#3524;&#3517; - Sinhala<option
value="sk">Sloven&#269;ina - Slovak<option value="sl">Sloven&scaron;&#269;ina -
Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
Swedish<option value="tr">T&uuml;rk&ccedil;e - Turkish<option
value="uk">&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1089;&#1100;&#1082;&#1072;
- Ukrainian<option value="uz">&#1038;&#1079;&#1073;&#1077;&#1082;&#1095;&#1072; -
Uzbek-cyrillic<option value="uz@latin">O&lsquo;zbekcha - Uzbek-latin<option
value="zh_CN">&#20013;&#25991; - Chinese simplified<option
value="zh_TW">&#20013;&#25991; - Chinese traditional</select></fieldset></form>
Resources
REMEDIATION - Detectify Support Center - CSRF
MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
VIDEO - What is a CSRF?
1. CSRF Token Leakage Through HTTP GET
Summary
Found At
https://skidbooter.com/phpmyadmin/
CVSS
3.9 of 10.0
Request Headers
GET /phpmyadmin/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383c400cd96b6d-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:01:10 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:00:07 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
Content-Encoding gzip
Set-Cookie phpMyAdmin=7r9g3tef4h2mgv0bi762uhstc86kedon; path=/phpmyadmin/;
secure; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:01:10 +0000
Content-Type text/html; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
<form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
value=""><input type="hidden" name="table" value=""><input type="hidden" name="lang"
value="en"><input type="hidden" name="collation_connection" value="utf8_general_ci"><input
type="hidden" name="token" value="bf688cd605ca26c573f7780ba004d76e"><fieldset><legend
lang="en" dir="ltr">Language</legend><select name="lang" class="autosubmit" lang="en"
dir="ltr" id="sel-lang"><option
value="ar">&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577; - Arabic<option
value="az">Az&#601;rbaycanca - Azerbaijani<option
value="bg">&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080; -
Bulgarian<option value="bn">????? - Bangla<option value="ca">Catal&agrave; -
Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
value="de">Deutsch - German<option
value="el">&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940; - Greek<option
value="en" selected="selected">English<option value="en_GB">English (United
Kingdom)<option value="es">Espa&ntilde;ol - Spanish<option value="et">Eesti -
Estonian<option value="fi">Suomi - Finnish<option value="fr">Fran&ccedil;ais - French<option
value="gl">Galego - Galician<option
value="hi">&#2361;&#2367;&#2344;&#2381;&#2342;&#2368; - Hindi<option
value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
value="ja">&#26085;&#26412;&#35486; - Japanese<option
value="ko">&#54620;&#44397;&#50612; - Korean<option value="lt">Lietuvi&#371; -
Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
value="pl">Polski - Polish<option value="pt">Portugu&ecirc;s - Portuguese<option
value="pt_BR">Portugu&ecirc;s - Brazilian portuguese<option value="ro">Rom&acirc;n&#259; -
Romanian<option value="ru">&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; -
Russian<option value="si">&#3523;&#3538;&#3458;&#3524;&#3517; - Sinhala<option
value="sk">Sloven&#269;ina - Slovak<option value="sl">Sloven&scaron;&#269;ina -
Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
Swedish<option value="tr">T&uuml;rk&ccedil;e - Turkish<option
value="uk">&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1089;&#1100;&#1082;&#1072;
- Ukrainian<option value="uz">&#1038;&#1079;&#1073;&#1077;&#1082;&#1095;&#1072; -
Uzbek-cyrillic<option value="uz@latin">O&lsquo;zbekcha - Uzbek-latin<option
value="zh_CN">&#20013;&#25991; - Chinese simplified<option
value="zh_TW">&#20013;&#25991; - Chinese traditional</select></fieldset></form>
Resources
REMEDIATION - Detectify Support Center - CSRF
MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
VIDEO - What is a CSRF?
1. CSRF Token Leakage Through HTTP GET
Summary
Found At
https://skidbooter.com/phpmyadmin/index.php
CVSS
3.9 of 10.0
Request Headers
GET
/phpmyadmin/index.php?db=&table=&token=5ffe82f52c3eb64dc8d984adc59d613a&lang=ko
HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f384197ae796a67-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:04:49 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:03:46 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
Content-Encoding gzip
Set-Cookie pma_lang=ko; expires=Thu, 29-Mar-2018 04:04:49 GMT; Max-Age=2592000;
path=/phpmyadmin/; secure; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:04:49 +0000
Content-Type text/html; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
<form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
value=""><input type="hidden" name="table" value=""><input type="hidden" name="token"
value="846ca674e79a22754971ed20bd51705f"><fieldset><legend lang="en" dir="ltr">?? -
<em>Language</em></legend><select name="lang" class="autosubmit" lang="en" dir="ltr"
id="sel-lang"><option value="ar">&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577; -
Arabic<option value="az">Az&#601;rbaycanca - Azerbaijani<option
value="bg">&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080; -
Bulgarian<option value="bn">????? - Bangla<option value="ca">Catal&agrave; -
Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
value="de">Deutsch - German<option
value="el">&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940; - Greek<option
value="en">English<option value="en_GB">English (United Kingdom)<option
value="es">Espa&ntilde;ol - Spanish<option value="et">Eesti - Estonian<option
value="fi">Suomi - Finnish<option value="fr">Fran&ccedil;ais - French<option
value="gl">Galego - Galician<option
value="hi">&#2361;&#2367;&#2344;&#2381;&#2342;&#2368; - Hindi<option
value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
value="ja">&#26085;&#26412;&#35486; - Japanese<option value="ko"
selected="selected">&#54620;&#44397;&#50612; - Korean<option value="lt">Lietuvi&#371; -
Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
value="pl">Polski - Polish<option value="pt">Portugu&ecirc;s - Portuguese<option
value="pt_BR">Portugu&ecirc;s - Brazilian portuguese<option value="ro">Rom&acirc;n&#259; -
Romanian<option value="ru">&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; -
Russian<option value="si">&#3523;&#3538;&#3458;&#3524;&#3517; - Sinhala<option
value="sk">Sloven&#269;ina - Slovak<option value="sl">Sloven&scaron;&#269;ina -
Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
Swedish<option value="tr">T&uuml;rk&ccedil;e - Turkish<option
value="uk">&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1089;&#1100;&#1082;&#1072;
- Ukrainian<option value="uz">&#1038;&#1079;&#1073;&#1077;&#1082;&#1095;&#1072; -
Uzbek-cyrillic<option value="uz@latin">O&lsquo;zbekcha - Uzbek-latin<option
value="zh_CN">&#20013;&#25991; - Chinese simplified<option
value="zh_TW">&#20013;&#25991; - Chinese traditional</select></fieldset></form>
Resources
REMEDIATION - Detectify Support Center - CSRF
MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
VIDEO - What is a CSRF?
Technology Disclosure
What does this mean?
The HTTP server discloses what type of technology that is currently used on the HTTP-server.
here (http://support.detectify.com/customer/portal/articles/2792281-technology-disclosure).
What can happen?
An attacker can use that information to look up known vulnerabilities in the specific technology and
then use them against the website.
Summary
Entry Found at CVSS
1 http://skidbooter.com/icons/README 2.9
2 https://skidbooter.com/icons/README 2.9
1. Technology Disclosure
Summary
Found At
http://skidbooter.com/icons/README
CVSS
2.9 of 10.0
Request Headers
GET /icons/README HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Host skidbooter.com
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
cf_ob_info=521:3f3887c807dd69fb:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Accept-Encoding gzip, deflate
Response Headers
HTTP/ 1.1 200 OK
Connection keep-alive
CF-RAY 3f3887df65f76a19-LHR
Accept-Ranges bytes
Content-Length 5108
Date Tue, 27 Feb 2018 04:51:45 GMT
ETag "13f4-438c034968a80"
Last-Modified Tue, 28 Aug 2007 10:47:54 GMT
Server cloudflare
Technology
By observing the checksums of the files accessible from /icons/ it's possible to work out what
versions of Apache that is used. You can reconfigure your Apache setup to disable access to
/icons/.
Technology
Public Domain Icons
 These icons were originally made for Mosaic for X and have been
 included in the NCSA httpd and Apache server distributions in the
 past. They are in the public domain and may be freely included in any
 application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
 Andy Polyakov tuned the icon colors and added a few new images.
 If you'd like to contribute additions to this set, contact the httpd
 documentation project <http://httpd.apache.org/docs-project/>.
 Almost all of these icons are 20x22 pixels in size. There are
 alternative icons in the "small" directory that are 16x16 in size,
 provided by Mike Brown (mike@hyperreal.org).
Suggested Uses
The following are a few suggestions, to serve as a starting point for ideas.
Please feel free to tweak and rename the icons as you like.
 a.gif
 This might be used to represent PostScript or text layout
 languages.
 alert.black.gif, alert.red.gif
 These can be used to highlight any important items, such as a
 README file in a directory.
 back.gif, forward.gif
 These can be used as links to go to previous and next areas.
 ball.gray.gif, ball.red.gif
 These might be used as bullets.
 binary.gif
 This can be used to represent binary files.
 binhex.gif
 This can represent BinHex-encoded data.
 blank.gif
 This can be used as a placeholder or a spacing element.
 bomb.gif
 This can be used to represent core files.
 box1.gif, box2.gif
 These icons can be used to represent generic 3D applications and
 related files.
 broken.gif
 This can represent corrupted data.
 burst.gif
 This can call attention to new and important items.
 c.gif
 This might represent C source code.
 comp.blue.gif, comp.gray.gif
 These little computer icons can stand for telnet or FTP
 sessions.
 compressed.gif
 This may represent compressed data.
 continued.gif
 This can be a link to a continued listing of a directory.
 down.gif, up.gif, left.gif, right.gif
 These can be used to scroll up, down, left and right in a
 listing or may be used to denote items in an outline.
 dir.gif
 Identical to folder.gif below.
 diskimg.gif
 This can represent floppy disk storage.
 dvi.gif
 This can represent DVI files.
 f.gif
 This might represent FORTRAN or Forth source code.
 folder.gif, folder.open.gif, folder.sec.gif
 The folder can represent directories. There is also a version
 that can represent secure directories or directories that cannot
 be viewed.
 generic.gif, generic.sec.gif, generic.red.gif
 These can represent generic files, secure files, and important
 files, respectively.
 hand.right.gif, hand.up.gif
 These can point out important items (pun intended).
 image1.gif, image2.gif, image3.gif
 These can represent image formats of various types.
 index.gif
 This might represent a WAIS index or search facility.
 layout.gif
 This might represent files and formats that contain graphics as
 well as text layout, such as HTML and PDF files.
 link.gif
 This might represent files that are symbolic links.
 movie.gif
 This can represent various movie formats.
 p.gif
 This may stand for Perl or Python source code.
 pie0.gif ... pie8.gif
 These icons can be used in applications where a list of
 documents is returned from a search. The little pie chart images
 can denote how relevant the documents may be to your search
 query.
 patch.gif
 This may stand for patches and diff files.
 portal.gif
 This might be a link to an online service or a 3D world.
 pdf.gif, ps.gif, quill.gif
 These may represent PDF and PostScript files.
 screw1.gif, screw2.gif
 These may represent CAD or engineering data and formats.
 script.gif
 This can represent any of various interpreted languages, such as
 Perl, python, TCL, and shell scripts, as well as server
 configuration files.
 sound1.gif, sound2.gif
 These can represent sound files.
 sphere1.gif, sphere2.gif
 These can represent 3D worlds or rendering applications and
 formats.
 tar.gif
 This can represent TAR archive files.
 tex.gif
 This can represent TeX files.
 text.gif
 This can represent generic (plain) text files.
 transfer.gif
 This can represent FTP transfers or uploads/downloads.
 unknown.gif
 This may represent a file of an unknown type.
 uu.gif, uuencoded.gif
 This can stand for uuencoded data.
 world1.gif, world2.gif
 These can represent 3D worlds or other 3D formats.
Resources
REMEDIATION - Detectify Support Center - Technology Disclosure
MISC - Removal of the /var/www/icons alias from Apache config
MISC - Hardening an Apache Server
MISC - Apache hardening cheat sheet
1. Technology Disclosure
Summary
Found At
https://skidbooter.com/icons/README
CVSS
2.9 of 10.0
Request Headers
GET /icons/README HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Host skidbooter.com
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
cf_ob_info=521:3f3887e6e64169fb:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Accept-Encoding gzip, deflate
Response Headers
HTTP/ 1.1 200 OK
Connection keep-alive
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
CF-RAY 3f3887e928be69fb-LHR
Accept-Ranges bytes
Content-Length 5108
Date Tue, 27 Feb 2018 04:51:46 GMT
ETag "13f4-438c034968a80"
Last-Modified Tue, 28 Aug 2007 10:47:54 GMT
Server cloudflare
Technology
By observing the checksums of the files accessible from /icons/ it's possible to work out what
versions of Apache that is used. You can reconfigure your Apache setup to disable access to
/icons/.
Technology
Public Domain Icons
 These icons were originally made for Mosaic for X and have been
 included in the NCSA httpd and Apache server distributions in the
 past. They are in the public domain and may be freely included in any
 application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
 Andy Polyakov tuned the icon colors and added a few new images.
 If you'd like to contribute additions to this set, contact the httpd
 documentation project <http://httpd.apache.org/docs-project/>.
 Almost all of these icons are 20x22 pixels in size. There are
 alternative icons in the "small" directory that are 16x16 in size,
 provided by Mike Brown (mike@hyperreal.org).
Suggested Uses
The following are a few suggestions, to serve as a starting point for ideas.
Please feel free to tweak and rename the icons as you like.
 a.gif
 This might be used to represent PostScript or text layout
 languages.
 alert.black.gif, alert.red.gif
 These can be used to highlight any important items, such as a
 README file in a directory.
 back.gif, forward.gif
 These can be used as links to go to previous and next areas.
 ball.gray.gif, ball.red.gif
 These might be used as bullets.
 binary.gif
 This can be used to represent binary files.
 binhex.gif
 This can represent BinHex-encoded data.
 blank.gif
 This can be used as a placeholder or a spacing element.
 bomb.gif
 This can be used to represent core files.
 box1.gif, box2.gif
 These icons can be used to represent generic 3D applications and
 related files.
 broken.gif
 This can represent corrupted data.
 burst.gif
 This can call attention to new and important items.
 c.gif
 This might represent C source code.
 comp.blue.gif, comp.gray.gif
 These little computer icons can stand for telnet or FTP
 sessions.
 compressed.gif
 This may represent compressed data.
 continued.gif
 This can be a link to a continued listing of a directory.
 down.gif, up.gif, left.gif, right.gif
 These can be used to scroll up, down, left and right in a
 listing or may be used to denote items in an outline.
 dir.gif
 Identical to folder.gif below.
 diskimg.gif
 This can represent floppy disk storage.
 dvi.gif
 This can represent DVI files.
 f.gif
 This might represent FORTRAN or Forth source code.
 folder.gif, folder.open.gif, folder.sec.gif
 The folder can represent directories. There is also a version
 that can represent secure directories or directories that cannot
 be viewed.
 generic.gif, generic.sec.gif, generic.red.gif
 These can represent generic files, secure files, and important
 files, respectively.
 hand.right.gif, hand.up.gif
 These can point out important items (pun intended).
 image1.gif, image2.gif, image3.gif
 These can represent image formats of various types.
 index.gif
 This might represent a WAIS index or search facility.
 layout.gif
 This might represent files and formats that contain graphics as
 well as text layout, such as HTML and PDF files.
 link.gif
 This might represent files that are symbolic links.
 movie.gif
 This can represent various movie formats.
 p.gif
 This may stand for Perl or Python source code.
 pie0.gif ... pie8.gif
 These icons can be used in applications where a list of
 documents is returned from a search. The little pie chart images
 can denote how relevant the documents may be to your search
 query.
 patch.gif
 This may stand for patches and diff files.
 portal.gif
 This might be a link to an online service or a 3D world.
 pdf.gif, ps.gif, quill.gif
 These may represent PDF and PostScript files.
 screw1.gif, screw2.gif
 These may represent CAD or engineering data and formats.
 script.gif
 This can represent any of various interpreted languages, such as
 Perl, python, TCL, and shell scripts, as well as server
 configuration files.
 sound1.gif, sound2.gif
 These can represent sound files.
 sphere1.gif, sphere2.gif
 These can represent 3D worlds or rendering applications and
 formats.
 tar.gif
 This can represent TAR archive files.
 tex.gif
 This can represent TeX files.
 text.gif
 This can represent generic (plain) text files.
 transfer.gif
 This can represent FTP transfers or uploads/downloads.
 unknown.gif
 This may represent a file of an unknown type.
 uu.gif, uuencoded.gif
 This can stand for uuencoded data.
 world1.gif, world2.gif
 These can represent 3D worlds or other 3D formats.
Resources
REMEDIATION - Detectify Support Center - Technology Disclosure
MISC - Removal of the /var/www/icons alias from Apache config
MISC - Hardening an Apache Server
MISC - Apache hardening cheat sheet
Script Integrity Attribute Not Implemented
What does this mean?
JavaScript files loaded from another domain should be verified using the integrity attribute.
What can happen?
If the contents loaded from another domain is not verified the browser will execute the contents without
verifying with a correct hash.
Summary
Entry Found at CVSS
1 http://skidbooter.com/net/ 2.7
2 http://skidbooter.com/register.php 2.7
3 https://skidbooter.com/net/ 2.7
4 https://skidbooter.com/register.php 2.7
1. Script Integrity Attribute Not Implemented
Summary
Found At
http://skidbooter.com/net/
CVSS
2.7 of 10.0
Script tags with content from domains are not using any integrity attributes.
<script type="text/javascript" src="https://ipinfo.info/ip/js.php"></script>
<script src="https://embed.selly.gg"></script>
Resources
MOZILLA - Subresource Integrity
W3 - Subresource Integrity
MISC - SRI Hash Generator
MISC - Protecting your embedded content with subresource integrity (SRI)
1. Script Integrity Attribute Not Implemented
Summary
Found At
http://skidbooter.com/register.php
CVSS
2.7 of 10.0
A script tag with content from another domain is not using an integrity attribute.
<script src='https://www.google.com/recaptcha/api.js'></script>
Resources
MOZILLA - Subresource Integrity
W3 - Subresource Integrity
MISC - SRI Hash Generator
MISC - Protecting your embedded content with subresource integrity (SRI)
1. Script Integrity Attribute Not Implemented
Summary
Found At
https://skidbooter.com/net/
CVSS
2.7 of 10.0
Script tags with content from domains are not using any integrity attributes.
<script type="text/javascript" src="https://ipinfo.info/ip/js.php"></script>
<script src="https://embed.selly.gg"></script>
Resources
MOZILLA - Subresource Integrity
W3 - Subresource Integrity
MISC - SRI Hash Generator
MISC - Protecting your embedded content with subresource integrity (SRI)
1. Script Integrity Attribute Not Implemented
Summary
Found At
https://skidbooter.com/register.php
CVSS
2.7 of 10.0
A script tag with content from another domain is not using an integrity attribute.
<script src='https://www.google.com/recaptcha/api.js'></script>
Resources
MOZILLA - Subresource Integrity
W3 - Subresource Integrity
MISC - SRI Hash Generator
MISC - Protecting your embedded content with subresource integrity (SRI)
Invalid HTML Content
What does this mean?
When creating endpoints for data, it's common to forget to set the Content-Type to a correct one, such
as application/javascript or application/json. The default Content-Type in common webservers is
text/html which will try to parse the content as HTML. By not setting the Content-Type yourself, you
might risk getting the browser to parse data that should not be parsed.
here (http://support.detectify.com/customer/portal/articles/2792289-invalid-html-content).
What can happen?
If an attacker can control the data of this output, and there's no proper sanitization in place, the content
will render as HTML, thus creating a possibility of Cross-site Scripting. There are also examples where
the endpoint is able to activate JSONP (which will wrap the JSON-data with a callback function). If this
callback function, often provided by the GET-parameter ?callback=, is also not properly sanitized in
combination with wrong Content-Type, you will be able to trigger an XSS just by adding
?callback=<script>alert(1)</script> in the URL.
Summary
Entry Found at CVSS
1 http://skidbooter.com/header.php 1.8
2 https://skidbooter.com/header.php 1.8
1. Invalid HTML Content
Summary
Found At
http://skidbooter.com/header.php
CVSS
1.8 of 10.0
Command
curl "http://skidbooter.com/header.php" | head
Request Headers
GET /header.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383d9890f16ba3-LHR
Connection keep-alive
Content-Encoding gzip
Date Tue, 27 Feb 2018 04:01:02 GMT
Content-Type text/html; charset=UTF-8
Content was returned as HTML but is not valid. This might indicate that the Content Type is wrong.
Access denied
Resources
REMEDIATION - Detectify Support Center - Invalid HTML Content
1. Invalid HTML Content
Summary
Found At
https://skidbooter.com/header.php
CVSS
1.8 of 10.0
Command
curl "https://skidbooter.com/header.php" | head
Request Headers
GET /header.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383f81999908d8-LHR
Connection keep-alive
Content-Encoding gzip
Date Tue, 27 Feb 2018 04:02:21 GMT
Content-Type text/html; charset=UTF-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Content was returned as HTML but is not valid. This might indicate that the Content Type is wrong.
Access denied
Resources
REMEDIATION - Detectify Support Center - Invalid HTML Content
Referrer-Policy Not Implemented
What does this mean?
No referrer policy was found in the response and browsers will therefore use their default referrer
policy.
What can happen?
Browsers may send sensitive information if it is stored in the URL to external websites.
Summary
Entry Found at CVSS
1 http://skidbooter.com:2082/ 1.8
2 http://skidbooter.com:8080/ 1.8
3 http://skidbooter.com:8880/ 1.8
4 https://skidbooter.com:2083/ 1.8
5 https://skidbooter.com:8443/ 1.8
1. Referrer-Policy Not Implemented
Summary
Found At
http://skidbooter.com:2082/
CVSS
1.8 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Host skidbooter.com:2082
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
cf_ob_info=521:3f388765868669f5:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Response Headers
HTTP/ 1.1 521 Origin Down
Transfer-Encoding chunked
Connection keep-alive
Pragma no-cache
X-Frame-Options SAMEORIGIN
CF-RAY 3f38876913ae6b6d-LHR
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type text/html; charset=UTF-8
Date Tue, 27 Feb 2018 04:51:26 GMT
Expires Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:56 GMT; path=/
Server cloudflare
Resources
OWASP - Referrer-Policy
MOZILLA - Referrer-Policy
MOZILLA - Tighter Control Over Your Referrers
MISC - A new security header: Referrer Policy
MISC - Using CORS policies to implement CSRF protection
W3C - Referrer Policy
1. Referrer-Policy Not Implemented
Summary
Found At
http://skidbooter.com:8080/
CVSS
1.8 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Host skidbooter.com:8080
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
cf_ob_info=521:3f38877d243c69f5:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Response Headers
HTTP/ 1.1 521 Origin Down
Transfer-Encoding chunked
Connection keep-alive
Pragma no-cache
X-Frame-Options SAMEORIGIN
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type text/html; charset=UTF-8
Date Tue, 27 Feb 2018 04:51:29 GMT
Expires Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie cf_use_ob=8080; expires=Tue, 27-Feb-18 04:51:59 GMT;
path=/,cf_ob_info=521:3f38877df46a69f5:LHR; expires=Tue, 27-Feb-18
04:51:59 GMT; path=/
Server cloudflare
CF-RAY 3f38877df46a69f5-LHR
Resources
OWASP - Referrer-Policy
MOZILLA - Referrer-Policy
MOZILLA - Tighter Control Over Your Referrers
MISC - A new security header: Referrer Policy
MISC - Using CORS policies to implement CSRF protection
W3C - Referrer Policy
1. Referrer-Policy Not Implemented
Summary
Found At
http://skidbooter.com:8880/
CVSS
1.8 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Host skidbooter.com:8880
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
cf_ob_info=521:3f38877df46a69f5:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Response Headers
HTTP/ 1.1 521 Origin Down
Transfer-Encoding chunked
Connection keep-alive
Pragma no-cache
X-Frame-Options SAMEORIGIN
CF-RAY 3f38877f01ed6abb-LHR
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type text/html; charset=UTF-8
Date Tue, 27 Feb 2018 04:51:29 GMT
Expires Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:59 GMT; path=/
Server cloudflare
Resources
OWASP - Referrer-Policy
MOZILLA - Referrer-Policy
MOZILLA - Tighter Control Over Your Referrers
MISC - A new security header: Referrer Policy
MISC - Using CORS policies to implement CSRF protection
W3C - Referrer Policy
1. Referrer-Policy Not Implemented
Summary
Found At
https://skidbooter.com:2083/
CVSS
1.8 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Host skidbooter.com:2083
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=8080;
cf_ob_info=521:3f38877d243c69f5:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Response Headers
HTTP/ 1.1 521 Origin Down
Transfer-Encoding chunked
Connection keep-alive
Pragma no-cache
X-Frame-Options SAMEORIGIN
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
CF-RAY 3f38877dbd226b7f-LHR
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type text/html; charset=UTF-8
Date Tue, 27 Feb 2018 04:51:29 GMT
Expires Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:59 GMT; path=/
Server cloudflare
Resources
OWASP - Referrer-Policy
MOZILLA - Referrer-Policy
MOZILLA - Tighter Control Over Your Referrers
MISC - A new security header: Referrer Policy
MISC - Using CORS policies to implement CSRF protection
W3C - Referrer Policy
1. Referrer-Policy Not Implemented
Summary
Found At
https://skidbooter.com:8443/
CVSS
1.8 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Host skidbooter.com:8443
Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=8080;
cf_ob_info=521:3f388765467669f5:LHR;
__cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
Cache-Control no-store, no-cache
Pragma no-cache
Response Headers
HTTP/ 1.1 521 Origin Down
Transfer-Encoding chunked
Connection keep-alive
Pragma no-cache
X-Frame-Options SAMEORIGIN
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
CF-RAY 3f3887658adf6b67-LHR
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type text/html; charset=UTF-8
Date Tue, 27 Feb 2018 04:51:25 GMT
Expires Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:55 GMT; path=/
Server cloudflare
Resources
OWASP - Referrer-Policy
MOZILLA - Referrer-Policy
MOZILLA - Tighter Control Over Your Referrers
MISC - A new security header: Referrer Policy
MISC - Using CORS policies to implement CSRF protection
W3C - Referrer Policy
Empty Document
What does this mean?
We found resources that appear to be serving HTML, although without any content. This may be an
indication of backend errors or legacy code.
here (http://support.detectify.com/customer/portal/articles/2792028-empty-document).
What can happen?
There is no risk by serving zero sized documents, but it might be worth noticing that the files exist and
that they can be externally accessible.
Summary
Entry Found at CVSS
1 http://skidbooter.com/test.php 0.8
2 https://skidbooter.com/test.php 0.8
1. Empty Document
Summary
Found At
http://skidbooter.com/test.php
CVSS
0.8 of 10.0
Request Headers
GET /test.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383dc9d4266ba3-LHR
Connection keep-alive
Content-Encoding gzip
Date Tue, 27 Feb 2018 04:01:10 GMT
Content-Type text/html; charset=UTF-8
Resources
REMEDIATION - Detectify Support Center - Empty Document
1. Empty Document
Summary
Found At
https://skidbooter.com/test.php
CVSS
0.8 of 10.0
Request Headers
GET /test.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383d6f5e256b6d-LHR
Connection keep-alive
Content-Encoding gzip
Date Tue, 27 Feb 2018 04:00:56 GMT
Content-Type text/html; charset=UTF-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Empty Document
Crawled URL's
What does this mean?
This finding is generated for debugging purposes. A link is associated with this finding containing a
CSV file with all crawled URL's.
What can happen?
A scan might take too long due to representative content on the application. Vulnerabilities may also
be missed if Detectify lack coverage in some area of the application. If you suspect Detectify can
perform better, then take a look at the associated CSV.
Summary
Entry Found at CVSS
1 skidbooter.com 0
1. Crawled URL's
Summary
Found At
skidbooter.com
CVSS
0 of 10.0
Detectify tried to access 941 URL's, 513 of these were identified as unique during crawling and
went through further testing.
Resources
DETECTIFY - Download Crawled URL's CSV
Discovered Host(s)
What does this mean?
Detectify has found the following hosts. This is in no way a vulnerability, but should be considered an
indicator for what has been covered.
here (http://support.detectify.com/customer/portal/articles/2792024-discovered-endpoint).
Summary
Entry Found at CVSS
1 skidbooter.com 0
1. Discovered Host(s)
Summary
Found At
skidbooter.com
CVSS
0 of 10.0
Detectify found and tried to access 1 domain, and have analyzed it for security flaws.
skidbooter.com:
> 104.18.50.60
 80/tcp open
 443/tcp open
 2082/tcp open
 2083/tcp open
 8080/tcp open
 8443/tcp open
 8880/tcp open
 1443/tcp closed
 3000/tcp closed
 3001/tcp closed
 3128/tcp closed
 3790/tcp closed
 4443/tcp closed
 4444/tcp closed
 4502/tcp closed
 4505/tcp closed
 4567/tcp closed
 5000/tcp closed
 5050/tcp closed
 5051/tcp closed
 6443/tcp closed
 7001/tcp closed
 8001/tcp closed
 8069/tcp closed
 8081/tcp closed
 8089/tcp closed
 8090/tcp closed
 8111/tcp closed
 8161/tcp closed
 8181/tcp closed
 8500/tcp closed
 8888/tcp closed
 8983/tcp closed
 9000/tcp closed
 9001/tcp closed
 9002/tcp closed
 9003/tcp closed
 9090/tcp closed
 9200/tcp closed
 11211/tcp closed
 16686/tcp closed
 17000/tcp closed
 61680/tcp closed
 61681/tcp closed
> 104.18.51.60
 80/tcp open
 443/tcp open
 2082/tcp open
 2083/tcp open
 8080/tcp open
 8443/tcp open
 8880/tcp open
 1443/tcp closed
 3000/tcp closed
 3001/tcp closed
 3128/tcp closed
 3790/tcp closed
 4443/tcp closed
 4444/tcp closed
 4502/tcp closed
 4505/tcp closed
 4567/tcp closed
 5000/tcp closed
 5050/tcp closed
 5051/tcp closed
 6443/tcp closed
 7001/tcp closed
 8001/tcp closed
 8069/tcp closed
 8081/tcp closed
 8089/tcp closed
 8090/tcp closed
 8111/tcp closed
 8161/tcp closed
 8181/tcp closed
 8500/tcp closed
 8888/tcp closed
 8983/tcp closed
 9000/tcp closed
 9001/tcp closed
 9002/tcp closed
 9003/tcp closed
 9090/tcp closed
 9200/tcp closed
 11211/tcp closed
 16686/tcp closed
 17000/tcp closed
 61680/tcp closed
 61681/tcp closed
> 2400:cb00:2048:1::6812:323c
 80/tcp closed
 443/tcp closed
 1443/tcp closed
 2082/tcp closed
 2083/tcp closed
 3000/tcp closed
 3001/tcp closed
 3128/tcp closed
 3790/tcp closed
 4443/tcp closed
 4444/tcp closed
 4502/tcp closed
 4505/tcp closed
 4567/tcp closed
 5000/tcp closed
 5050/tcp closed
 5051/tcp closed
 6443/tcp closed
 7001/tcp closed
 8001/tcp closed
 8069/tcp closed
 8080/tcp closed
 8081/tcp closed
 8089/tcp closed
 8090/tcp closed
 8111/tcp closed
 8161/tcp closed
 8181/tcp closed
 8443/tcp closed
 8500/tcp closed
 8880/tcp closed
 8888/tcp closed
 8983/tcp closed
 9000/tcp closed
 9001/tcp closed
 9002/tcp closed
 9003/tcp closed
 9090/tcp closed
 9200/tcp closed
 11211/tcp closed
 16686/tcp closed
 17000/tcp closed
 61680/tcp closed
 61681/tcp closed
> 2400:cb00:2048:1::6812:333c
 80/tcp closed
 443/tcp closed
 1443/tcp closed
 2082/tcp closed
 2083/tcp closed
 3000/tcp closed
 3001/tcp closed
 3128/tcp closed
 3790/tcp closed
 4443/tcp closed
 4444/tcp closed
 4502/tcp closed
 4505/tcp closed
 4567/tcp closed
 5000/tcp closed
 5050/tcp closed
 5051/tcp closed
 6443/tcp closed
 7001/tcp closed
 8001/tcp closed
 8069/tcp closed
 8080/tcp closed
 8081/tcp closed
 8089/tcp closed
 8090/tcp closed
 8111/tcp closed
 8161/tcp closed
 8181/tcp closed
 8443/tcp closed
 8500/tcp closed
 8880/tcp closed
 8888/tcp closed
 8983/tcp closed
 9000/tcp closed
 9001/tcp closed
 9002/tcp closed
 9003/tcp closed
 9090/tcp closed
 9200/tcp closed
 11211/tcp closed
 16686/tcp closed
 17000/tcp closed
 61680/tcp closed
 61681/tcp closed
Email Enumeration
What does this mean?
The web site reveals one or more email addresses in plain text.
here (http://support.detectify.com/customer/portal/articles/2792087-email-enumeration).
What can happen?
Spammers can easily gather these email addresess and use them in spam campaigns. An attacker
may also use those email adressess for spear phishing and other attacks.
Summary
Entry Found at CVSS
1 http://skidbooter.com/phpmyadmin/js/get_scripts.js.php 0
1. Email Enumeration
Summary
Found At
http://skidbooter.com/phpmyadmin/js/get_scripts.js.php
CVSS
0 of 10.0
Request Headers
GET /phpmyadmin/js/get_scripts.js.php?token=f10a2fcd6f4ab975dff1359e7001ccb5&scripts%5
B%5D=jquery/jquery-1.8.3.min.js&scripts%5B%5D=ajax.js&scripts%5B%5D=keyhandler.js&scri
pts%5B%5D=jquery/jquery-ui-1.9.2.custom.min.js&scripts%5B%5D=jquery/jquery.sprintf.js&scri
pts%5B%5D=jquery/jquery.cookie.js&scripts%5B%5D=jquery/jquery.mousewheel.js&scripts%5
B%5D=jquery/jquery.event.drag-2.2.js&scripts%5B%5D=jquery/jquery-ui-timepicker-addon.js&s
cripts%5B%5D=jquery/jquery.ba-hashchange-1.3.js&scripts%5B%5D=jquery/jquery.debounce-1
.0.5.js&scripts%5B%5D=jquery/jquery.menuResizer-1.0.js&scripts%5B%5D=cross_framing_prot
ection.js&scripts%5B%5D=rte.js&scripts%5B%5D=tracekit/tracekit.js&scripts%5B%5D=error_re
port.js&scripts%5B%5D=doclinks.js&scripts%5B%5D=functions.js&scripts%5B%5D=navigation.
js&scripts%5B%5D=indexes.js&scripts%5B%5D=common.js&scripts%5B%5D=codemirror/lib/c
odemirror.js&scripts%5B%5D=codemirror/mode/sql/sql.js&scripts%5B%5D=codemirror/addon/r
unmode/runmode.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/phpmyadmin/index.php?db=&table=&lang=en&collation
_connection=utf8_general_ci&token=561988dc337f5e14462e9e1d9d786982&
lang=pt
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f38478d343e6a61-LHR
Connection keep-alive
Content-Encoding gzip
Expires Tue, 27 Feb 2018 05:08:53 GMT
Date Tue, 27 Feb 2018 04:07:50 GMT
Content-Type text/javascript; charset=UTF-8
Email
alpha@zforms.ru
Email
klaus.hartl@stilbuero.de
Resources
REMEDIATION - Detectify Support Center - Email enumeration
External Resources
What does this mean?
The web site includes resources hosted on an external domain (without utilising SRI).
knowledge base (https://support.detectify.com/customer/portal/articles/2792106-external-resources).
here (https://blog.detectify.com/2016/10/27/cdns-minimize-damages-if-the-cdn-is-hacked/), from the
title 'Integrity attribute' and then the rest of the article.
What can happen?
The owner of the domain the resources are loaded from has control of the resources and can change it
without the owner of the web site knowing. By doing so, the owner of the domain the resources are
loaded from can also affect the web site loading the resources.
This could be done by the owner of the external domain or an attacker who manages to hack it.
Summary
Entry Found at CVSS
1 http://skidbooter.com/net/ 0
2 http://skidbooter.com/register.php 0
1. External Resources
Summary
Found At
http://skidbooter.com/net/
CVSS
0 of 10.0
Request Headers
GET /net/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383d7951fd6ba3-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Last-Modified Tue, 27 Feb 2018 00:24:20 GMT
Date Tue, 27 Feb 2018 04:00:57 GMT
Content-Type text/html
https://ipinfo.info/ip/js.php
https://embed.selly.gg/
Resources
REMEDIATION - Detectify Support Center - External Resources
1. External Resources
Summary
Found At
http://skidbooter.com/register.php
CVSS
0 of 10.0
Request Headers
GET /register.php HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Cache-Control no-store, no-cache, must-revalidate
Server cloudflare
CF-RAY 3f383f06059e6a9d-LHR
Connection keep-alive
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 19 Nov 1981 08:52:00 GMT
Pragma no-cache
Date Tue, 27 Feb 2018 04:02:01 GMT
Content-Type text/html; charset=UTF-8
https://www.google.com/recaptcha/api.js
Resources
REMEDIATION - Detectify Support Center - External Resources
Fingerprinted Software
What does this mean?
When Detectify audits an application, it collects various fingerprints that indicate what software is
running. These fingerprints then allow Detectify to run specific tests when the time is right.
Please make sure Detectify provide accurate data for these fingerprints, by sending us a message in
the feedback form on the finding details page.
What can happen?
Invalid fingerprints may cause a audit to take longer, and the lack of fingerprints may cause Detectify
to miss running specific tests.
Summary
Entry Found at CVSS
1 http://skidbooter.com/ 0
2 https://skidbooter.com/ 0
1. Fingerprinted Software
Summary
Found At
http://skidbooter.com/
CVSS
0 of 10.0
Vendor: apache
Software: http_server
Confidence: 100
Software: jquery
Version: 2.1.4
Confidence: 100
Resources
DETECTIFY - An intelligent way to look for vulnerabilities
DETECTIFY - What's under the hood
1. Fingerprinted Software
Summary
Found At
https://skidbooter.com/
CVSS
0 of 10.0
Vendor: apache
Software: http_server
Confidence: 100
Software: jquery
Version: 2.1.4
Confidence: 100
Resources
DETECTIFY - An intelligent way to look for vulnerabilities
DETECTIFY - What's under the hood
HTML Comments
What does this mean?
knowledge base (http://support.detectify.com/customer/en/portal/articles/2243487-html-comments).
What can happen?
The snippets of code within comments will remain inactive until you remove the comment brackets.
The comments might also contain sensitive information not meant for the public.
Summary
Entry Found at CVSS
1 http://skidbooter.com/phpmyadmin/ 0
2 http://skidbooter.com:8080/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWH
VDRMj0.js
0
1. HTML Comments
Summary
Found At
http://skidbooter.com/phpmyadmin/
CVSS
0 of 10.0
<!-- Login form -->
Resources
REMEDIATION - Detectify Support Center - HTML Comments
1. HTML Comments
Summary
Found At
http://skidbooter.com:8080/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWH
VDRMj0.js
CVSS
0 of 10.0
<!-- /.error-overview -->
<!-- /.status-display -->
<!-- /.section -->
<!-- /.error-footer -->
<!-- /#cf-error-details -->
<!-- /#cf-wrapper -->
Resources
REMEDIATION - Detectify Support Center - HTML Comments
Lacking DMARC Policy
What does this mean?
The domain lacks a DMARC policy.
our knowledge base
(http://support.detectify.com/customer/en/portal/articles/2466214-missing-insufficient-dmarc-record).
What can happen?
An attacker will be able to spoof emails originating from any subdomain having either an A, AAAA or
MX record. In most clients, this is possible regardless of whether SPF policies are in place.
Summary
Entry Found at CVSS
1 _dmarc.skidbooter.com 0
1. Lacking DMARC Policy
Summary
Found At
_dmarc.skidbooter.com
CVSS
0 of 10.0
Command
nslookup.exe -type=TXT _dmarc.skidbooter.com
Consider adding a DMARC policy on _dmarc.skidbooter.com and set the directive "p" to "reject".
Resources
REMEDIATION - Detectify Support Center - Missing/insufficient DMARC record
DETECTIFY - Misconfigured email servers open the door to spoofed emails from top domains
DETECTIFY - How to identify a phishing email
Missing Content Type
What does this mean?
The file is being served with a lacking content type header.
here (http://support.detectify.com/customer/portal/articles/2792285-missing-content-type).
What can happen?
It may be possible to conduct XSS attacks against Internet Exporer users, as Internet Explorer
recognizes files served with lacking content type as HTML.
Summary
Entry Found at CVSS
1 http://skidbooter.com/assets/fonts/fontawesome-webfont.woff2 0
2 http://skidbooter.com/assets/fonts/glyphicons-halflings-regular.woff2 0
3 http://skidbooter.com/error.log 0
4 http://skidbooter.com/error_log 0
5 https://skidbooter.com/error.log 0
6 https://skidbooter.com/error_log 0
1. Missing Content Type
Summary
Found At
http://skidbooter.com/assets/fonts/fontawesome-webfont.woff2
CVSS
0 of 10.0
Request Headers
GET /assets/fonts/fontawesome-webfont.woff2 HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
Server cloudflare
CF-RAY 3f38596c864469d7-LHR
ETag "ddcc-5471db94ce000"
Connection keep-alive
Vary Accept-Encoding
Last-Modified Sat, 28 Jan 2017 01:44:32 GMT
Expires Tue, 27 Feb 2018 08:20:02 GMT
Content-Length 56780
Date Tue, 27 Feb 2018 04:20:02 GMT
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
1. Missing Content Type
Summary
Found At
http://skidbooter.com/assets/fonts/glyphicons-halflings-regular.woff2
CVSS
0 of 10.0
Request Headers
GET /assets/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
Server cloudflare
CF-RAY 3f38596e56a869d7-LHR
ETag "466c-5471db92e5b80"
Connection keep-alive
Vary Accept-Encoding
Last-Modified Sat, 28 Jan 2017 01:44:30 GMT
Expires Tue, 27 Feb 2018 08:20:02 GMT
Content-Length 18028
Date Tue, 27 Feb 2018 04:20:02 GMT
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
1. Missing Content Type
Summary
Found At
http://skidbooter.com/error.log
CVSS
0 of 10.0
Request Headers
GET /error.log HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
Server cloudflare
CF-RAY 3f383d52c1756ba3-LHR
ETag "3cc-565d91d0074f1"
Connection keep-alive
Last-Modified Fri, 23 Feb 2018 03:54:12 GMT
Content-Length 972
Date Tue, 27 Feb 2018 04:00:51 GMT
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
1. Missing Content Type
Summary
Found At
http://skidbooter.com/error_log
CVSS
0 of 10.0
Request Headers
GET /error_log HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
Server cloudflare
CF-RAY 3f383ee017246a9d-LHR
ETag "426f7-548d5e793a480"
Connection keep-alive
Last-Modified Sat, 18 Feb 2017 22:53:54 GMT
Content-Length 272119
Date Tue, 27 Feb 2018 04:01:55 GMT
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
1. Missing Content Type
Summary
Found At
https://skidbooter.com/error.log
CVSS
0 of 10.0
Request Headers
GET /error.log HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
Server cloudflare
CF-RAY 3f383ee22ab408d8-LHR
ETag "3cc-565d91d0074f1"
Connection keep-alive
Last-Modified Fri, 23 Feb 2018 03:54:12 GMT
Content-Length 972
Date Tue, 27 Feb 2018 04:01:55 GMT
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
1. Missing Content Type
Summary
Found At
https://skidbooter.com/error_log
CVSS
0 of 10.0
Request Headers
GET /error_log HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Accept-Ranges bytes
Server cloudflare
CF-RAY 3f383d532d676b6d-LHR
ETag "426f7-548d5e793a480"
Connection keep-alive
Last-Modified Sat, 18 Feb 2017 22:53:54 GMT
Content-Length 272119
Date Tue, 27 Feb 2018 04:00:51 GMT
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Missing Content Type
MOZILLA - Incomplete list of MIME types
MOZILLA - MIME types
Remote Administration Portal
What does this mean?
A remote administration interface has been found.
here (http://support.detectify.com/customer/portal/articles/2792091-remote-administration-portal).
Summary
Entry Found at CVSS
1 http://skidbooter.com/phpmyadmin/ 0
2 http://skidbooter.com/phpmyadmin/index.php 0
3 https://skidbooter.com/phpmyadmin/ 0
4 https://skidbooter.com/phpmyadmin/index.php 0
1. Remote Administration Portal
Summary
Found At
http://skidbooter.com/phpmyadmin/
CVSS
0 of 10.0
Request Headers
GET /phpmyadmin/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383dcbd49e6ba3-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:01:11 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:02:13 +0000
Content-Type text/html; charset=utf-8
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>Log in<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
class="icon ic_b_help"></a></legend><div class="item">
 <label for="input_username">Username:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">Password:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
value="561988dc337f5e14462e9e1d9d786982"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Remote Administration Portal
1. Remote Administration Portal
Summary
Found At
http://skidbooter.com/phpmyadmin/index.php
CVSS
0 of 10.0
Request Headers
GET
/phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383f8332976b55-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:02:21 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
*.tile.openstreetmap.org *.tile.opencyclemap.org ;
Content-Encoding gzip
Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
path=/phpmyadmin/; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:03:24 +0000
Content-Type text/html; charset=utf-8
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>Log in<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
class="icon ic_b_help"></a></legend><div class="item">
 <label for="input_username">Username:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">Contrasigno:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="Vade" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="token"
value="ed03f5241d278db93cac7a89eb07c6e2"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Remote Administration Portal
1. Remote Administration Portal
Summary
Found At
https://skidbooter.com/phpmyadmin/
CVSS
0 of 10.0
Request Headers
GET /phpmyadmin/ HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f383c400cd96b6d-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:01:10 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:00:07 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
Content-Encoding gzip
Set-Cookie phpMyAdmin=7r9g3tef4h2mgv0bi762uhstc86kedon; path=/phpmyadmin/;
secure; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:01:10 +0000
Content-Type text/html; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>Log in<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
class="icon ic_b_help"></a></legend><div class="item">
 <label for="input_username">Username:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">Password:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
value="bf688cd605ca26c573f7780ba004d76e"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Remote Administration Portal
1. Remote Administration Portal
Summary
Found At
https://skidbooter.com/phpmyadmin/index.php
CVSS
0 of 10.0
Request Headers
GET
/phpmyadmin/index.php?db=&table=&token=5ffe82f52c3eb64dc8d984adc59d613a&lang=ko
HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare
CF-RAY 3f384197ae796a67-LHR
Connection keep-alive
Last-Modified Tue, 27 Feb 2018 04:04:49 +0000
X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
Pragma no-cache
X-ob_mode 0
Date Tue, 27 Feb 2018 04:03:46 GMT
X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
X-Frame-Options DENY
Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
Content-Encoding gzip
Set-Cookie pma_lang=ko; expires=Thu, 29-Mar-2018 04:04:49 GMT; Max-Age=2592000;
path=/phpmyadmin/; secure; HttpOnly
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 04:04:49 +0000
Content-Type text/html; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
<form method="post" action="index.php" name="login_form" class="disableAjax login hide
js-show">
 <fieldset>
 <legend>???<a
href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
target="documentation"><img src="themes/dot.gif" title="??" alt="??" class="icon
ic_b_help"></a></legend><div class="item">
 <label for="input_username">????:</label>
 <input type="text" name="pma_username" id="input_username" value="" size="24"
class="textfield">
 </div>
 <div class="item">
 <label for="input_password">??:</label>
 <input type="password" name="pma_password" id="input_password" value=""
size="24" class="textfield">
 </div> <input type="hidden" name="server" value="1"></fieldset>
 <fieldset class="tblFooters">
 <input value="??" type="submit" id="input_go"><input type="hidden" name="target"
value="index.php"><input type="hidden" name="token"
value="846ca674e79a22754971ed20bd51705f"></fieldset>
 </form>
Resources
REMEDIATION - Detectify Support Center - Remote Administration Portal
Service Providers
What does this mean?
The listed providers are authorized to host different parts of your infrastructure.
here (http://support.detectify.com/customer/portal/articles/2792249-service-providers).
What can happen?
Anyone can retrieve this data. It's only here to serve as an indicator of what vendors have access to.
Summary
Entry Found at CVSS
1 skidbooter.com 0
1. Service Providers
Summary
Found At
skidbooter.com
CVSS
0 of 10.0
service_provider_name
jocelyn.ns.cloudflare.com
service_provider_host
CloudFlare
Resources
REMEDIATION - Detectify Support Center - Service Providers
Content Sniffing
What does this mean?
The web site lacks content sniffing hardening techniques.
here (http://support.detectify.com/customer/portal/articles/2792034-content-sniffing).
What can happen?
This may open up for XSS attacks as browsers will attempt to guess how to render specific resources
without the correct policies.
Summary
Entry Found at CVSS
1 http://skidbooter.com/assets/css/oneui.css 0
2 http://skidbooter.com/assets/js/app.js 0
3 http://skidbooter.com/assets/js/core/bootstrap.min.js 0
4 http://skidbooter.com/assets/js/core/jquery.appear.min.js 0
5 http://skidbooter.com/assets/js/core/jquery.countTo.min.js 0
6 http://skidbooter.com/assets/js/core/jquery.min.js 0
7 http://skidbooter.com/assets/js/core/jquery.placeholder.min.js 0
8 http://skidbooter.com/assets/js/core/jquery.scrollLock.min.js 0
9 http://skidbooter.com/assets/js/core/jquery.slimscroll.min.js 0
10 http://skidbooter.com/assets/js/core/js.cookie.min.js 0
11 http://skidbooter.com/assets/js/pages/base_pages_login.js 0
12 http://skidbooter.com/assets/js/pages/base_pages_register.js 0
13 http://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js 0
14 http://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js 0
15 http://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRM
j0.js
0
16 http://skidbooter.com:2082/cdn-cgi/scripts/jquery.min.js 0
17 http://skidbooter.com:8080/cdn-cgi/scripts/jquery.min.js 0
18 http://skidbooter.com:8880/cdn-cgi/scripts/jquery.min.js 0
19 https://skidbooter.com/assets/js/app.js 0
20 https://skidbooter.com/assets/js/core/bootstrap.min.js 0
21 https://skidbooter.com/assets/js/core/jquery.appear.min.js 0
22 https://skidbooter.com/assets/js/core/jquery.countTo.min.js 0
23 https://skidbooter.com/assets/js/core/jquery.min.js 0
24 https://skidbooter.com/assets/js/core/jquery.placeholder.min.js 0
25 https://skidbooter.com/assets/js/core/jquery.scrollLock.min.js 0
26 https://skidbooter.com/assets/js/core/jquery.slimscroll.min.js 0
27 https://skidbooter.com/assets/js/core/js.cookie.min.js 0
28 https://skidbooter.com/assets/js/pages/base_pages_login.js 0
29 https://skidbooter.com/assets/js/pages/base_pages_register.js 0
30 https://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js 0
31 https://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js 0
32 https://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDR
Mj0.js
0
33 https://skidbooter.com:2083/cdn-cgi/scripts/jquery.min.js 0
34 https://skidbooter.com:8443/cdn-cgi/scripts/jquery.min.js 0
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/css/oneui.css
CVSS
0 of 10.0
Request Headers
GET /assets/css/oneui.css HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f38564f04e06b55-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:44:28 GMT
Date Tue, 27 Feb 2018 04:17:55 GMT
Accept-Ranges bytes
CF-Cache-Status EXPIRED
Cache-Control public, max-age=14400
ETag "5c54e-5471db90fd700-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:17:55 GMT
Content-Length 48536
Content-Type text/css
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/app.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/app.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8b85d96ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "a649-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 7820
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/bootstrap.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/bootstrap.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8aa5a86ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:16 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "8c75-5471dbbec4300-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 9546
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.appear.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.appear.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8b05c36ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "63a-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 770
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.countTo.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.countTo.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8b35c66ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "7ec-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 771
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d89d5716ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "1497d-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 29541
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.placeholder.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.placeholder.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8b45cb6ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "a36-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 1103
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.scrollLock.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.scrollLock.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8af5ba6ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "4ad-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 639
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/jquery.slimscroll.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.slimscroll.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8ad5b36ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "1256-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 1892
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/core/js.cookie.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/js.cookie.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8b65d16ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "6d8-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 925
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/pages/base_pages_login.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/pages/base_pages_login.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8bc5eb6ba3-LHR
Connection keep-alive
Last-Modified Fri, 23 Feb 2018 20:29:11 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "7a2-565e7035053c0-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 647
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/pages/base_pages_register.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/pages/base_pages_register.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383f1187fb6a9d-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:18 GMT
Date Tue, 27 Feb 2018 04:02:03 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "a72-5471dbc0ac780-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:02:03 GMT
Content-Length 738
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/plugins/jquery-validation/jquery.validate.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d8ba5e06ba3-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:47:22 GMT
Date Tue, 27 Feb 2018 04:01:00 GMT
Accept-Ranges bytes
CF-Cache-Status HIT
Cache-Control public, max-age=14400
ETag "5453-5471dc36ede80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:01:00 GMT
Content-Length 6792
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/admin
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383c1f403e6a19-LHR
Connection keep-alive
Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
x-amz-version-id w.wSVPaYjMxx1soiGl19r3EvvWkBEYvz
Date Tue, 27 Feb 2018 04:00:02 GMT
CF-Cache-Status HIT
Cache-Control public, max-age=31536000
ETag "e5e5fc7485dfaf68a6d7b07439259e36"
Content-Encoding gzip
Vary Accept-Encoding
x-amz-request-id 02524C316DFF8C8D
Expires Wed, 27 Feb 2019 04:00:02 GMT
Content-Length 9046
x-amz-id-2 jJkGw+HyHhk++0sXKZWLit3le3WaZQKWewIerQEmr271GzGeLPoW3/6twZs
4NAzh8EZLEyICRL8=
Content-Type application/javascript; charset=utf-8
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRM
j0.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRMj0.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer http://skidbooter.com/admin
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383c1e90196a19-LHR
Connection keep-alive
Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
x-amz-version-id rqjMVQL2I4Kk8KXt5xKMt.azipcuj0Xx
Date Tue, 27 Feb 2018 04:00:02 GMT
CF-Cache-Status HIT
Cache-Control public, max-age=31536000
ETag "977879dedb46f380cf93614586210c96"
Content-Encoding gzip
Vary Accept-Encoding
x-amz-request-id 7A89128BAA9F1933
Expires Wed, 27 Feb 2019 04:00:02 GMT
Content-Length 4056
x-amz-id-2 TNQyfLK2iMK1OJJueLPJI2r4NJJtNNxKryer3L24drEhMXD5+SWBHGgURVH
MbSVakX0KjoQx/FU=
Content-Type application/javascript; charset=utf-8
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com:2082/cdn-cgi/scripts/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare-nginx
CF-RAY 3f384c35a7556a49-LHR
Connection keep-alive
Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
Date Tue, 27 Feb 2018 04:11:01 GMT
X-Frame-Options SAMEORIGIN
Cache-Control max-age=172800
ETag W/"5a8d4a16-17bdc"
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 01 Mar 2018 04:11:01 GMT
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com:8080/cdn-cgi/scripts/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare-nginx
CF-RAY 3f384c8ae64006c4-LHR
Connection keep-alive
Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
Date Tue, 27 Feb 2018 04:11:15 GMT
X-Frame-Options SAMEORIGIN
Cache-Control max-age=172800
ETag W/"5a8d4a16-17bdc"
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 01 Mar 2018 04:11:15 GMT
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
http://skidbooter.com:8880/cdn-cgi/scripts/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare-nginx
CF-RAY 3f3855d7668f6a01-LHR
Connection keep-alive
Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
Date Tue, 27 Feb 2018 04:17:35 GMT
X-Frame-Options SAMEORIGIN
Cache-Control max-age=172800
ETag W/"5a8d4a16-17bdc"
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 01 Mar 2018 04:17:35 GMT
Content-Type application/javascript
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/app.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/app.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bf68dca69d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 03:59:56 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "a649-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:56 GMT
Content-Length 7820
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/bootstrap.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/bootstrap.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bebba9969d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:16 GMT
Date Tue, 27 Feb 2018 03:59:54 GMT
Accept-Ranges bytes
CF-Cache-Status EXPIRED
Cache-Control public, max-age=14400
ETag "8c75-5471dbbec4300-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:54 GMT
Content-Length 9546
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.appear.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.appear.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383becaae469d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 03:59:54 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "63a-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:54 GMT
Content-Length 770
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.countTo.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.countTo.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bef0b8e69d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 03:59:55 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "7ec-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:55 GMT
Content-Length 771
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383be9c9f369d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 03:59:53 GMT
Accept-Ranges bytes
CF-Cache-Status EXPIRED
Cache-Control public, max-age=14400
ETag "1497d-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:53 GMT
Content-Length 29541
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.placeholder.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.placeholder.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bf54d6c69d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
Date Tue, 27 Feb 2018 03:59:55 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "a36-5471dbbcdbe80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:55 GMT
Content-Length 1103
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.scrollLock.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.scrollLock.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bec7ad969d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 03:59:54 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "4ad-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:54 GMT
Content-Length 639
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/jquery.slimscroll.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/jquery.slimscroll.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bec4ace69d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 03:59:54 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "1256-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:54 GMT
Content-Length 1892
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/core/js.cookie.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/core/js.cookie.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bf64db069d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
Date Tue, 27 Feb 2018 03:59:55 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "6d8-5471dbbaf3a00-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:55 GMT
Content-Length 925
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/pages/base_pages_login.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/pages/base_pages_login.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/login.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383d42ff0d6b6d-LHR
Connection keep-alive
Last-Modified Fri, 23 Feb 2018 20:29:11 GMT
Date Tue, 27 Feb 2018 04:00:49 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "7a2-565e7035053c0-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 08:00:49 GMT
Content-Length 647
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/pages/base_pages_register.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/pages/base_pages_register.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bfbbf6869d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:45:18 GMT
Date Tue, 27 Feb 2018 03:59:56 GMT
Accept-Ranges bytes
CF-Cache-Status MISS
Cache-Control public, max-age=14400
ETag "a72-5471dbc0ac780-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:56 GMT
Content-Length 738
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js
CVSS
0 of 10.0
Request Headers
GET /assets/js/plugins/jquery-validation/jquery.validate.min.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bfb4f4069d7-LHR
Connection keep-alive
Last-Modified Sat, 28 Jan 2017 01:47:22 GMT
Date Tue, 27 Feb 2018 03:59:56 GMT
Accept-Ranges bytes
CF-Cache-Status EXPIRED
Cache-Control public, max-age=14400
ETag "5453-5471dc36ede80-gzip"
Content-Encoding gzip
Vary Accept-Encoding
Expires Tue, 27 Feb 2018 07:59:56 GMT
Content-Length 6792
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bdd6d3469d7-LHR
Connection keep-alive
Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
x-amz-version-id w.wSVPaYjMxx1soiGl19r3EvvWkBEYvz
Date Tue, 27 Feb 2018 03:59:52 GMT
CF-Cache-Status MISS
Cache-Control public, max-age=31536000
ETag "e5e5fc7485dfaf68a6d7b07439259e36"
Content-Encoding gzip
Vary Accept-Encoding
x-amz-request-id 02524C316DFF8C8D
Expires Wed, 27 Feb 2019 03:59:52 GMT
Content-Length 9046
x-amz-id-2 jJkGw+HyHhk++0sXKZWLit3le3WaZQKWewIerQEmr271GzGeLPoW3/6twZs
4NAzh8EZLEyICRL8=
Content-Type application/javascript; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDR
Mj0.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRMj0.js HTTP/1.1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Referer https://skidbooter.com/register.php
Accept-Encoding gzip, deflate
Accept-Language en-US
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
Response Headers
HTTP/ 1.1 200 OK
Server cloudflare
CF-RAY 3f383bd70b4369d7-LHR
Connection keep-alive
Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
x-amz-version-id rqjMVQL2I4Kk8KXt5xKMt.azipcuj0Xx
Date Tue, 27 Feb 2018 03:59:51 GMT
CF-Cache-Status MISS
Cache-Control public, max-age=31536000
ETag "977879dedb46f380cf93614586210c96"
Content-Encoding gzip
Vary Accept-Encoding
x-amz-request-id 7A89128BAA9F1933
Expires Wed, 27 Feb 2019 03:59:51 GMT
Content-Length 4056
x-amz-id-2 TNQyfLK2iMK1OJJueLPJI2r4NJJtNNxKryer3L24drEhMXD5+SWBHGgURVH
MbSVakX0KjoQx/FU=
Content-Type application/javascript; charset=utf-8
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com:2083/cdn-cgi/scripts/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare-nginx
CF-RAY 3f3859ab98ae69fb-LHR
Connection keep-alive
Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
Date Tue, 27 Feb 2018 04:20:12 GMT
X-Frame-Options SAMEORIGIN
Cache-Control max-age=172800
ETag W/"5a8d4a16-17bdc"
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 01 Mar 2018 04:20:12 GMT
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options
1. Content Sniffing
Summary
Found At
https://skidbooter.com:8443/cdn-cgi/scripts/jquery.min.js
CVSS
0 of 10.0
Request Headers
GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
Upgrade-Insecure-Requests1
User-Agent Mozilla/5.0 (compatible; Detectify)
+https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
Accept-Encoding gzip, deflate
Accept-Language en-US
Response Headers
HTTP/ 1.1 200 OK
Transfer-Encoding chunked
Server cloudflare-nginx
CF-RAY 3f3854df5b746b4f-LHR
Connection keep-alive
Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
Date Tue, 27 Feb 2018 04:16:56 GMT
X-Frame-Options SAMEORIGIN
Cache-Control max-age=172800
ETag W/"5a8d4a16-17bdc"
Content-Encoding gzip
Vary Accept-Encoding
Expires Thu, 01 Mar 2018 04:16:56 GMT
Content-Type application/javascript
Expect-CT max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Resources
REMEDIATION - Detectify Support Center - Content sniffing
OWASP - X-Content-Type-Options
MOZILLA - X-Content-Type-Options