Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ==============================================
- *********DOXED BY ANONYMOUS*****
- ==============================================
- Owner: DevDripzie#8879
- Email: devdripzieinc@gmail.com
- ==============================================
- Websites & Profiles:
- Old ass: https://odripzieinccontrollers.site123.me/
- Old 2017 Website: https://devdripzieinc.wordpress.com/
- Website URL: https://skidbooter.com
- Profile: https://www.nulled.to/user/1362835-devdripzie
- Profile Twitch: https://www.twitch.tv/odripzie
- ==============================================
- Twitter 1: https://twitter.com/devdripzie
- Twitter 2: https://twitter.com/odripzie5
- Twitter 3: https://twitter.com/DripzieInc
- Twitter 4: https://twitter.com/oDripzieInc
- Joined March 2017
- "Tweets The latest Tweets from Dev Dripzie
- (@DevDripzie). Web Developer
- NFO/VPN Seller Xbox Modder NFO Spots -
- $5 a Month VPN Spots - $3 a Month Bo2 Recovery
- $3 Ghost Camo - $2."
- ENJOY FAGGOT!!
- ================================================================================================================================
- Vulnerability Scan of his website very shitty
- ======================================================================================================================================
- skidbooter.com
- Scan time
- Scan started
- 2018-02-27 03:44
- Scan finished
- 2018-02-27 07:12
- Finding summary
- Email Spoofing / Missing SPF
- Record
- 1
- Login Cross Site Request
- Forgery (CSRF/XSRF)
- 2
- Unencrypted Login Sessions 3
- Directory Listing 8
- CSRF Token Leakage Through
- HTTP GET
- 4
- Technology Disclosure 2
- Script Integrity Attribute Not
- Implemented
- 4
- Invalid HTML Content 2
- Referrer-Policy Not
- Implemented
- 5
- Empty Document 2
- Crawled URL's 1
- Discovered Host(s) 1
- Email Enumeration 1
- External Resources 2
- Fingerprinted Software 2
- Scan settings
- Scan subdomains Yes
- Scan as device Detectify
- HTML Comments 2
- Lacking DMARC Policy 1
- Missing Content Type 6
- Remote Administration Portal 4
- Service Providers 1
- Content Sniffing 34
- Email Spoofing / Missing SPF Record
- What does this mean?
- The domain lacks a DNS SPF policy record. SPF policies must to be applied on every domain
- (including subdomains) having either an A, AAAA or MX record.
- here (http://support.detectify.com/customer/en/portal/articles/2166468-missing-spf-record).
- here
- (https://support.detectify.com/customer/en/portal/articles/2466214-missing-insufficient-dmarc-record).
- What can happen?
- An attacker will be able to spoof emails originating from the domain, allowing for phishing attacks or
- other scams.
- Summary
- Entry Found at CVSS
- 1 skidbooter.com 6.2
- 1. Email Spoofing / Missing SPF Record
- Summary
- Found At
- skidbooter.com
- CVSS
- 6.2 of 10.0
- Resources
- REMEDIATION - Detectify Support Center - Missing/insufficient SPF record
- DETECTIFY - Misconfigured email servers open the door to spoofed emails from top domains
- DETECTIFY - How to identify a phishing email
- MISC - SPF Validator (dmarcanalyzer.com)
- Login Cross Site Request Forgery (CSRF/XSRF)
- What does this mean?
- The web site seems to be lacking CSRF token on a login form.
- our knowledge base (http://support.detectify.com/customer/portal/articles/1969819-login-csrf).
- What can happen?
- An attacker can force an unsuspecting user to sign in to the attacker's account. What can be done
- from there depends on the application. Example: An attacker can force an unsuspecting user to login
- to the attacker's account and when the user buys something, the credit card is added to the attacker's
- account.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/register.php 6.2
- 2 https://skidbooter.com/register.php 6.2
- 1. Login Cross Site Request Forgery (CSRF/XSRF)
- Summary
- Found At
- http://skidbooter.com/register.php
- CVSS
- 6.2 of 10.0
- Request Headers
- GET /register.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Cache-Control no-store, no-cache, must-revalidate
- Server cloudflare
- CF-RAY 3f383f06059e6a9d-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 19 Nov 1981 08:52:00 GMT
- Pragma no-cache
- Date Tue, 27 Feb 2018 04:02:01 GMT
- Content-Type text/html; charset=UTF-8
- <form class="js-validation-register form-horizontal push-50-t push-50" method="post"
- novalidate="novalidate">
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="text"
- id="register-username" name="register-username" placeholder="Please enter a username">
- <label for="register-username">Username</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="email"
- id="register-email" name="register-email" placeholder="Please provide your email">
- <label for="register-email">Email</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password" name="register-password" placeholder="Choose a strong password">
- <label for="register-password">Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password2" name="register-password2" placeholder="..and confirm it">
- <label for="register-password2">Confirm Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
- <div class="g-recaptcha"
- data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <label class="css-input switch switch-sm switch-success">
- <input required="" type="checkbox" id="register-terms"
- name="register-terms"><span></span> I agree with terms & conditions
- </label>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12 col-sm-6 col-md-5">
- <button name="doCreate" value="create" class="btn btn-block
- btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
- </div>
- </div>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Login CSRF
- REMEDIATION - Detectify Support Center - CSRF
- STACK OVERFLOW - How to protect against login CSRF?
- VIDEO - What is a CSRF?
- 1. Login Cross Site Request Forgery (CSRF/XSRF)
- Summary
- Found At
- https://skidbooter.com/register.php
- CVSS
- 6.2 of 10.0
- Request Headers
- GET /register.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383bd6cb3969d7-LHR
- Connection keep-alive
- Pragma no-cache
- Date Tue, 27 Feb 2018 03:59:50 GMT
- Cache-Control no-store, no-cache, must-revalidate
- Content-Encoding gzip
- Set-Cookie PHPSESSID=18n1ckqomkpbrhklpjhtltpl44; path=/
- Vary Accept-Encoding
- Expires Thu, 19 Nov 1981 08:52:00 GMT
- Content-Type text/html; charset=UTF-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- <form class="js-validation-register form-horizontal push-50-t push-50" method="post"
- novalidate="novalidate">
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="text"
- id="register-username" name="register-username" placeholder="Please enter a username">
- <label for="register-username">Username</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="email"
- id="register-email" name="register-email" placeholder="Please provide your email">
- <label for="register-email">Email</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password" name="register-password" placeholder="Choose a strong password">
- <label for="register-password">Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password2" name="register-password2" placeholder="..and confirm it">
- <label for="register-password2">Confirm Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
- <div class="g-recaptcha"
- data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <label class="css-input switch switch-sm switch-success">
- <input required="" type="checkbox" id="register-terms"
- name="register-terms"><span></span> I agree with terms & conditions
- </label>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12 col-sm-6 col-md-5">
- <button name="doCreate" value="create" class="btn btn-block
- btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
- </div>
- </div>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Login CSRF
- REMEDIATION - Detectify Support Center - CSRF
- STACK OVERFLOW - How to protect against login CSRF?
- VIDEO - What is a CSRF?
- Unencrypted Login Sessions
- What does this mean?
- The login form isn't using HTTPS.
- here (http://support.detectify.com/customer/portal/articles/2792104-unencrypted-login-sessions).
- What can happen?
- An attacker can, if intercepting the traffic, read login credentials in plain text.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/phpmyadmin/ 5.5
- 2 http://skidbooter.com/phpmyadmin/index.php 5.5
- 3 http://skidbooter.com/register.php 5.5
- 1. Unencrypted Login Sessions
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/
- CVSS
- 5.5 of 10.0
- Request Headers
- GET /phpmyadmin/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383dcbd49e6ba3-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:01:11 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
- HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:02:13 +0000
- Content-Type text/html; charset=utf-8
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>Log in<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
- class="icon ic_b_help"></a></legend><div class="item">
- <label for="input_username">Username:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">Password:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
- name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
- value="561988dc337f5e14462e9e1d9d786982"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
- OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
- 1. Unencrypted Login Sessions
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/index.php
- CVSS
- 5.5 of 10.0
- Request Headers
- GET
- /phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
- HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383f8332976b55-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:02:21 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
- path=/phpmyadmin/; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:03:24 +0000
- Content-Type text/html; charset=utf-8
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>Log in<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
- class="icon ic_b_help"></a></legend><div class="item">
- <label for="input_username">Username:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">Contrasigno:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="Vade" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="token"
- value="ed03f5241d278db93cac7a89eb07c6e2"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
- OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
- 1. Unencrypted Login Sessions
- Summary
- Found At
- http://skidbooter.com/register.php
- CVSS
- 5.5 of 10.0
- Request Headers
- GET /register.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Cache-Control no-store, no-cache, must-revalidate
- Server cloudflare
- CF-RAY 3f383f06059e6a9d-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 19 Nov 1981 08:52:00 GMT
- Pragma no-cache
- Date Tue, 27 Feb 2018 04:02:01 GMT
- Content-Type text/html; charset=UTF-8
- <form class="js-validation-register form-horizontal push-50-t push-50" method="post"
- novalidate="novalidate">
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="text"
- id="register-username" name="register-username" placeholder="Please enter a username">
- <label for="register-username">Username</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="email"
- id="register-email" name="register-email" placeholder="Please provide your email">
- <label for="register-email">Email</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password" name="register-password" placeholder="Choose a strong password">
- <label for="register-password">Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <div class="form-material form-material-success">
- <input required="" class="form-control" type="password"
- id="register-password2" name="register-password2" placeholder="..and confirm it">
- <label for="register-password2">Confirm Password</label>
- </div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12" style="margin-left: auto; margin-right: auto;">
- <div class="g-recaptcha"
- data-sitekey="6LdtNkgUAAAAAPsb4DIUmk168GiysqZrZSFOtbnY"></div>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12">
- <label class="css-input switch switch-sm switch-success">
- <input required="" type="checkbox" id="register-terms"
- name="register-terms"><span></span> I agree with terms & conditions
- </label>
- </div>
- </div>
- <div class="form-group">
- <div class="col-xs-12 col-sm-6 col-md-5">
- <button name="doCreate" value="create" class="btn btn-block
- btn-success" type="submit"><i class="fa fa-plus pull-right"></i> Sign Up</button>
- </div>
- </div>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Unencrypted Login Sessions
- OWASP - Testing for Sensitive information sent via unencrypted channels (OTG-CRYPST-003)
- Directory Listing
- What does this mean?
- Directory Listing is enabled which means an attacker can see all files in a directory.
- What can happen?
- An attacker can use this to discover sensitive files.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/assets/ 5
- 2 http://skidbooter.com/assets/ 5
- 3 http://skidbooter.com/assets/css/ 5
- 4 http://skidbooter.com/assets/css/ 5
- 5 http://skidbooter.com/assets/fonts/ 5
- 6 http://skidbooter.com/assets/fonts/ 5
- 7 https://skidbooter.com/ajax/ 5
- 8 https://skidbooter.com/ajax/ 5
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383d56b2536ba3-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:00:52 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/?C=D;O=A HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f38562e65da6b55-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:17:49 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/css/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/css/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f385639e05c6b55-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:17:51 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/css/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/css/?C=S;O=A HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f38566a22bb6b55-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:17:59 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/fonts/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/fonts/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f38591856d66b55-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:19:49 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- http://skidbooter.com/assets/fonts/
- CVSS
- 5 of 10.0
- Request Headers
- GET /assets/fonts/?C=M;O=A HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f38593a86e86b55-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:19:54 GMT
- Content-Type text/html;charset=UTF-8
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- https://skidbooter.com/ajax/
- CVSS
- 5 of 10.0
- Request Headers
- GET /ajax/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383d992b6769fb-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:01:02 GMT
- Content-Type text/html;charset=UTF-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- 1. Directory Listing
- Summary
- Found At
- https://skidbooter.com/ajax/
- CVSS
- 5 of 10.0
- Request Headers
- GET /ajax/?C=M;O=A HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f384cb34fa60b7b-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Date Tue, 27 Feb 2018 04:11:21 GMT
- Content-Type text/html;charset=UTF-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- STACKEXCHANGE - Is it dangerous to allow user to view a file directory via web browser?
- CSRF Token Leakage Through HTTP GET
- What does this mean?
- The CSRF token is in the GET-request.
- What can happen?
- The CSRF token may be leaked in several ways, such as in browser history and/or HTTP log files. If
- there is a link to an external site the token may also leak in the Referer header, which means the
- external site gets the victim's token.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/phpmyadmin/ 3.9
- 2 http://skidbooter.com/phpmyadmin/index.php 3.9
- 3 https://skidbooter.com/phpmyadmin/ 3.9
- 4 https://skidbooter.com/phpmyadmin/index.php 3.9
- 1. CSRF Token Leakage Through HTTP GET
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/
- CVSS
- 3.9 of 10.0
- Request Headers
- GET /phpmyadmin/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383dcbd49e6ba3-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:01:11 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
- HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:02:13 +0000
- Content-Type text/html; charset=utf-8
- <form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
- value=""><input type="hidden" name="table" value=""><input type="hidden" name="lang"
- value="en"><input type="hidden" name="collation_connection" value="utf8_general_ci"><input
- type="hidden" name="token" value="561988dc337f5e14462e9e1d9d786982"><fieldset><legend
- lang="en" dir="ltr">Language</legend><select name="lang" class="autosubmit" lang="en"
- dir="ltr" id="sel-lang"><option
- value="ar">العربية - Arabic<option
- value="az">Azərbaycanca - Azerbaijani<option
- value="bg">Български -
- Bulgarian<option value="bn">????? - Bangla<option value="ca">Català -
- Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
- value="de">Deutsch - German<option
- value="el">Ελληνικά - Greek<option
- value="en" selected="selected">English<option value="en_GB">English (United
- Kingdom)<option value="es">Español - Spanish<option value="et">Eesti -
- Estonian<option value="fi">Suomi - Finnish<option value="fr">Français - French<option
- value="gl">Galego - Galician<option
- value="hi">हिन्दी - Hindi<option
- value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
- value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
- value="ja">日本語 - Japanese<option
- value="ko">한국어 - Korean<option value="lt">Lietuvių -
- Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
- value="pl">Polski - Polish<option value="pt">Português - Portuguese<option
- value="pt_BR">Português - Brazilian portuguese<option value="ro">Română -
- Romanian<option value="ru">Русский -
- Russian<option value="si">සිංහල - Sinhala<option
- value="sk">Slovenčina - Slovak<option value="sl">Slovenščina -
- Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
- Swedish<option value="tr">Türkçe - Turkish<option
- value="uk">Українська
- - Ukrainian<option value="uz">Ўзбекча -
- Uzbek-cyrillic<option value="uz@latin">O‘zbekcha - Uzbek-latin<option
- value="zh_CN">中文 - Chinese simplified<option
- value="zh_TW">中文 - Chinese traditional</select></fieldset></form>
- Resources
- REMEDIATION - Detectify Support Center - CSRF
- MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- VIDEO - What is a CSRF?
- 1. CSRF Token Leakage Through HTTP GET
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/index.php
- CVSS
- 3.9 of 10.0
- Request Headers
- GET
- /phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
- HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383f8332976b55-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:02:21 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
- path=/phpmyadmin/; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:03:24 +0000
- Content-Type text/html; charset=utf-8
- <form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
- value=""><input type="hidden" name="table" value=""><input type="hidden" name="token"
- value="ed03f5241d278db93cac7a89eb07c6e2"><fieldset><legend lang="en" dir="ltr">Linguage
- - <em>Language</em></legend><select name="lang" class="autosubmit" lang="en" dir="ltr"
- id="sel-lang"><option value="ar">العربية -
- Arabic<option value="az">Azərbaycanca - Azerbaijani<option
- value="bg">Български -
- Bulgarian<option value="bn">????? - Bangla<option value="ca">Català -
- Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
- value="de">Deutsch - German<option
- value="el">Ελληνικά - Greek<option
- value="en">English<option value="en_GB">English (United Kingdom)<option
- value="es">Español - Spanish<option value="et">Eesti - Estonian<option
- value="fi">Suomi - Finnish<option value="fr">Français - French<option
- value="gl">Galego - Galician<option
- value="hi">हिन्दी - Hindi<option
- value="hu">Magyar - Hungarian<option value="ia" selected="selected">Interlingua -
- Interlingua<option value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano -
- Italian<option value="ja">日本語 - Japanese<option
- value="ko">한국어 - Korean<option value="lt">Lietuvių -
- Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
- value="pl">Polski - Polish<option value="pt">Português - Portuguese<option
- value="pt_BR">Português - Brazilian portuguese<option value="ro">Română -
- Romanian<option value="ru">Русский -
- Russian<option value="si">සිංහල - Sinhala<option
- value="sk">Slovenčina - Slovak<option value="sl">Slovenščina -
- Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
- Swedish<option value="tr">Türkçe - Turkish<option
- value="uk">Українська
- - Ukrainian<option value="uz">Ўзбекча -
- Uzbek-cyrillic<option value="uz@latin">O‘zbekcha - Uzbek-latin<option
- value="zh_CN">中文 - Chinese simplified<option
- value="zh_TW">中文 - Chinese traditional</select></fieldset></form>
- Resources
- REMEDIATION - Detectify Support Center - CSRF
- MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- VIDEO - What is a CSRF?
- 1. CSRF Token Leakage Through HTTP GET
- Summary
- Found At
- https://skidbooter.com/phpmyadmin/
- CVSS
- 3.9 of 10.0
- Request Headers
- GET /phpmyadmin/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383c400cd96b6d-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:01:10 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:00:07 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
- Content-Encoding gzip
- Set-Cookie phpMyAdmin=7r9g3tef4h2mgv0bi762uhstc86kedon; path=/phpmyadmin/;
- secure; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:01:10 +0000
- Content-Type text/html; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- <form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
- value=""><input type="hidden" name="table" value=""><input type="hidden" name="lang"
- value="en"><input type="hidden" name="collation_connection" value="utf8_general_ci"><input
- type="hidden" name="token" value="bf688cd605ca26c573f7780ba004d76e"><fieldset><legend
- lang="en" dir="ltr">Language</legend><select name="lang" class="autosubmit" lang="en"
- dir="ltr" id="sel-lang"><option
- value="ar">العربية - Arabic<option
- value="az">Azərbaycanca - Azerbaijani<option
- value="bg">Български -
- Bulgarian<option value="bn">????? - Bangla<option value="ca">Català -
- Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
- value="de">Deutsch - German<option
- value="el">Ελληνικά - Greek<option
- value="en" selected="selected">English<option value="en_GB">English (United
- Kingdom)<option value="es">Español - Spanish<option value="et">Eesti -
- Estonian<option value="fi">Suomi - Finnish<option value="fr">Français - French<option
- value="gl">Galego - Galician<option
- value="hi">हिन्दी - Hindi<option
- value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
- value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
- value="ja">日本語 - Japanese<option
- value="ko">한국어 - Korean<option value="lt">Lietuvių -
- Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
- value="pl">Polski - Polish<option value="pt">Português - Portuguese<option
- value="pt_BR">Português - Brazilian portuguese<option value="ro">Română -
- Romanian<option value="ru">Русский -
- Russian<option value="si">සිංහල - Sinhala<option
- value="sk">Slovenčina - Slovak<option value="sl">Slovenščina -
- Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
- Swedish<option value="tr">Türkçe - Turkish<option
- value="uk">Українська
- - Ukrainian<option value="uz">Ўзбекча -
- Uzbek-cyrillic<option value="uz@latin">O‘zbekcha - Uzbek-latin<option
- value="zh_CN">中文 - Chinese simplified<option
- value="zh_TW">中文 - Chinese traditional</select></fieldset></form>
- Resources
- REMEDIATION - Detectify Support Center - CSRF
- MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- VIDEO - What is a CSRF?
- 1. CSRF Token Leakage Through HTTP GET
- Summary
- Found At
- https://skidbooter.com/phpmyadmin/index.php
- CVSS
- 3.9 of 10.0
- Request Headers
- GET
- /phpmyadmin/index.php?db=&table=&token=5ffe82f52c3eb64dc8d984adc59d613a&lang=ko
- HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f384197ae796a67-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:04:49 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:03:46 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
- Content-Encoding gzip
- Set-Cookie pma_lang=ko; expires=Thu, 29-Mar-2018 04:04:49 GMT; Max-Age=2592000;
- path=/phpmyadmin/; secure; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:04:49 +0000
- Content-Type text/html; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- <form method="get" action="index.php" class="disableAjax"><input type="hidden" name="db"
- value=""><input type="hidden" name="table" value=""><input type="hidden" name="token"
- value="846ca674e79a22754971ed20bd51705f"><fieldset><legend lang="en" dir="ltr">?? -
- <em>Language</em></legend><select name="lang" class="autosubmit" lang="en" dir="ltr"
- id="sel-lang"><option value="ar">العربية -
- Arabic<option value="az">Azərbaycanca - Azerbaijani<option
- value="bg">Български -
- Bulgarian<option value="bn">????? - Bangla<option value="ca">Català -
- Catalan<option value="cs">Cestina - Czech<option value="da">Dansk - Danish<option
- value="de">Deutsch - German<option
- value="el">Ελληνικά - Greek<option
- value="en">English<option value="en_GB">English (United Kingdom)<option
- value="es">Español - Spanish<option value="et">Eesti - Estonian<option
- value="fi">Suomi - Finnish<option value="fr">Français - French<option
- value="gl">Galego - Galician<option
- value="hi">हिन्दी - Hindi<option
- value="hu">Magyar - Hungarian<option value="ia">Interlingua - Interlingua<option
- value="id">Bahasa Indonesia - Indonesian<option value="it">Italiano - Italian<option
- value="ja">日本語 - Japanese<option value="ko"
- selected="selected">한국어 - Korean<option value="lt">Lietuvių -
- Lithuanian<option value="nb">Norsk - Norwegian<option value="nl">Nederlands - Dutch<option
- value="pl">Polski - Polish<option value="pt">Português - Portuguese<option
- value="pt_BR">Português - Brazilian portuguese<option value="ro">Română -
- Romanian<option value="ru">Русский -
- Russian<option value="si">සිංහල - Sinhala<option
- value="sk">Slovenčina - Slovak<option value="sl">Slovenščina -
- Slovenian<option value="sr@latin">Srpski - Serbian latin<option value="sv">Svenska -
- Swedish<option value="tr">Türkçe - Turkish<option
- value="uk">Українська
- - Ukrainian<option value="uz">Ўзбекча -
- Uzbek-cyrillic<option value="uz@latin">O‘zbekcha - Uzbek-latin<option
- value="zh_CN">中文 - Chinese simplified<option
- value="zh_TW">中文 - Chinese traditional</select></fieldset></form>
- Resources
- REMEDIATION - Detectify Support Center - CSRF
- MISC - Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- VIDEO - What is a CSRF?
- Technology Disclosure
- What does this mean?
- The HTTP server discloses what type of technology that is currently used on the HTTP-server.
- here (http://support.detectify.com/customer/portal/articles/2792281-technology-disclosure).
- What can happen?
- An attacker can use that information to look up known vulnerabilities in the specific technology and
- then use them against the website.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/icons/README 2.9
- 2 https://skidbooter.com/icons/README 2.9
- 1. Technology Disclosure
- Summary
- Found At
- http://skidbooter.com/icons/README
- CVSS
- 2.9 of 10.0
- Request Headers
- GET /icons/README HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Host skidbooter.com
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
- cf_ob_info=521:3f3887c807dd69fb:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Accept-Encoding gzip, deflate
- Response Headers
- HTTP/ 1.1 200 OK
- Connection keep-alive
- CF-RAY 3f3887df65f76a19-LHR
- Accept-Ranges bytes
- Content-Length 5108
- Date Tue, 27 Feb 2018 04:51:45 GMT
- ETag "13f4-438c034968a80"
- Last-Modified Tue, 28 Aug 2007 10:47:54 GMT
- Server cloudflare
- Technology
- By observing the checksums of the files accessible from /icons/ it's possible to work out what
- versions of Apache that is used. You can reconfigure your Apache setup to disable access to
- /icons/.
- Technology
- Public Domain Icons
- These icons were originally made for Mosaic for X and have been
- included in the NCSA httpd and Apache server distributions in the
- past. They are in the public domain and may be freely included in any
- application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
- Andy Polyakov tuned the icon colors and added a few new images.
- If you'd like to contribute additions to this set, contact the httpd
- documentation project <http://httpd.apache.org/docs-project/>.
- Almost all of these icons are 20x22 pixels in size. There are
- alternative icons in the "small" directory that are 16x16 in size,
- provided by Mike Brown (mike@hyperreal.org).
- Suggested Uses
- The following are a few suggestions, to serve as a starting point for ideas.
- Please feel free to tweak and rename the icons as you like.
- a.gif
- This might be used to represent PostScript or text layout
- languages.
- alert.black.gif, alert.red.gif
- These can be used to highlight any important items, such as a
- README file in a directory.
- back.gif, forward.gif
- These can be used as links to go to previous and next areas.
- ball.gray.gif, ball.red.gif
- These might be used as bullets.
- binary.gif
- This can be used to represent binary files.
- binhex.gif
- This can represent BinHex-encoded data.
- blank.gif
- This can be used as a placeholder or a spacing element.
- bomb.gif
- This can be used to represent core files.
- box1.gif, box2.gif
- These icons can be used to represent generic 3D applications and
- related files.
- broken.gif
- This can represent corrupted data.
- burst.gif
- This can call attention to new and important items.
- c.gif
- This might represent C source code.
- comp.blue.gif, comp.gray.gif
- These little computer icons can stand for telnet or FTP
- sessions.
- compressed.gif
- This may represent compressed data.
- continued.gif
- This can be a link to a continued listing of a directory.
- down.gif, up.gif, left.gif, right.gif
- These can be used to scroll up, down, left and right in a
- listing or may be used to denote items in an outline.
- dir.gif
- Identical to folder.gif below.
- diskimg.gif
- This can represent floppy disk storage.
- dvi.gif
- This can represent DVI files.
- f.gif
- This might represent FORTRAN or Forth source code.
- folder.gif, folder.open.gif, folder.sec.gif
- The folder can represent directories. There is also a version
- that can represent secure directories or directories that cannot
- be viewed.
- generic.gif, generic.sec.gif, generic.red.gif
- These can represent generic files, secure files, and important
- files, respectively.
- hand.right.gif, hand.up.gif
- These can point out important items (pun intended).
- image1.gif, image2.gif, image3.gif
- These can represent image formats of various types.
- index.gif
- This might represent a WAIS index or search facility.
- layout.gif
- This might represent files and formats that contain graphics as
- well as text layout, such as HTML and PDF files.
- link.gif
- This might represent files that are symbolic links.
- movie.gif
- This can represent various movie formats.
- p.gif
- This may stand for Perl or Python source code.
- pie0.gif ... pie8.gif
- These icons can be used in applications where a list of
- documents is returned from a search. The little pie chart images
- can denote how relevant the documents may be to your search
- query.
- patch.gif
- This may stand for patches and diff files.
- portal.gif
- This might be a link to an online service or a 3D world.
- pdf.gif, ps.gif, quill.gif
- These may represent PDF and PostScript files.
- screw1.gif, screw2.gif
- These may represent CAD or engineering data and formats.
- script.gif
- This can represent any of various interpreted languages, such as
- Perl, python, TCL, and shell scripts, as well as server
- configuration files.
- sound1.gif, sound2.gif
- These can represent sound files.
- sphere1.gif, sphere2.gif
- These can represent 3D worlds or rendering applications and
- formats.
- tar.gif
- This can represent TAR archive files.
- tex.gif
- This can represent TeX files.
- text.gif
- This can represent generic (plain) text files.
- transfer.gif
- This can represent FTP transfers or uploads/downloads.
- unknown.gif
- This may represent a file of an unknown type.
- uu.gif, uuencoded.gif
- This can stand for uuencoded data.
- world1.gif, world2.gif
- These can represent 3D worlds or other 3D formats.
- Resources
- REMEDIATION - Detectify Support Center - Technology Disclosure
- MISC - Removal of the /var/www/icons alias from Apache config
- MISC - Hardening an Apache Server
- MISC - Apache hardening cheat sheet
- 1. Technology Disclosure
- Summary
- Found At
- https://skidbooter.com/icons/README
- CVSS
- 2.9 of 10.0
- Request Headers
- GET /icons/README HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Host skidbooter.com
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
- cf_ob_info=521:3f3887e6e64169fb:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Accept-Encoding gzip, deflate
- Response Headers
- HTTP/ 1.1 200 OK
- Connection keep-alive
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- CF-RAY 3f3887e928be69fb-LHR
- Accept-Ranges bytes
- Content-Length 5108
- Date Tue, 27 Feb 2018 04:51:46 GMT
- ETag "13f4-438c034968a80"
- Last-Modified Tue, 28 Aug 2007 10:47:54 GMT
- Server cloudflare
- Technology
- By observing the checksums of the files accessible from /icons/ it's possible to work out what
- versions of Apache that is used. You can reconfigure your Apache setup to disable access to
- /icons/.
- Technology
- Public Domain Icons
- These icons were originally made for Mosaic for X and have been
- included in the NCSA httpd and Apache server distributions in the
- past. They are in the public domain and may be freely included in any
- application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
- Andy Polyakov tuned the icon colors and added a few new images.
- If you'd like to contribute additions to this set, contact the httpd
- documentation project <http://httpd.apache.org/docs-project/>.
- Almost all of these icons are 20x22 pixels in size. There are
- alternative icons in the "small" directory that are 16x16 in size,
- provided by Mike Brown (mike@hyperreal.org).
- Suggested Uses
- The following are a few suggestions, to serve as a starting point for ideas.
- Please feel free to tweak and rename the icons as you like.
- a.gif
- This might be used to represent PostScript or text layout
- languages.
- alert.black.gif, alert.red.gif
- These can be used to highlight any important items, such as a
- README file in a directory.
- back.gif, forward.gif
- These can be used as links to go to previous and next areas.
- ball.gray.gif, ball.red.gif
- These might be used as bullets.
- binary.gif
- This can be used to represent binary files.
- binhex.gif
- This can represent BinHex-encoded data.
- blank.gif
- This can be used as a placeholder or a spacing element.
- bomb.gif
- This can be used to represent core files.
- box1.gif, box2.gif
- These icons can be used to represent generic 3D applications and
- related files.
- broken.gif
- This can represent corrupted data.
- burst.gif
- This can call attention to new and important items.
- c.gif
- This might represent C source code.
- comp.blue.gif, comp.gray.gif
- These little computer icons can stand for telnet or FTP
- sessions.
- compressed.gif
- This may represent compressed data.
- continued.gif
- This can be a link to a continued listing of a directory.
- down.gif, up.gif, left.gif, right.gif
- These can be used to scroll up, down, left and right in a
- listing or may be used to denote items in an outline.
- dir.gif
- Identical to folder.gif below.
- diskimg.gif
- This can represent floppy disk storage.
- dvi.gif
- This can represent DVI files.
- f.gif
- This might represent FORTRAN or Forth source code.
- folder.gif, folder.open.gif, folder.sec.gif
- The folder can represent directories. There is also a version
- that can represent secure directories or directories that cannot
- be viewed.
- generic.gif, generic.sec.gif, generic.red.gif
- These can represent generic files, secure files, and important
- files, respectively.
- hand.right.gif, hand.up.gif
- These can point out important items (pun intended).
- image1.gif, image2.gif, image3.gif
- These can represent image formats of various types.
- index.gif
- This might represent a WAIS index or search facility.
- layout.gif
- This might represent files and formats that contain graphics as
- well as text layout, such as HTML and PDF files.
- link.gif
- This might represent files that are symbolic links.
- movie.gif
- This can represent various movie formats.
- p.gif
- This may stand for Perl or Python source code.
- pie0.gif ... pie8.gif
- These icons can be used in applications where a list of
- documents is returned from a search. The little pie chart images
- can denote how relevant the documents may be to your search
- query.
- patch.gif
- This may stand for patches and diff files.
- portal.gif
- This might be a link to an online service or a 3D world.
- pdf.gif, ps.gif, quill.gif
- These may represent PDF and PostScript files.
- screw1.gif, screw2.gif
- These may represent CAD or engineering data and formats.
- script.gif
- This can represent any of various interpreted languages, such as
- Perl, python, TCL, and shell scripts, as well as server
- configuration files.
- sound1.gif, sound2.gif
- These can represent sound files.
- sphere1.gif, sphere2.gif
- These can represent 3D worlds or rendering applications and
- formats.
- tar.gif
- This can represent TAR archive files.
- tex.gif
- This can represent TeX files.
- text.gif
- This can represent generic (plain) text files.
- transfer.gif
- This can represent FTP transfers or uploads/downloads.
- unknown.gif
- This may represent a file of an unknown type.
- uu.gif, uuencoded.gif
- This can stand for uuencoded data.
- world1.gif, world2.gif
- These can represent 3D worlds or other 3D formats.
- Resources
- REMEDIATION - Detectify Support Center - Technology Disclosure
- MISC - Removal of the /var/www/icons alias from Apache config
- MISC - Hardening an Apache Server
- MISC - Apache hardening cheat sheet
- Script Integrity Attribute Not Implemented
- What does this mean?
- JavaScript files loaded from another domain should be verified using the integrity attribute.
- What can happen?
- If the contents loaded from another domain is not verified the browser will execute the contents without
- verifying with a correct hash.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/net/ 2.7
- 2 http://skidbooter.com/register.php 2.7
- 3 https://skidbooter.com/net/ 2.7
- 4 https://skidbooter.com/register.php 2.7
- 1. Script Integrity Attribute Not Implemented
- Summary
- Found At
- http://skidbooter.com/net/
- CVSS
- 2.7 of 10.0
- Script tags with content from domains are not using any integrity attributes.
- <script type="text/javascript" src="https://ipinfo.info/ip/js.php"></script>
- <script src="https://embed.selly.gg"></script>
- Resources
- MOZILLA - Subresource Integrity
- W3 - Subresource Integrity
- MISC - SRI Hash Generator
- MISC - Protecting your embedded content with subresource integrity (SRI)
- 1. Script Integrity Attribute Not Implemented
- Summary
- Found At
- http://skidbooter.com/register.php
- CVSS
- 2.7 of 10.0
- A script tag with content from another domain is not using an integrity attribute.
- <script src='https://www.google.com/recaptcha/api.js'></script>
- Resources
- MOZILLA - Subresource Integrity
- W3 - Subresource Integrity
- MISC - SRI Hash Generator
- MISC - Protecting your embedded content with subresource integrity (SRI)
- 1. Script Integrity Attribute Not Implemented
- Summary
- Found At
- https://skidbooter.com/net/
- CVSS
- 2.7 of 10.0
- Script tags with content from domains are not using any integrity attributes.
- <script type="text/javascript" src="https://ipinfo.info/ip/js.php"></script>
- <script src="https://embed.selly.gg"></script>
- Resources
- MOZILLA - Subresource Integrity
- W3 - Subresource Integrity
- MISC - SRI Hash Generator
- MISC - Protecting your embedded content with subresource integrity (SRI)
- 1. Script Integrity Attribute Not Implemented
- Summary
- Found At
- https://skidbooter.com/register.php
- CVSS
- 2.7 of 10.0
- A script tag with content from another domain is not using an integrity attribute.
- <script src='https://www.google.com/recaptcha/api.js'></script>
- Resources
- MOZILLA - Subresource Integrity
- W3 - Subresource Integrity
- MISC - SRI Hash Generator
- MISC - Protecting your embedded content with subresource integrity (SRI)
- Invalid HTML Content
- What does this mean?
- When creating endpoints for data, it's common to forget to set the Content-Type to a correct one, such
- as application/javascript or application/json. The default Content-Type in common webservers is
- text/html which will try to parse the content as HTML. By not setting the Content-Type yourself, you
- might risk getting the browser to parse data that should not be parsed.
- here (http://support.detectify.com/customer/portal/articles/2792289-invalid-html-content).
- What can happen?
- If an attacker can control the data of this output, and there's no proper sanitization in place, the content
- will render as HTML, thus creating a possibility of Cross-site Scripting. There are also examples where
- the endpoint is able to activate JSONP (which will wrap the JSON-data with a callback function). If this
- callback function, often provided by the GET-parameter ?callback=, is also not properly sanitized in
- combination with wrong Content-Type, you will be able to trigger an XSS just by adding
- ?callback=<script>alert(1)</script> in the URL.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/header.php 1.8
- 2 https://skidbooter.com/header.php 1.8
- 1. Invalid HTML Content
- Summary
- Found At
- http://skidbooter.com/header.php
- CVSS
- 1.8 of 10.0
- Command
- curl "http://skidbooter.com/header.php" | head
- Request Headers
- GET /header.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383d9890f16ba3-LHR
- Connection keep-alive
- Content-Encoding gzip
- Date Tue, 27 Feb 2018 04:01:02 GMT
- Content-Type text/html; charset=UTF-8
- Content was returned as HTML but is not valid. This might indicate that the Content Type is wrong.
- Access denied
- Resources
- REMEDIATION - Detectify Support Center - Invalid HTML Content
- 1. Invalid HTML Content
- Summary
- Found At
- https://skidbooter.com/header.php
- CVSS
- 1.8 of 10.0
- Command
- curl "https://skidbooter.com/header.php" | head
- Request Headers
- GET /header.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383f81999908d8-LHR
- Connection keep-alive
- Content-Encoding gzip
- Date Tue, 27 Feb 2018 04:02:21 GMT
- Content-Type text/html; charset=UTF-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Content was returned as HTML but is not valid. This might indicate that the Content Type is wrong.
- Access denied
- Resources
- REMEDIATION - Detectify Support Center - Invalid HTML Content
- Referrer-Policy Not Implemented
- What does this mean?
- No referrer policy was found in the response and browsers will therefore use their default referrer
- policy.
- What can happen?
- Browsers may send sensitive information if it is stored in the URL to external websites.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com:2082/ 1.8
- 2 http://skidbooter.com:8080/ 1.8
- 3 http://skidbooter.com:8880/ 1.8
- 4 https://skidbooter.com:2083/ 1.8
- 5 https://skidbooter.com:8443/ 1.8
- 1. Referrer-Policy Not Implemented
- Summary
- Found At
- http://skidbooter.com:2082/
- CVSS
- 1.8 of 10.0
- Request Headers
- GET / HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Host skidbooter.com:2082
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
- cf_ob_info=521:3f388765868669f5:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Response Headers
- HTTP/ 1.1 521 Origin Down
- Transfer-Encoding chunked
- Connection keep-alive
- Pragma no-cache
- X-Frame-Options SAMEORIGIN
- CF-RAY 3f38876913ae6b6d-LHR
- Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Content-Type text/html; charset=UTF-8
- Date Tue, 27 Feb 2018 04:51:26 GMT
- Expires Thu, 01 Jan 1970 00:00:01 GMT
- Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:56 GMT; path=/
- Server cloudflare
- Resources
- OWASP - Referrer-Policy
- MOZILLA - Referrer-Policy
- MOZILLA - Tighter Control Over Your Referrers
- MISC - A new security header: Referrer Policy
- MISC - Using CORS policies to implement CSRF protection
- W3C - Referrer Policy
- 1. Referrer-Policy Not Implemented
- Summary
- Found At
- http://skidbooter.com:8080/
- CVSS
- 1.8 of 10.0
- Request Headers
- GET / HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Host skidbooter.com:8080
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
- cf_ob_info=521:3f38877d243c69f5:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Response Headers
- HTTP/ 1.1 521 Origin Down
- Transfer-Encoding chunked
- Connection keep-alive
- Pragma no-cache
- X-Frame-Options SAMEORIGIN
- Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Content-Type text/html; charset=UTF-8
- Date Tue, 27 Feb 2018 04:51:29 GMT
- Expires Thu, 01 Jan 1970 00:00:01 GMT
- Set-Cookie cf_use_ob=8080; expires=Tue, 27-Feb-18 04:51:59 GMT;
- path=/,cf_ob_info=521:3f38877df46a69f5:LHR; expires=Tue, 27-Feb-18
- 04:51:59 GMT; path=/
- Server cloudflare
- CF-RAY 3f38877df46a69f5-LHR
- Resources
- OWASP - Referrer-Policy
- MOZILLA - Referrer-Policy
- MOZILLA - Tighter Control Over Your Referrers
- MISC - A new security header: Referrer Policy
- MISC - Using CORS policies to implement CSRF protection
- W3C - Referrer Policy
- 1. Referrer-Policy Not Implemented
- Summary
- Found At
- http://skidbooter.com:8880/
- CVSS
- 1.8 of 10.0
- Request Headers
- GET / HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Host skidbooter.com:8880
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=0;
- cf_ob_info=521:3f38877df46a69f5:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Response Headers
- HTTP/ 1.1 521 Origin Down
- Transfer-Encoding chunked
- Connection keep-alive
- Pragma no-cache
- X-Frame-Options SAMEORIGIN
- CF-RAY 3f38877f01ed6abb-LHR
- Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Content-Type text/html; charset=UTF-8
- Date Tue, 27 Feb 2018 04:51:29 GMT
- Expires Thu, 01 Jan 1970 00:00:01 GMT
- Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:59 GMT; path=/
- Server cloudflare
- Resources
- OWASP - Referrer-Policy
- MOZILLA - Referrer-Policy
- MOZILLA - Tighter Control Over Your Referrers
- MISC - A new security header: Referrer Policy
- MISC - Using CORS policies to implement CSRF protection
- W3C - Referrer Policy
- 1. Referrer-Policy Not Implemented
- Summary
- Found At
- https://skidbooter.com:2083/
- CVSS
- 1.8 of 10.0
- Request Headers
- GET / HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Host skidbooter.com:2083
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=8080;
- cf_ob_info=521:3f38877d243c69f5:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Response Headers
- HTTP/ 1.1 521 Origin Down
- Transfer-Encoding chunked
- Connection keep-alive
- Pragma no-cache
- X-Frame-Options SAMEORIGIN
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- CF-RAY 3f38877dbd226b7f-LHR
- Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Content-Type text/html; charset=UTF-8
- Date Tue, 27 Feb 2018 04:51:29 GMT
- Expires Thu, 01 Jan 1970 00:00:01 GMT
- Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:59 GMT; path=/
- Server cloudflare
- Resources
- OWASP - Referrer-Policy
- MOZILLA - Referrer-Policy
- MOZILLA - Tighter Control Over Your Referrers
- MISC - A new security header: Referrer Policy
- MISC - Using CORS policies to implement CSRF protection
- W3C - Referrer Policy
- 1. Referrer-Policy Not Implemented
- Summary
- Found At
- https://skidbooter.com:8443/
- CVSS
- 1.8 of 10.0
- Request Headers
- GET / HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Host skidbooter.com:8443
- Cookie PHPSESSID=ulku1f5lqq47vebo3r7r4roud2; cf_use_ob=8080;
- cf_ob_info=521:3f388765467669f5:LHR;
- __cfduid=d46e91a563d84934e6787a1e6f679f93e1519703383
- Cache-Control no-store, no-cache
- Pragma no-cache
- Response Headers
- HTTP/ 1.1 521 Origin Down
- Transfer-Encoding chunked
- Connection keep-alive
- Pragma no-cache
- X-Frame-Options SAMEORIGIN
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- CF-RAY 3f3887658adf6b67-LHR
- Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Content-Type text/html; charset=UTF-8
- Date Tue, 27 Feb 2018 04:51:25 GMT
- Expires Thu, 01 Jan 1970 00:00:01 GMT
- Set-Cookie cf_use_ob=0; expires=Tue, 27-Feb-18 04:51:55 GMT; path=/
- Server cloudflare
- Resources
- OWASP - Referrer-Policy
- MOZILLA - Referrer-Policy
- MOZILLA - Tighter Control Over Your Referrers
- MISC - A new security header: Referrer Policy
- MISC - Using CORS policies to implement CSRF protection
- W3C - Referrer Policy
- Empty Document
- What does this mean?
- We found resources that appear to be serving HTML, although without any content. This may be an
- indication of backend errors or legacy code.
- here (http://support.detectify.com/customer/portal/articles/2792028-empty-document).
- What can happen?
- There is no risk by serving zero sized documents, but it might be worth noticing that the files exist and
- that they can be externally accessible.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/test.php 0.8
- 2 https://skidbooter.com/test.php 0.8
- 1. Empty Document
- Summary
- Found At
- http://skidbooter.com/test.php
- CVSS
- 0.8 of 10.0
- Request Headers
- GET /test.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383dc9d4266ba3-LHR
- Connection keep-alive
- Content-Encoding gzip
- Date Tue, 27 Feb 2018 04:01:10 GMT
- Content-Type text/html; charset=UTF-8
- Resources
- REMEDIATION - Detectify Support Center - Empty Document
- 1. Empty Document
- Summary
- Found At
- https://skidbooter.com/test.php
- CVSS
- 0.8 of 10.0
- Request Headers
- GET /test.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383d6f5e256b6d-LHR
- Connection keep-alive
- Content-Encoding gzip
- Date Tue, 27 Feb 2018 04:00:56 GMT
- Content-Type text/html; charset=UTF-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Empty Document
- Crawled URL's
- What does this mean?
- This finding is generated for debugging purposes. A link is associated with this finding containing a
- CSV file with all crawled URL's.
- What can happen?
- A scan might take too long due to representative content on the application. Vulnerabilities may also
- be missed if Detectify lack coverage in some area of the application. If you suspect Detectify can
- perform better, then take a look at the associated CSV.
- Summary
- Entry Found at CVSS
- 1 skidbooter.com 0
- 1. Crawled URL's
- Summary
- Found At
- skidbooter.com
- CVSS
- 0 of 10.0
- Detectify tried to access 941 URL's, 513 of these were identified as unique during crawling and
- went through further testing.
- Resources
- DETECTIFY - Download Crawled URL's CSV
- Discovered Host(s)
- What does this mean?
- Detectify has found the following hosts. This is in no way a vulnerability, but should be considered an
- indicator for what has been covered.
- here (http://support.detectify.com/customer/portal/articles/2792024-discovered-endpoint).
- Summary
- Entry Found at CVSS
- 1 skidbooter.com 0
- 1. Discovered Host(s)
- Summary
- Found At
- skidbooter.com
- CVSS
- 0 of 10.0
- Detectify found and tried to access 1 domain, and have analyzed it for security flaws.
- skidbooter.com:
- > 104.18.50.60
- 80/tcp open
- 443/tcp open
- 2082/tcp open
- 2083/tcp open
- 8080/tcp open
- 8443/tcp open
- 8880/tcp open
- 1443/tcp closed
- 3000/tcp closed
- 3001/tcp closed
- 3128/tcp closed
- 3790/tcp closed
- 4443/tcp closed
- 4444/tcp closed
- 4502/tcp closed
- 4505/tcp closed
- 4567/tcp closed
- 5000/tcp closed
- 5050/tcp closed
- 5051/tcp closed
- 6443/tcp closed
- 7001/tcp closed
- 8001/tcp closed
- 8069/tcp closed
- 8081/tcp closed
- 8089/tcp closed
- 8090/tcp closed
- 8111/tcp closed
- 8161/tcp closed
- 8181/tcp closed
- 8500/tcp closed
- 8888/tcp closed
- 8983/tcp closed
- 9000/tcp closed
- 9001/tcp closed
- 9002/tcp closed
- 9003/tcp closed
- 9090/tcp closed
- 9200/tcp closed
- 11211/tcp closed
- 16686/tcp closed
- 17000/tcp closed
- 61680/tcp closed
- 61681/tcp closed
- > 104.18.51.60
- 80/tcp open
- 443/tcp open
- 2082/tcp open
- 2083/tcp open
- 8080/tcp open
- 8443/tcp open
- 8880/tcp open
- 1443/tcp closed
- 3000/tcp closed
- 3001/tcp closed
- 3128/tcp closed
- 3790/tcp closed
- 4443/tcp closed
- 4444/tcp closed
- 4502/tcp closed
- 4505/tcp closed
- 4567/tcp closed
- 5000/tcp closed
- 5050/tcp closed
- 5051/tcp closed
- 6443/tcp closed
- 7001/tcp closed
- 8001/tcp closed
- 8069/tcp closed
- 8081/tcp closed
- 8089/tcp closed
- 8090/tcp closed
- 8111/tcp closed
- 8161/tcp closed
- 8181/tcp closed
- 8500/tcp closed
- 8888/tcp closed
- 8983/tcp closed
- 9000/tcp closed
- 9001/tcp closed
- 9002/tcp closed
- 9003/tcp closed
- 9090/tcp closed
- 9200/tcp closed
- 11211/tcp closed
- 16686/tcp closed
- 17000/tcp closed
- 61680/tcp closed
- 61681/tcp closed
- > 2400:cb00:2048:1::6812:323c
- 80/tcp closed
- 443/tcp closed
- 1443/tcp closed
- 2082/tcp closed
- 2083/tcp closed
- 3000/tcp closed
- 3001/tcp closed
- 3128/tcp closed
- 3790/tcp closed
- 4443/tcp closed
- 4444/tcp closed
- 4502/tcp closed
- 4505/tcp closed
- 4567/tcp closed
- 5000/tcp closed
- 5050/tcp closed
- 5051/tcp closed
- 6443/tcp closed
- 7001/tcp closed
- 8001/tcp closed
- 8069/tcp closed
- 8080/tcp closed
- 8081/tcp closed
- 8089/tcp closed
- 8090/tcp closed
- 8111/tcp closed
- 8161/tcp closed
- 8181/tcp closed
- 8443/tcp closed
- 8500/tcp closed
- 8880/tcp closed
- 8888/tcp closed
- 8983/tcp closed
- 9000/tcp closed
- 9001/tcp closed
- 9002/tcp closed
- 9003/tcp closed
- 9090/tcp closed
- 9200/tcp closed
- 11211/tcp closed
- 16686/tcp closed
- 17000/tcp closed
- 61680/tcp closed
- 61681/tcp closed
- > 2400:cb00:2048:1::6812:333c
- 80/tcp closed
- 443/tcp closed
- 1443/tcp closed
- 2082/tcp closed
- 2083/tcp closed
- 3000/tcp closed
- 3001/tcp closed
- 3128/tcp closed
- 3790/tcp closed
- 4443/tcp closed
- 4444/tcp closed
- 4502/tcp closed
- 4505/tcp closed
- 4567/tcp closed
- 5000/tcp closed
- 5050/tcp closed
- 5051/tcp closed
- 6443/tcp closed
- 7001/tcp closed
- 8001/tcp closed
- 8069/tcp closed
- 8080/tcp closed
- 8081/tcp closed
- 8089/tcp closed
- 8090/tcp closed
- 8111/tcp closed
- 8161/tcp closed
- 8181/tcp closed
- 8443/tcp closed
- 8500/tcp closed
- 8880/tcp closed
- 8888/tcp closed
- 8983/tcp closed
- 9000/tcp closed
- 9001/tcp closed
- 9002/tcp closed
- 9003/tcp closed
- 9090/tcp closed
- 9200/tcp closed
- 11211/tcp closed
- 16686/tcp closed
- 17000/tcp closed
- 61680/tcp closed
- 61681/tcp closed
- Email Enumeration
- What does this mean?
- The web site reveals one or more email addresses in plain text.
- here (http://support.detectify.com/customer/portal/articles/2792087-email-enumeration).
- What can happen?
- Spammers can easily gather these email addresess and use them in spam campaigns. An attacker
- may also use those email adressess for spear phishing and other attacks.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/phpmyadmin/js/get_scripts.js.php 0
- 1. Email Enumeration
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/js/get_scripts.js.php
- CVSS
- 0 of 10.0
- Request Headers
- GET /phpmyadmin/js/get_scripts.js.php?token=f10a2fcd6f4ab975dff1359e7001ccb5&scripts%5
- B%5D=jquery/jquery-1.8.3.min.js&scripts%5B%5D=ajax.js&scripts%5B%5D=keyhandler.js&scri
- pts%5B%5D=jquery/jquery-ui-1.9.2.custom.min.js&scripts%5B%5D=jquery/jquery.sprintf.js&scri
- pts%5B%5D=jquery/jquery.cookie.js&scripts%5B%5D=jquery/jquery.mousewheel.js&scripts%5
- B%5D=jquery/jquery.event.drag-2.2.js&scripts%5B%5D=jquery/jquery-ui-timepicker-addon.js&s
- cripts%5B%5D=jquery/jquery.ba-hashchange-1.3.js&scripts%5B%5D=jquery/jquery.debounce-1
- .0.5.js&scripts%5B%5D=jquery/jquery.menuResizer-1.0.js&scripts%5B%5D=cross_framing_prot
- ection.js&scripts%5B%5D=rte.js&scripts%5B%5D=tracekit/tracekit.js&scripts%5B%5D=error_re
- port.js&scripts%5B%5D=doclinks.js&scripts%5B%5D=functions.js&scripts%5B%5D=navigation.
- js&scripts%5B%5D=indexes.js&scripts%5B%5D=common.js&scripts%5B%5D=codemirror/lib/c
- odemirror.js&scripts%5B%5D=codemirror/mode/sql/sql.js&scripts%5B%5D=codemirror/addon/r
- unmode/runmode.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/phpmyadmin/index.php?db=&table=&lang=en&collation
- _connection=utf8_general_ci&token=561988dc337f5e14462e9e1d9d786982&
- lang=pt
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f38478d343e6a61-LHR
- Connection keep-alive
- Content-Encoding gzip
- Expires Tue, 27 Feb 2018 05:08:53 GMT
- Date Tue, 27 Feb 2018 04:07:50 GMT
- Content-Type text/javascript; charset=UTF-8
- Email
- alpha@zforms.ru
- Email
- klaus.hartl@stilbuero.de
- Resources
- REMEDIATION - Detectify Support Center - Email enumeration
- External Resources
- What does this mean?
- The web site includes resources hosted on an external domain (without utilising SRI).
- knowledge base (https://support.detectify.com/customer/portal/articles/2792106-external-resources).
- here (https://blog.detectify.com/2016/10/27/cdns-minimize-damages-if-the-cdn-is-hacked/), from the
- title 'Integrity attribute' and then the rest of the article.
- What can happen?
- The owner of the domain the resources are loaded from has control of the resources and can change it
- without the owner of the web site knowing. By doing so, the owner of the domain the resources are
- loaded from can also affect the web site loading the resources.
- This could be done by the owner of the external domain or an attacker who manages to hack it.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/net/ 0
- 2 http://skidbooter.com/register.php 0
- 1. External Resources
- Summary
- Found At
- http://skidbooter.com/net/
- CVSS
- 0 of 10.0
- Request Headers
- GET /net/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383d7951fd6ba3-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Last-Modified Tue, 27 Feb 2018 00:24:20 GMT
- Date Tue, 27 Feb 2018 04:00:57 GMT
- Content-Type text/html
- https://ipinfo.info/ip/js.php
- https://embed.selly.gg/
- Resources
- REMEDIATION - Detectify Support Center - External Resources
- 1. External Resources
- Summary
- Found At
- http://skidbooter.com/register.php
- CVSS
- 0 of 10.0
- Request Headers
- GET /register.php HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Cache-Control no-store, no-cache, must-revalidate
- Server cloudflare
- CF-RAY 3f383f06059e6a9d-LHR
- Connection keep-alive
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 19 Nov 1981 08:52:00 GMT
- Pragma no-cache
- Date Tue, 27 Feb 2018 04:02:01 GMT
- Content-Type text/html; charset=UTF-8
- https://www.google.com/recaptcha/api.js
- Resources
- REMEDIATION - Detectify Support Center - External Resources
- Fingerprinted Software
- What does this mean?
- When Detectify audits an application, it collects various fingerprints that indicate what software is
- running. These fingerprints then allow Detectify to run specific tests when the time is right.
- Please make sure Detectify provide accurate data for these fingerprints, by sending us a message in
- the feedback form on the finding details page.
- What can happen?
- Invalid fingerprints may cause a audit to take longer, and the lack of fingerprints may cause Detectify
- to miss running specific tests.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/ 0
- 2 https://skidbooter.com/ 0
- 1. Fingerprinted Software
- Summary
- Found At
- http://skidbooter.com/
- CVSS
- 0 of 10.0
- Vendor: apache
- Software: http_server
- Confidence: 100
- Software: jquery
- Version: 2.1.4
- Confidence: 100
- Resources
- DETECTIFY - An intelligent way to look for vulnerabilities
- DETECTIFY - What's under the hood
- 1. Fingerprinted Software
- Summary
- Found At
- https://skidbooter.com/
- CVSS
- 0 of 10.0
- Vendor: apache
- Software: http_server
- Confidence: 100
- Software: jquery
- Version: 2.1.4
- Confidence: 100
- Resources
- DETECTIFY - An intelligent way to look for vulnerabilities
- DETECTIFY - What's under the hood
- HTML Comments
- What does this mean?
- knowledge base (http://support.detectify.com/customer/en/portal/articles/2243487-html-comments).
- What can happen?
- The snippets of code within comments will remain inactive until you remove the comment brackets.
- The comments might also contain sensitive information not meant for the public.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/phpmyadmin/ 0
- 2 http://skidbooter.com:8080/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWH
- VDRMj0.js
- 0
- 1. HTML Comments
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/
- CVSS
- 0 of 10.0
- <!-- Login form -->
- Resources
- REMEDIATION - Detectify Support Center - HTML Comments
- 1. HTML Comments
- Summary
- Found At
- http://skidbooter.com:8080/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWH
- VDRMj0.js
- CVSS
- 0 of 10.0
- <!-- /.error-overview -->
- <!-- /.status-display -->
- <!-- /.section -->
- <!-- /.error-footer -->
- <!-- /#cf-error-details -->
- <!-- /#cf-wrapper -->
- Resources
- REMEDIATION - Detectify Support Center - HTML Comments
- Lacking DMARC Policy
- What does this mean?
- The domain lacks a DMARC policy.
- our knowledge base
- (http://support.detectify.com/customer/en/portal/articles/2466214-missing-insufficient-dmarc-record).
- What can happen?
- An attacker will be able to spoof emails originating from any subdomain having either an A, AAAA or
- MX record. In most clients, this is possible regardless of whether SPF policies are in place.
- Summary
- Entry Found at CVSS
- 1 _dmarc.skidbooter.com 0
- 1. Lacking DMARC Policy
- Summary
- Found At
- _dmarc.skidbooter.com
- CVSS
- 0 of 10.0
- Command
- nslookup.exe -type=TXT _dmarc.skidbooter.com
- Consider adding a DMARC policy on _dmarc.skidbooter.com and set the directive "p" to "reject".
- Resources
- REMEDIATION - Detectify Support Center - Missing/insufficient DMARC record
- DETECTIFY - Misconfigured email servers open the door to spoofed emails from top domains
- DETECTIFY - How to identify a phishing email
- Missing Content Type
- What does this mean?
- The file is being served with a lacking content type header.
- here (http://support.detectify.com/customer/portal/articles/2792285-missing-content-type).
- What can happen?
- It may be possible to conduct XSS attacks against Internet Exporer users, as Internet Explorer
- recognizes files served with lacking content type as HTML.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/assets/fonts/fontawesome-webfont.woff2 0
- 2 http://skidbooter.com/assets/fonts/glyphicons-halflings-regular.woff2 0
- 3 http://skidbooter.com/error.log 0
- 4 http://skidbooter.com/error_log 0
- 5 https://skidbooter.com/error.log 0
- 6 https://skidbooter.com/error_log 0
- 1. Missing Content Type
- Summary
- Found At
- http://skidbooter.com/assets/fonts/fontawesome-webfont.woff2
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/fonts/fontawesome-webfont.woff2 HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- Server cloudflare
- CF-RAY 3f38596c864469d7-LHR
- ETag "ddcc-5471db94ce000"
- Connection keep-alive
- Vary Accept-Encoding
- Last-Modified Sat, 28 Jan 2017 01:44:32 GMT
- Expires Tue, 27 Feb 2018 08:20:02 GMT
- Content-Length 56780
- Date Tue, 27 Feb 2018 04:20:02 GMT
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- 1. Missing Content Type
- Summary
- Found At
- http://skidbooter.com/assets/fonts/glyphicons-halflings-regular.woff2
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- Server cloudflare
- CF-RAY 3f38596e56a869d7-LHR
- ETag "466c-5471db92e5b80"
- Connection keep-alive
- Vary Accept-Encoding
- Last-Modified Sat, 28 Jan 2017 01:44:30 GMT
- Expires Tue, 27 Feb 2018 08:20:02 GMT
- Content-Length 18028
- Date Tue, 27 Feb 2018 04:20:02 GMT
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- 1. Missing Content Type
- Summary
- Found At
- http://skidbooter.com/error.log
- CVSS
- 0 of 10.0
- Request Headers
- GET /error.log HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- Server cloudflare
- CF-RAY 3f383d52c1756ba3-LHR
- ETag "3cc-565d91d0074f1"
- Connection keep-alive
- Last-Modified Fri, 23 Feb 2018 03:54:12 GMT
- Content-Length 972
- Date Tue, 27 Feb 2018 04:00:51 GMT
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- 1. Missing Content Type
- Summary
- Found At
- http://skidbooter.com/error_log
- CVSS
- 0 of 10.0
- Request Headers
- GET /error_log HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- Server cloudflare
- CF-RAY 3f383ee017246a9d-LHR
- ETag "426f7-548d5e793a480"
- Connection keep-alive
- Last-Modified Sat, 18 Feb 2017 22:53:54 GMT
- Content-Length 272119
- Date Tue, 27 Feb 2018 04:01:55 GMT
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- 1. Missing Content Type
- Summary
- Found At
- https://skidbooter.com/error.log
- CVSS
- 0 of 10.0
- Request Headers
- GET /error.log HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- Server cloudflare
- CF-RAY 3f383ee22ab408d8-LHR
- ETag "3cc-565d91d0074f1"
- Connection keep-alive
- Last-Modified Fri, 23 Feb 2018 03:54:12 GMT
- Content-Length 972
- Date Tue, 27 Feb 2018 04:01:55 GMT
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- 1. Missing Content Type
- Summary
- Found At
- https://skidbooter.com/error_log
- CVSS
- 0 of 10.0
- Request Headers
- GET /error_log HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Accept-Ranges bytes
- Server cloudflare
- CF-RAY 3f383d532d676b6d-LHR
- ETag "426f7-548d5e793a480"
- Connection keep-alive
- Last-Modified Sat, 18 Feb 2017 22:53:54 GMT
- Content-Length 272119
- Date Tue, 27 Feb 2018 04:00:51 GMT
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Missing Content Type
- MOZILLA - Incomplete list of MIME types
- MOZILLA - MIME types
- Remote Administration Portal
- What does this mean?
- A remote administration interface has been found.
- here (http://support.detectify.com/customer/portal/articles/2792091-remote-administration-portal).
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/phpmyadmin/ 0
- 2 http://skidbooter.com/phpmyadmin/index.php 0
- 3 https://skidbooter.com/phpmyadmin/ 0
- 4 https://skidbooter.com/phpmyadmin/index.php 0
- 1. Remote Administration Portal
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/
- CVSS
- 0 of 10.0
- Request Headers
- GET /phpmyadmin/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383dcbd49e6ba3-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:02:13 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:01:11 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie phpMyAdmin=eu17m73p9v9uf8clqgjpmumleeoha6pr; path=/phpmyadmin/;
- HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:02:13 +0000
- Content-Type text/html; charset=utf-8
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>Log in<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
- class="icon ic_b_help"></a></legend><div class="item">
- <label for="input_username">Username:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">Password:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
- name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
- value="561988dc337f5e14462e9e1d9d786982"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Remote Administration Portal
- 1. Remote Administration Portal
- Summary
- Found At
- http://skidbooter.com/phpmyadmin/index.php
- CVSS
- 0 of 10.0
- Request Headers
- GET
- /phpmyadmin/index.php?db=&table=&token=26ca6934e2761ab5d3c53cf3f82f1f5d&lang=ia
- HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383f8332976b55-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:03:24 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:02:21 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:
- *.tile.openstreetmap.org *.tile.opencyclemap.org ;
- Content-Encoding gzip
- Set-Cookie pma_lang=ia; expires=Thu, 29-Mar-2018 04:03:24 GMT; Max-Age=2592000;
- path=/phpmyadmin/; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:03:24 +0000
- Content-Type text/html; charset=utf-8
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>Log in<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
- class="icon ic_b_help"></a></legend><div class="item">
- <label for="input_username">Username:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">Contrasigno:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="Vade" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="token"
- value="ed03f5241d278db93cac7a89eb07c6e2"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Remote Administration Portal
- 1. Remote Administration Portal
- Summary
- Found At
- https://skidbooter.com/phpmyadmin/
- CVSS
- 0 of 10.0
- Request Headers
- GET /phpmyadmin/ HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f383c400cd96b6d-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:01:10 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:00:07 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
- Content-Encoding gzip
- Set-Cookie phpMyAdmin=7r9g3tef4h2mgv0bi762uhstc86kedon; path=/phpmyadmin/;
- secure; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:01:10 +0000
- Content-Type text/html; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>Log in<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"
- class="icon ic_b_help"></a></legend><div class="item">
- <label for="input_username">Username:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">Password:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="Go" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="lang" value="en"><input type="hidden"
- name="collation_connection" value="utf8_general_ci"><input type="hidden" name="token"
- value="bf688cd605ca26c573f7780ba004d76e"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Remote Administration Portal
- 1. Remote Administration Portal
- Summary
- Found At
- https://skidbooter.com/phpmyadmin/index.php
- CVSS
- 0 of 10.0
- Request Headers
- GET
- /phpmyadmin/index.php?db=&table=&token=5ffe82f52c3eb64dc8d984adc59d613a&lang=ko
- HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare
- CF-RAY 3f384197ae796a67-LHR
- Connection keep-alive
- Last-Modified Tue, 27 Feb 2018 04:04:49 +0000
- X-Content-Security-Policy default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;
- Pragma no-cache
- X-ob_mode 0
- Date Tue, 27 Feb 2018 04:03:46 GMT
- X-WebKit-CSP default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer
- no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;
- X-Frame-Options DENY
- Cache-Control no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
- Content-Security-Policy default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self'
- 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ;
- Content-Encoding gzip
- Set-Cookie pma_lang=ko; expires=Thu, 29-Mar-2018 04:04:49 GMT; Max-Age=2592000;
- path=/phpmyadmin/; secure; HttpOnly
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 04:04:49 +0000
- Content-Type text/html; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- <form method="post" action="index.php" name="login_form" class="disableAjax login hide
- js-show">
- <fieldset>
- <legend>???<a
- href="./url.php?url=http%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Findex.html"
- target="documentation"><img src="themes/dot.gif" title="??" alt="??" class="icon
- ic_b_help"></a></legend><div class="item">
- <label for="input_username">????:</label>
- <input type="text" name="pma_username" id="input_username" value="" size="24"
- class="textfield">
- </div>
- <div class="item">
- <label for="input_password">??:</label>
- <input type="password" name="pma_password" id="input_password" value=""
- size="24" class="textfield">
- </div> <input type="hidden" name="server" value="1"></fieldset>
- <fieldset class="tblFooters">
- <input value="??" type="submit" id="input_go"><input type="hidden" name="target"
- value="index.php"><input type="hidden" name="token"
- value="846ca674e79a22754971ed20bd51705f"></fieldset>
- </form>
- Resources
- REMEDIATION - Detectify Support Center - Remote Administration Portal
- Service Providers
- What does this mean?
- The listed providers are authorized to host different parts of your infrastructure.
- here (http://support.detectify.com/customer/portal/articles/2792249-service-providers).
- What can happen?
- Anyone can retrieve this data. It's only here to serve as an indicator of what vendors have access to.
- Summary
- Entry Found at CVSS
- 1 skidbooter.com 0
- 1. Service Providers
- Summary
- Found At
- skidbooter.com
- CVSS
- 0 of 10.0
- service_provider_name
- jocelyn.ns.cloudflare.com
- service_provider_host
- CloudFlare
- Resources
- REMEDIATION - Detectify Support Center - Service Providers
- Content Sniffing
- What does this mean?
- The web site lacks content sniffing hardening techniques.
- here (http://support.detectify.com/customer/portal/articles/2792034-content-sniffing).
- What can happen?
- This may open up for XSS attacks as browsers will attempt to guess how to render specific resources
- without the correct policies.
- Summary
- Entry Found at CVSS
- 1 http://skidbooter.com/assets/css/oneui.css 0
- 2 http://skidbooter.com/assets/js/app.js 0
- 3 http://skidbooter.com/assets/js/core/bootstrap.min.js 0
- 4 http://skidbooter.com/assets/js/core/jquery.appear.min.js 0
- 5 http://skidbooter.com/assets/js/core/jquery.countTo.min.js 0
- 6 http://skidbooter.com/assets/js/core/jquery.min.js 0
- 7 http://skidbooter.com/assets/js/core/jquery.placeholder.min.js 0
- 8 http://skidbooter.com/assets/js/core/jquery.scrollLock.min.js 0
- 9 http://skidbooter.com/assets/js/core/jquery.slimscroll.min.js 0
- 10 http://skidbooter.com/assets/js/core/js.cookie.min.js 0
- 11 http://skidbooter.com/assets/js/pages/base_pages_login.js 0
- 12 http://skidbooter.com/assets/js/pages/base_pages_register.js 0
- 13 http://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js 0
- 14 http://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js 0
- 15 http://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRM
- j0.js
- 0
- 16 http://skidbooter.com:2082/cdn-cgi/scripts/jquery.min.js 0
- 17 http://skidbooter.com:8080/cdn-cgi/scripts/jquery.min.js 0
- 18 http://skidbooter.com:8880/cdn-cgi/scripts/jquery.min.js 0
- 19 https://skidbooter.com/assets/js/app.js 0
- 20 https://skidbooter.com/assets/js/core/bootstrap.min.js 0
- 21 https://skidbooter.com/assets/js/core/jquery.appear.min.js 0
- 22 https://skidbooter.com/assets/js/core/jquery.countTo.min.js 0
- 23 https://skidbooter.com/assets/js/core/jquery.min.js 0
- 24 https://skidbooter.com/assets/js/core/jquery.placeholder.min.js 0
- 25 https://skidbooter.com/assets/js/core/jquery.scrollLock.min.js 0
- 26 https://skidbooter.com/assets/js/core/jquery.slimscroll.min.js 0
- 27 https://skidbooter.com/assets/js/core/js.cookie.min.js 0
- 28 https://skidbooter.com/assets/js/pages/base_pages_login.js 0
- 29 https://skidbooter.com/assets/js/pages/base_pages_register.js 0
- 30 https://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js 0
- 31 https://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js 0
- 32 https://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDR
- Mj0.js
- 0
- 33 https://skidbooter.com:2083/cdn-cgi/scripts/jquery.min.js 0
- 34 https://skidbooter.com:8443/cdn-cgi/scripts/jquery.min.js 0
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/css/oneui.css
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/css/oneui.css HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f38564f04e06b55-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:44:28 GMT
- Date Tue, 27 Feb 2018 04:17:55 GMT
- Accept-Ranges bytes
- CF-Cache-Status EXPIRED
- Cache-Control public, max-age=14400
- ETag "5c54e-5471db90fd700-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:17:55 GMT
- Content-Length 48536
- Content-Type text/css
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/app.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/app.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8b85d96ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "a649-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 7820
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/bootstrap.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/bootstrap.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8aa5a86ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:16 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "8c75-5471dbbec4300-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 9546
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.appear.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.appear.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8b05c36ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "63a-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 770
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.countTo.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.countTo.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8b35c66ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "7ec-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 771
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d89d5716ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "1497d-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 29541
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.placeholder.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.placeholder.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8b45cb6ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "a36-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 1103
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.scrollLock.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.scrollLock.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8af5ba6ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "4ad-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 639
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/jquery.slimscroll.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.slimscroll.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8ad5b36ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "1256-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 1892
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/core/js.cookie.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/js.cookie.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8b65d16ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "6d8-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 925
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/pages/base_pages_login.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/pages/base_pages_login.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8bc5eb6ba3-LHR
- Connection keep-alive
- Last-Modified Fri, 23 Feb 2018 20:29:11 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "7a2-565e7035053c0-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 647
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/pages/base_pages_register.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/pages/base_pages_register.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383f1187fb6a9d-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:18 GMT
- Date Tue, 27 Feb 2018 04:02:03 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "a72-5471dbc0ac780-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:02:03 GMT
- Content-Length 738
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/plugins/jquery-validation/jquery.validate.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d8ba5e06ba3-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:47:22 GMT
- Date Tue, 27 Feb 2018 04:01:00 GMT
- Accept-Ranges bytes
- CF-Cache-Status HIT
- Cache-Control public, max-age=14400
- ETag "5453-5471dc36ede80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:01:00 GMT
- Content-Length 6792
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/admin
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383c1f403e6a19-LHR
- Connection keep-alive
- Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
- x-amz-version-id w.wSVPaYjMxx1soiGl19r3EvvWkBEYvz
- Date Tue, 27 Feb 2018 04:00:02 GMT
- CF-Cache-Status HIT
- Cache-Control public, max-age=31536000
- ETag "e5e5fc7485dfaf68a6d7b07439259e36"
- Content-Encoding gzip
- Vary Accept-Encoding
- x-amz-request-id 02524C316DFF8C8D
- Expires Wed, 27 Feb 2019 04:00:02 GMT
- Content-Length 9046
- x-amz-id-2 jJkGw+HyHhk++0sXKZWLit3le3WaZQKWewIerQEmr271GzGeLPoW3/6twZs
- 4NAzh8EZLEyICRL8=
- Content-Type application/javascript; charset=utf-8
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRM
- j0.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRMj0.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer http://skidbooter.com/admin
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383c1e90196a19-LHR
- Connection keep-alive
- Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
- x-amz-version-id rqjMVQL2I4Kk8KXt5xKMt.azipcuj0Xx
- Date Tue, 27 Feb 2018 04:00:02 GMT
- CF-Cache-Status HIT
- Cache-Control public, max-age=31536000
- ETag "977879dedb46f380cf93614586210c96"
- Content-Encoding gzip
- Vary Accept-Encoding
- x-amz-request-id 7A89128BAA9F1933
- Expires Wed, 27 Feb 2019 04:00:02 GMT
- Content-Length 4056
- x-amz-id-2 TNQyfLK2iMK1OJJueLPJI2r4NJJtNNxKryer3L24drEhMXD5+SWBHGgURVH
- MbSVakX0KjoQx/FU=
- Content-Type application/javascript; charset=utf-8
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com:2082/cdn-cgi/scripts/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare-nginx
- CF-RAY 3f384c35a7556a49-LHR
- Connection keep-alive
- Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
- Date Tue, 27 Feb 2018 04:11:01 GMT
- X-Frame-Options SAMEORIGIN
- Cache-Control max-age=172800
- ETag W/"5a8d4a16-17bdc"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 01 Mar 2018 04:11:01 GMT
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com:8080/cdn-cgi/scripts/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare-nginx
- CF-RAY 3f384c8ae64006c4-LHR
- Connection keep-alive
- Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
- Date Tue, 27 Feb 2018 04:11:15 GMT
- X-Frame-Options SAMEORIGIN
- Cache-Control max-age=172800
- ETag W/"5a8d4a16-17bdc"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 01 Mar 2018 04:11:15 GMT
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- http://skidbooter.com:8880/cdn-cgi/scripts/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare-nginx
- CF-RAY 3f3855d7668f6a01-LHR
- Connection keep-alive
- Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
- Date Tue, 27 Feb 2018 04:17:35 GMT
- X-Frame-Options SAMEORIGIN
- Cache-Control max-age=172800
- ETag W/"5a8d4a16-17bdc"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 01 Mar 2018 04:17:35 GMT
- Content-Type application/javascript
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/app.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/app.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bf68dca69d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 03:59:56 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "a649-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:56 GMT
- Content-Length 7820
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/bootstrap.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/bootstrap.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bebba9969d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:16 GMT
- Date Tue, 27 Feb 2018 03:59:54 GMT
- Accept-Ranges bytes
- CF-Cache-Status EXPIRED
- Cache-Control public, max-age=14400
- ETag "8c75-5471dbbec4300-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:54 GMT
- Content-Length 9546
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.appear.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.appear.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383becaae469d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 03:59:54 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "63a-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:54 GMT
- Content-Length 770
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.countTo.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.countTo.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bef0b8e69d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 03:59:55 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "7ec-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:55 GMT
- Content-Length 771
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383be9c9f369d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 03:59:53 GMT
- Accept-Ranges bytes
- CF-Cache-Status EXPIRED
- Cache-Control public, max-age=14400
- ETag "1497d-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:53 GMT
- Content-Length 29541
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.placeholder.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.placeholder.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bf54d6c69d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:14 GMT
- Date Tue, 27 Feb 2018 03:59:55 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "a36-5471dbbcdbe80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:55 GMT
- Content-Length 1103
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.scrollLock.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.scrollLock.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bec7ad969d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 03:59:54 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "4ad-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:54 GMT
- Content-Length 639
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/jquery.slimscroll.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/jquery.slimscroll.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bec4ace69d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 03:59:54 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "1256-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:54 GMT
- Content-Length 1892
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/core/js.cookie.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/core/js.cookie.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bf64db069d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:12 GMT
- Date Tue, 27 Feb 2018 03:59:55 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "6d8-5471dbbaf3a00-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:55 GMT
- Content-Length 925
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/pages/base_pages_login.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/pages/base_pages_login.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/login.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383d42ff0d6b6d-LHR
- Connection keep-alive
- Last-Modified Fri, 23 Feb 2018 20:29:11 GMT
- Date Tue, 27 Feb 2018 04:00:49 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "7a2-565e7035053c0-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 08:00:49 GMT
- Content-Length 647
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/pages/base_pages_register.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/pages/base_pages_register.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bfbbf6869d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:45:18 GMT
- Date Tue, 27 Feb 2018 03:59:56 GMT
- Accept-Ranges bytes
- CF-Cache-Status MISS
- Cache-Control public, max-age=14400
- ETag "a72-5471dbc0ac780-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:56 GMT
- Content-Length 738
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/assets/js/plugins/jquery-validation/jquery.validate.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /assets/js/plugins/jquery-validation/jquery.validate.min.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bfb4f4069d7-LHR
- Connection keep-alive
- Last-Modified Sat, 28 Jan 2017 01:47:22 GMT
- Date Tue, 27 Feb 2018 03:59:56 GMT
- Accept-Ranges bytes
- CF-Cache-Status EXPIRED
- Cache-Control public, max-age=14400
- ETag "5453-5471dc36ede80-gzip"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Tue, 27 Feb 2018 07:59:56 GMT
- Content-Length 6792
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/apps/body/0-JyvfX_oGnrbE8jiySETU3S9ZY.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bdd6d3469d7-LHR
- Connection keep-alive
- Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
- x-amz-version-id w.wSVPaYjMxx1soiGl19r3EvvWkBEYvz
- Date Tue, 27 Feb 2018 03:59:52 GMT
- CF-Cache-Status MISS
- Cache-Control public, max-age=31536000
- ETag "e5e5fc7485dfaf68a6d7b07439259e36"
- Content-Encoding gzip
- Vary Accept-Encoding
- x-amz-request-id 02524C316DFF8C8D
- Expires Wed, 27 Feb 2019 03:59:52 GMT
- Content-Length 9046
- x-amz-id-2 jJkGw+HyHhk++0sXKZWLit3le3WaZQKWewIerQEmr271GzGeLPoW3/6twZs
- 4NAzh8EZLEyICRL8=
- Content-Type application/javascript; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com/cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDR
- Mj0.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/apps/head/82w_gO4sQ5uV5B0ZGSTWHVDRMj0.js HTTP/1.1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Referer https://skidbooter.com/register.php
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- Response Headers
- HTTP/ 1.1 200 OK
- Server cloudflare
- CF-RAY 3f383bd70b4369d7-LHR
- Connection keep-alive
- Last-Modified Sat, 24 Feb 2018 03:01:19 GMT
- x-amz-version-id rqjMVQL2I4Kk8KXt5xKMt.azipcuj0Xx
- Date Tue, 27 Feb 2018 03:59:51 GMT
- CF-Cache-Status MISS
- Cache-Control public, max-age=31536000
- ETag "977879dedb46f380cf93614586210c96"
- Content-Encoding gzip
- Vary Accept-Encoding
- x-amz-request-id 7A89128BAA9F1933
- Expires Wed, 27 Feb 2019 03:59:51 GMT
- Content-Length 4056
- x-amz-id-2 TNQyfLK2iMK1OJJueLPJI2r4NJJtNNxKryer3L24drEhMXD5+SWBHGgURVH
- MbSVakX0KjoQx/FU=
- Content-Type application/javascript; charset=utf-8
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com:2083/cdn-cgi/scripts/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare-nginx
- CF-RAY 3f3859ab98ae69fb-LHR
- Connection keep-alive
- Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
- Date Tue, 27 Feb 2018 04:20:12 GMT
- X-Frame-Options SAMEORIGIN
- Cache-Control max-age=172800
- ETag W/"5a8d4a16-17bdc"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 01 Mar 2018 04:20:12 GMT
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
- 1. Content Sniffing
- Summary
- Found At
- https://skidbooter.com:8443/cdn-cgi/scripts/jquery.min.js
- CVSS
- 0 of 10.0
- Request Headers
- GET /cdn-cgi/scripts/jquery.min.js HTTP/1.1
- Accept text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,*/*; q=0.8
- Upgrade-Insecure-Requests1
- User-Agent Mozilla/5.0 (compatible; Detectify)
- +https://detectify.com/bot/da5f80b97c013a864fb70593467f03b9eb03b5cf
- Accept-Encoding gzip, deflate
- Accept-Language en-US
- Response Headers
- HTTP/ 1.1 200 OK
- Transfer-Encoding chunked
- Server cloudflare-nginx
- CF-RAY 3f3854df5b746b4f-LHR
- Connection keep-alive
- Last-Modified Wed, 21 Feb 2018 10:29:42 GMT
- Date Tue, 27 Feb 2018 04:16:56 GMT
- X-Frame-Options SAMEORIGIN
- Cache-Control max-age=172800
- ETag W/"5a8d4a16-17bdc"
- Content-Encoding gzip
- Vary Accept-Encoding
- Expires Thu, 01 Mar 2018 04:16:56 GMT
- Content-Type application/javascript
- Expect-CT max-age=604800,
- report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- Resources
- REMEDIATION - Detectify Support Center - Content sniffing
- OWASP - X-Content-Type-Options
- MOZILLA - X-Content-Type-Options
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement