API tools faq
paste
Advertisement
vituong585

Untitled

vituong585
Sep 27th, 2015
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.24 KB | None | 0 0
raw download clone embed print report
  1. + Target IP: 112.213.89.106
  2. + Target Hostname: phongkhamdaiphuoc.vn
  3. + Target Port: 80
  4. + Start Time: 2015-09-27 17:36:53 (GMT7)
  5. ---------------------------------------------------------------------------
  6. + Server: Apache
  7. + Cookie PHPSESSID created without the httponly flag
  8. + Retrieved x-powered-by header: PHP/5.3.29
  9. + The anti-clickjacking X-Frame-Options header is not present.
  10. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  11. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  12. + Multiple index files found: /index.html, /index.php
  13. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  14. + /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  15. + /cfide/Administrator/startstop.html: Can start/stop the server
  16. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  17. + OSVDB-613: /SiteScope/htdocs/SiteScope.html: The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.
  18. + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
  19. + OSVDB-376: /manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  20. + OSVDB-376: /jk-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  21. + OSVDB-376: /jk-status/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  22. + OSVDB-376: /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  23. + OSVDB-376: /host-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  24. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  25. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  26. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  27. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  28. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
  29. + OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  30. + OSVDB-3092: /admin.html: This might be interesting...
  31. + OSVDB-3092: /admin/: This might be interesting...
  32. + OSVDB-3092: /demo/: This might be interesting...
  33. + OSVDB-3092: /easylog/easylog.html: This might be interesting...
  34. + OSVDB-3092: /log.html: This might be interesting...
  35. + OSVDB-3092: /logfile.html: This might be interesting...
  36. + OSVDB-3092: /logger.html: This might be interesting...
  37. + OSVDB-3092: /stats.html: This might be interesting...
  38. + OSVDB-3092: /test.html: This might be interesting...
  39. + OSVDB-3092: /wwwstats.html: This might be interesting...
  40. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
  41. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
  42. + OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.
  43. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
  44. + Scan terminated: 20 error(s) and 36 item(s) reported on remote host
  45. + End Time: 2015-09-27 18:06:08 (GMT7) (1755 seconds)
  46. ---------------------------------------------------------------------------
  47. + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!