API tools faq
paste
Advertisement
nu11secur1ty

facebook_info_2021.txt

nu11secur1ty
Apr 25th, 2021
376
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.12 KB | None | 0 0
raw download clone embed print report
  1. + Start Time: 2021-04-25 08:54:43 (GMT3)
  2. ---------------------------------------------------------------------------
  3. + Server: No banner retrieved
  4. + Uncommon header 'priority' found, with contents: u=3,i
  5. + Uncommon header 'x-fb-debug' found, with contents: rvX64FlZz910uBj3ILqL/Kx6/Ev8rFgcR8H2KaFCtgtXbufa1C+IZEMWE/pK/Y/v05zzn2vdGGTtGsaS2LW8yA==
  6. + Uncommon header 'x-fb-rlafr' found, with contents: 0
  7. + Uncommon header 'alt-svc' found, with contents: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
  8. line: /job_application/
  9. + Entry '/job_application/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  10. line: /watch/
  11. + Entry '/watch/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  12. line: /full_data_use_policy/
  13. + Entry '/full_data_use_policy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  14. line: /*/videos/
  15. line: /sharer/
  16. + Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  17. line: /watch/?v=*/
  18. + Entry '/watch/?v=*/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  19. line: /p.php
  20. + Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  21. line: /about/privacy/
  22. + Entry '/about/privacy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  23. line: /album.php
  24. + Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  25. line: /sharer.php
  26. + Entry '/sharer.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  27. line: /share.php
  28. + Entry '/share.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  29. line: /checkpoint/
  30. + Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  31. line: /hashtag/
  32. line: /policy.php
  33. + Entry '/policy.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  34. line: /file_download.php
  35. + Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  36. line: /dialog/
  37. + Retrieved access-control-allow-origin header: https://facebook.com
  38. line: /moments_app/
  39. + Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  40. line: /contact_importer/
  41. + Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  42. line: /feeds/
  43. line: /fbml/ajax/dialog/
  44. + Entry '/fbml/ajax/dialog/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  45. line: /ajax/bootloader-endpoint/
  46. line: /share/
  47. + Entry '/share/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  48. line: /photo.php
  49. + Entry '/photo.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  50. line: /l.php
  51. line: /safetycheck/
  52. + Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
  53. line: /photos.php
  54. + Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
  55. line: /ajax/
  56. line: /legal/terms/
  57. + Entry '/legal/terms/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  58. line: /static_map.php
  59. line: /ajax/pagelet/generic.php/PagePostsSectionPagelet
  60. + Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  61. line: /map_tile.php
  62. + "robots.txt" contains 442 entries which should be manually viewed.
  63. + Server banner changed from '' to 'proxygen-bolt'
  64. + Uncommon header 'cross-origin-resource-policy' found, with contents: cross-origin
  65. + Server is using a wildcard certificate: *.facebook.com
  66. + Multiple index files found: /index.php, /index.aspx, /index.do, /index.php7, /default.aspx, /index.php5, /index.shtml, /index.jhtml, /index.php3, /index.cfm, /index.php4
  67. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
  68. + /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  69. + /help/: Help directory should not be accessible
  70. + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
  71. + /getaccess: This may be an indication that the server is running getAccess for SSO
  72. + OSVDB-23654: /profile.php?u=BSSxluI6: Powerboards is vulnerable to path disclosure.
  73. + /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  74. + /siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
  75. + /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
  76. + /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
  77. + /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
  78. + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
  79. + /ws_ftp.ini: Can contain saved passwords for FTP sites
  80. + /WS_FTP.ini: Can contain saved passwords for FTP sites
  81. + /siteminder: This may be an indication that the server is running Siteminder for SSO
  82. + /_cti_pvt/: FrontPage directory found.
  83. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
  84. + OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
  85. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  86. + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
  87. + OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
  88. + OSVDB-3092: /_vti_txt/: FrontPage directory found.
  89. + OSVDB-13405: /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
  90. + OSVDB-10944: /cgi-sys/: CGI Directory found
  91. + OSVDB-10944: /htbin/: CGI Directory found
  92. + OSVDB-2695: /photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
  93. + OSVDB-2695: /photodata/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
  94. + OSVDB-3092: /access-log: This might be interesting.
  95. + OSVDB-3092: /access.log: This might be interesting.
  96. + OSVDB-3092: /access_log: This might be interesting.
  97. + OSVDB-3092: /admin.htm: This might be interesting.
  98. + OSVDB-3092: /Admin_files/: This might be interesting.
  99. + OSVDB-3092: /analog/: This might be interesting.
  100. + OSVDB-3092: /ccard/: This might be interesting.
  101. + OSVDB-3092: /dan_o.dat: This might be interesting.
  102. + OSVDB-3092: /enviamail/: This might be interesting.
  103. + OSVDB-3092: /error_log: This might be interesting.
  104. + OSVDB-3092: /fpadmin/: This might be interesting.
  105. + OSVDB-3092: /hit_tracker/: This might be interesting.
  106. + OSVDB-3092: /htpasswd: This might be interesting.
  107. + OSVDB-3092: /login/: This might be interesting.
  108. + OSVDB-3092: /noticias/: This might be interesting.
  109. + OSVDB-3092: /outgoing/: This might be interesting.
  110. + OSVDB-3092: /PDG_Cart/: This might be interesting.
  111. + OSVDB-3092: /php/: This might be interesting.
  112. + OSVDB-3092: /prueba/: This might be interesting.
  113. + OSVDB-3092: /register/: This might be interesting.
  114. + OSVDB-3092: /retail/: This might be interesting.
  115. + OSVDB-3092: /ss.cfg: This might be interesting.
  116. + OSVDB-3092: /stylesheet/: This might be interesting.
  117. + OSVDB-3092: /stylesheets/: This might be interesting.
  118. + OSVDB-3092: /system/: This might be interesting.
  119. + OSVDB-3092: /tools/: This might be interesting.
  120. + OSVDB-3092: /updates/: This might be interesting.
  121. + OSVDB-3092: /webadmin/: This might be interesting: probably HostingController, www.hostingcontroller.com
  122. + OSVDB-3092: /webmaster_logs/: This might be interesting.
  123. + OSVDB-3092: /Web_store/: This might be interesting.
  124. + OSVDB-3092: /sam._: This might be interesting.
  125. + OSVDB-3092: /_mem_bin/: This might be interesting: user login
  126. + OSVDB-3092: /owa_util%2esignature: This might be interesting.
  127. + OSVDB-3093: /add_acl: This might be interesting: has been seen in web logs from an unknown scanner.
  128. + OSVDB-3093: /aff_news.php: This might be interesting: has been seen in web logs from an unknown scanner.
  129. + OSVDB-3093: /archive_forum.asp: This might be interesting: has been seen in web logs from an unknown scanner.
  130. + OSVDB-3093: /bigsam_guestbook.php?displayBegin=9999...9999: This might be interesting: has been seen in web logs from an unknown scanner.
  131. + OSVDB-3093: /checkout_payment.php: This might be interesting: has been seen in web logs from an unknown scanner.
  132. + OSVDB-3093: /do_map: This might be interesting: has been seen in web logs from an unknown scanner.
  133. + OSVDB-3093: /do_subscribe: This might be interesting: has been seen in web logs from an unknown scanner.
  134. + OSVDB-3093: /emml_email_func.php: This might be interesting: has been seen in web logs from an unknown scanner.
  135. + OSVDB-3093: /forum_arc.asp?n=268: This might be interesting: has been seen in web logs from an unknown scanner.
  136. + OSVDB-3093: /forum_professionnel.asp?n=100: This might be interesting: has been seen in web logs from an unknown scanner.
  137. + OSVDB-10447: /get_od_toc.pl?Profile=: WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.
  138. + OSVDB-3093: /ixmail_netattach.php: This might be interesting: has been seen in web logs from an unknown scanner.
  139. + OSVDB-3093: /parse_xml.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
  140. + OSVDB-3093: /product_info.php: This might be interesting: has been seen in web logs from an unknown scanner.
  141. + OSVDB-3093: /protected/: This might be interesting: has been seen in web logs from an unknown scanner.
  142. + OSVDB-3093: /pt_config.inc: This might be interesting: has been seen in web logs from an unknown scanner.
  143. + OSVDB-3093: /site_searcher.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
  144. + OSVDB-3093: /x_stat_admin.php: This might be interesting: has been seen in web logs from an unknown scanner.
  145. + OSVDB-3093: /_head.php: This might be interesting: has been seen in web logs from an unknown scanner.
  146. + OSVDB-3093: /.www_acl: Contains authorization information
  147. + OSVDB-3093: /.addressbook: PINE addressbook, may store sensitive e-mail address contact information and notes
  148. + OSVDB-3093: /.lynx_cookies: User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.
  149. + OSVDB-3233: /_private/: FrontPage directory found.
  150. + OSVDB-3233: /_vti_bin/: FrontPage directory found.
  151. + OSVDB-3233: /index.html.cz.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
  152. + OSVDB-3233: /index.html.he.iso8859-8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
  153. + OSVDB-3233: /index.html.hr.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
  154. + OSVDB-3233: /index.html.po.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
  155. + OSVDB-3233: /index.html.ru.cp-1251: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
  156. + OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
  157. + OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
  158. + OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
  159. + OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
  160. + OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
  161. + OSVDB-3092: /_archive/: Archive found.
  162. + OSVDB-3092: /aw/: This might be interesting: potential country code (Aruba)
  163. + OSVDB-3092: /cx/: This might be interesting: potential country code (Christmas Island)
  164. + OSVDB-3092: /dj/: This might be interesting: potential country code (Djibouti)
  165. + OSVDB-3092: /mr/: This might be interesting: potential country code (Mauritania)
  166. + OSVDB-3092: /pr/: This might be interesting: potential country code (Puerto Rico)
  167. + OSVDB-3092: /tr/: This might be interesting: potential country code (Turkey)
  168. + Uncommon header 'x-fb-content-md5' found, with contents: 4e1e97542b4f90213e76c6f6811c3092
  169. + /wp-app.log: Wordpress' wp-app.log may leak application/system details.
  170. + /wordpress/wp-app.log: Wordpress' wp-app.log may leak application/system details.
  171. + /admin4_account/: Admin login page/section found.
  172. + /admin4_colon/: Admin login page/section found.
  173. + /administr8/: Admin login page/section found.
  174. + /adminpro/: Admin login page/section found.
  175. + /admins.php: Admin login page/section found.
  176. + /AdminTools/: Admin login page/section found.
  177. + /cp.asp: Admin login page/section found.
  178. + /cpanel_file/: Admin login page/section found.
  179. + /customer_login/: Admin login page/section found.
  180. + /database_administration/: Admin login page/section found.
  181. + /Database_Administration/: Admin login page/section found.
  182. + /globes_admin/: Admin login page/section found.
  183. + /Indy_admin/: Admin login page/section found.
  184. + /LiveUser_Admin/: Admin login page/section found.
  185. + /login_db/: Admin login page/section found.
  186. + /login.php: Admin login page/section found.
  187. + /logo_sysadmin/: Admin login page/section found.
  188. + /Lotus_Domino_Admin/: Admin login page/section found.
  189. + /macadmin/: Admin login page/section found.
  190. + /meta_login/: Admin login page/section found.
  191. + /painel/: Admin login page/section found.
  192. + /platz_login/: Admin login page/section found.
  193. + /power_user/: Admin login page/section found.
  194. + /server_admin_small/: Admin login page/section found.
  195. + /ss_vms_admin_sm/: Admin login page/section found.
  196. + /support_login/: Admin login page/section found.
  197. + /system_administration/: Admin login page/section found.
  198. + /utility_login/: Admin login page/section found.
  199. + OSVDB-3092: /messages/: This might be interesting.
  200. + OSVDB-3092: /test.jsp: This might be interesting.
  201. + /fantastico_fileslist.txt: fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.
  202. + Uncommon header 'x-fb-serverinfo' found, with contents: 1682,0,C3,100,10000,23
  203. + Uncommon header 'x-fb-svn-revision' found, with contents: 1003681751
  204. + /id_rsa: Encryption key exposed
  205. + /id_rsa.old: Encryption key exposed
  206. + /id_dsa: Encryption key exposed
  207. + /id_dsa.old: Encryption key exposed
  208. + /server-manager/: Mitel Audio and Web Conferencing server manager identified.
  209. + Cookie statecode created without the secure flag
  210. + Cookie dvr_camcnt created without the secure flag
  211. + Cookie dvr_usr created without the secure flag
  212. + Cookie dvr_pwd created without the secure flag
  213. + Uncommon header 'content-disposition' found, with contents: inline;filename=assetlinks.json
  214. + /.well-known/assetlinks.json: Google Asset Links Specification file may contain server info, per RFC-5785. See https://github.com/google/digitalassetlinks/blob/master/well-known/details.md
  215. + /core/modules/config/config.info.yml: Drupal version number revealed in config.info.yml
  216. + /master.json: This might be interesting.
  217. + /redis_config.json: Redis config file found. It may contain sensitive information.
  218. + /credis/tests/redis_config.json: Redis config file found. It may contain sensitive information.
  219. + /config/redis.json: Redis config file found. It may contain sensitive information.
  220. + /.well-known/openid-configuration: OpenID Provider Configuration Information.
  221. + /apple-app-site-association: Apple Universal Links.
  222. + /.well-known/apple-app-site-association: Apple Universal Links.
  223. + /.well-known/assetlinks.json: Android App Links.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!