chaoshackerz.net

1. un_sll
2. Secure content can be accessed using the insecure protocol HTTP. The vulnerable URLs are: "https://www.chaoshackerz.net/"
3. "http://www.chaoshackerz.net/" .
4.  
5. This vulnerability was found in the requests with ids 43 and 55.
6.  
7. HTTP/1.1 403 Forbidden
8. content-encoding: gzip
9. transfer-encoding: chunked
10. expires: Thu, 15 Jan 2015 17:25:36 GMT
11. server: cloudflare-nginx
12. connection: keep-alive
13. cache-control: max-age=10
14. date: Thu, 15 Jan 2015 17:25:26 GMT
15. x-frame-options: SAMEORIGIN
16. content-type: text/html; charset=UTF-8
17. cf-ray: 1a93c5c5a0680491-CDG
18.  
19. <!DOCTYPE html>
20. <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
21. <!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
22. <!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
23. <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
24. <head>
25. <title>Access denied | www.chaoshackerz.net used CloudFlare to restrict access</title>
26. <meta charset="UTF-8" />
27. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
28. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
29. <meta name="robots" content="noindex, nofollow" />
30. <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />
31. <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
32. <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
33. <style type="text/css">body{margin:0;padding:0}</style>
34. <!--[if lte IE 9]><script type="text/javascript" src="/cdn-cgi/scripts/jquery.min.js"></script><![endif]-->
35. <!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
36. <script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script>
37.  
38. </head>
39. <body>
40.   <div id="cf-wrapper">
41.     <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
42.     <div id="cf-error-details" class="cf-error-details-wrapper">
43.       <div class="cf-wrapper cf-header cf-error-overview">
44.         <h1>
45.           <span class="cf-error-type" data-translate="error">Error</span>
46.           <span class="cf-error-code">1010</span>
47.           <small class="heading-ray-id">Ray ID: 1a93c5c5a0680491</small>
48.         </h1>
49.         <h2 class="cf-subheadline" data-translate="error_desc">Access denied</h2>
50.       </div><!-- /.header -->
51.  
52.       <section></section><!-- spacer -->
53.  
54.       <div class="cf-section cf-wrapper">
55.         <div class="cf-columns two">
56.           <div class="cf-column">
57.             <h2 data-translate="what_happened">What happened?</h2>
58.             <p>The owner of this website (www.chaoshackerz.net) has banned your access based on your browser's signature (1a93c5c5a0680491-ua56).</p>
59.           </div>
60.  
61.          
62.         </div>
63.       </div><!-- /.section -->
64.  
65.       <div class="cf-error-footer cf-wrapper">
66.   <p>
67.     <span class="cf-footer-item">CloudFlare Ray ID: <strong>1a93c5c5a0680491</strong></span>
68.     <span class="cf-footer-separator">&bull;</span>
69.     <span class="cf-footer-item"><span data-translate="your_ip">Your IP</span>: 84.97.178.201</span>
70.     <span class="cf-footer-separator">&bull;</span>
71.     <span class="cf-footer-item"><span data-translate="performance_security_by">Performance &amp; security by</span> <a data-orig-proto="https" data-orig-ref="www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">CloudFlare</a></span>
72.      </p>
73. </div><!-- /.error-footer -->
74.  
75.    </div><!-- /#cf-error-details -->
76.   </div><!-- /#cf-wrapper -->
77.  
78.   <script type="text/javascript">
79.   window._cf_translation = {};
80.     </script>
81. </body>
82. </html>
83.  
84. ----------------------------------------------------------------------------------------------
85. click_jacking
86.  
87. http://www.chaoshackerz.net/_vti_bin/_vti_aut/author.dll
88. . This vulnerability was found in the request with id 49.
89.  
90. POST http://www.chaoshackerz.net/_vti_bin/_vti_aut/author.dll HTTP/1.1
91. Content-length: 158
92. Accept-encoding: gzip, deflate
93. Accept: */*
94. User-agent: w3af.org
95. Host: www.chaoshackerz.net
96. Cookie: __cfduid=d6b525b5458c5091e749f731d1804b4f51421342725
97. Content-type: application/x-www-form-urlencoded
98.  
99. method=put document:4.0.2.4715&service_name=&document=[document_name=/pDHfd.html;meta_info=[]]&put_option=overwrite&comment=&keep_checked_out=false
100. lmth.dfHDp
101.  
102. HTTP/1.1 400 Bad Request
103. content-length: 177
104. server: -nginx
105. connection: close
106. date: Thu, 15 Jan 2015 17:25:28 GMT
107. cf-ray: -
108. content-type: text/html
109.  
110. <html>
111. <head><title>400 Bad Request</title></head>
112. <body bgcolor="white">
113. <center><h1>400 Bad Request</h1></center>
114. <hr><center>cloudflare-nginx</center>
115. </body>
116. </html>
117.  
118. -----------------------------------------------------------------------------------------------------------------------------
119. CPanel
120.  
121. https://p3plcpnl033.prod.phx3.secureserver.net:2083/
122.  
123. ------------------------------------------------------------------------------------------------------------------------------