Пропускане към основното съдържание

Facebook structure_intentional uncertainty




+ Server: No banner retrieved
+ X-XSS-Protection header has been set to disable XSS Protection. There is unlikely to be a good reason for this.
+ Uncommon header 'x-fb-debug' found, with contents: SA17Z/1jGOMUff7U39k20M0c/6sSZAD/Jvv00FPyIR603jOZAx91mrwQ5WVjhkAOm0FI683ditjc0KXc2o+5DQ==
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/about/privacy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/full_data_use_policy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/legal/terms/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/policy.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 243 entries which should be manually viewed.
+ Server is using a wildcard certificate: *.facebook.com
+ Uncommon header 'timing-allow-origin' found, with contents: *
+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
+ Server banner has changed from '' to 'proxygen-bolt' which may suggest a WAF, load balancer or proxy is in place
+ Multiple index files found: /default.aspx, /index.php, /index.php3, /index.jhtml
+ /help/: Help directory should not be accessible
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /ws_ftp.ini: Can contain saved passwords for FTP sites
+ /WS_FTP.ini: Can contain saved passwords for FTP sites
+ OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
+ /_cti_pvt/: FrontPage directory found.
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /mail.box: The mail database can be read without authentication.
+ OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
+ OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
+ OSVDB-3092: /_vti_txt/: FrontPage directory found.
+ OSVDB-1210: /scripts/samples/search/qfullhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-1210: /scripts/samples/search/qsumrhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-1210: /sD7lw.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-13405: /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
+ OSVDB-10944: /cgi-sys/: CGI Directory found
+ OSVDB-10944: /htbin/: CGI Directory found
+ OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-3092: /.psql_history: This might be interesting...
+ OSVDB-3092: /access-log: This might be interesting...
+ OSVDB-3092: /access.log: This might be interesting...
+ OSVDB-3092: /access_log: This might be interesting...
+ OSVDB-3092: /Admin_files/: This might be interesting...
+ OSVDB-3092: /ccard/: This might be interesting...
+ OSVDB-3092: /dan_o.dat: This might be interesting...
+ OSVDB-3092: /error_log: This might be interesting...
+ OSVDB-3092: /fpadmin/: This might be interesting...
+ OSVDB-3092: /hit_tracker/: This might be interesting...
+ OSVDB-3092: /htpasswd: This might be interesting...
+ OSVDB-3092: /imagenes/: This might be interesting...
+ OSVDB-3092: /informacion/: This might be interesting...
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /noticias/: This might be interesting...
+ OSVDB-3092: /outgoing/: This might be interesting...
+ OSVDB-3092: /PDG_Cart/: This might be interesting...
+ OSVDB-3092: /php/: This might be interesting...
+ OSVDB-3092: /prueba/: This might be interesting...
+ OSVDB-3092: /retail/: This might be interesting...
+ OSVDB-3092: /shopper/: This might be interesting...
+ OSVDB-3092: /ss.cfg: This might be interesting...
+ OSVDB-3092: /stylesheet/: This might be interesting...
+ OSVDB-3092: /stylesheets/: This might be interesting...
+ OSVDB-3092: /system/: This might be interesting...
+ OSVDB-3092: /template/: This may be interesting as the directory may hold sensitive files or reveal system information.
+ OSVDB-3092: /testing/: This might be interesting...
+ OSVDB-3092: /updates/: This might be interesting...
+ OSVDB-3092: /webadmin/: This might be interesting...may be HostingController, www.hostingcontroller.com
+ OSVDB-3092: /weblogs/: This might be interesting...
+ OSVDB-3092: /webmaster_logs/: This might be interesting...
+ OSVDB-3092: /Web_store/: This might be interesting...
+ OSVDB-3092: /sam._: This might be interesting...
+ OSVDB-3092: /_mem_bin/: This might be interesting - User Login
+ OSVDB-3092: /owa_util%2esignature: Unknown, may be interesting
+ OSVDB-3092: /a_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /dols_help.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_admin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_client.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_designer.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /l_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3093: /add_acl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /aff_news.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /archive_forum.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /bigsam_guestbook.php?displayBegin=9999...9999: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /checkout_payment.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /docs/NED: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /do_map: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /do_subscribe: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /emml_email_func.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /forum_arc.asp?n=268: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /forum_professionnel.asp?n=100: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-10447: /get_od_toc.pl?Profile=: WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.
+ OSVDB-3093: /ixmail_netattach.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /netget?sid=Safety&msg=2002&file=Safety: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /parse_xml.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /product_info.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /protected/: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /pt_config.inc: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /site_searcher.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /x_stat_admin.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /_head.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /.www_acl: Contains authorization information
+ OSVDB-3093: /.addressbook: PINE addressbook, may store sensitive e-mail address contact information and notes
+ OSVDB-3093: /.bash_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3093: /.lynx_cookies: User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.
+ OSVDB-3093: /.mysql_history: Database SQL?
+ OSVDB-3093: /.sh_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3233: /_private/: FrontPage directory found.
+ OSVDB-3233: /_vti_bin/: FrontPage directory found.
+ OSVDB-3233: /npn_admn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: /npn_rn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: /netbasic/websinfo.bas: Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.
+ OSVDB-5092: /config.inc: DotBr 0.1 configuration file includes usernames and passwords.
+ OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
+ OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
+ OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
+ OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
+ OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
+ OSVDB-3092: /_archive/: Archive found.
+ OSVDB-3092: /aw/: This might be interesting... potential country code (Aruba)
+ OSVDB-3092: /dj/: This might be interesting... potential country code (Djibouti)
+ OSVDB-3092: /jo/: This might be interesting... potential country code (Jordan)
+ OSVDB-3092: /mr/: This might be interesting... potential country code (Mauritania)
+ OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)
+ OSVDB-3092: /tr/: This might be interesting... potential country code (Turkey)
+ Uncommon header 'x-fb-content-md5' found, with contents: 54f712f0e6a28e86b7331132add99723
+ /wp-app.log: Wordpress' wp-app.log may leak application/system details.
+ /admin4_account/: Admin login page/section found.
+ /admin4_colon/: Admin login page/section found.
+ /adminpro/: Admin login page/section found.
+ /AdminTools/: Admin login page/section found.
+ /cp.asp: Admin login page/section found.
+ /cpanel_file/: Admin login page/section found.
+ /customer_login/: Admin login page/section found.
+ /database_administration/: Admin login page/section found.
+ /Database_Administration/: Admin login page/section found.
+ /globes_admin/: Admin login page/section found.
+ /Indy_admin/: Admin login page/section found.
+ /LiveUser_Admin/: Admin login page/section found.
+ /login_db/: Admin login page/section found.
+ /login.php: Admin login page/section found.
+ /logo_sysadmin/: Admin login page/section found.
+ /Lotus_Domino_Admin/: Admin login page/section found.
+ /macadmin/: Admin login page/section found.
+ /meta_login/: Admin login page/section found.
+ /platz_login/: Admin login page/section found.
+ /power_user/: Admin login page/section found.
+ /server_admin_small/: Admin login page/section found.
+ /ss_vms_admin_sm/: Admin login page/section found.
+ /support_login/: Admin login page/section found.
+ /system_administration/: Admin login page/section found.
+ /utility_login/: Admin login page/section found.
+ OSVDB-3092: /test.jsp: This might be interesting...
+ OSVDB-3092: /docnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /docnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /helpnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /helpnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/db_sql.php: phpMyAdmin (portable) found which may allow DB access.
+ /fantastico_fileslist.txt: fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.
+ /system/console: OSGi Apache Felix console
+ Uncommon header 'x-fb-serverinfo' found, with contents: 6176,0,C3,100,10000
+ Uncommon header 'x-fb-svn-revision' found, with contents: 4844449
+ /id_rsa: Encryption key exposed
+ /id_rsa.old: Encryption key exposed
+ /id_dsa: Encryption key exposed
+ /id_dsa.old: Encryption key exposed
+ /encrypt: This might be interesting...
+ /server-manager/: Mitel Audio and Web Conferencing server manager identified.
+ 15058 requests: 0 error(s) and 313 item(s) reported on remote host


Reference: http://cve.mitre.org/data/refs/refmap/source-OSVDB.html

Коментари

Popular Posts

CVE-2021-44228

REPRODUCE OF THE VULNERABILITY =): Collaboration: silentsignal

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues). For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! TL;DR: Quick copy/paste 1: CSRF=$(curl -s -c dvwa.cookie "192.168.1.44/DVWA/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1

CVE-2022-21907

Donate if you are not shame!