Jump to content

Recommended Posts

LOL:

 

STOMACH ACHE!

FOOD NOT FOUND!

 

--------------------------------------------------------------------------------

 

Lol,you tried to go to /zymn/uploads/uploads

 

Lol, like, this aint here yo.

 

--------------------------------------------------------------------------------

 

Oh yeah, I logged your IP address. I'm sending you to the FBI

86.43.86.205

if you know that why isnt it being taken care of ???

Vulnerability description

By this form input is possible to upload a file to the server.

This vulnerability affects /zymn/upload.php.

The impact of this vulnerability

User may upload malicious files to server.

 

How to fix this vulnerability

Check if the script inputs are properly validated.

 

 

Vulnerability description

This file is listed in robots.txt but it's not linked anywhere in the site.

This vulnerability affects /client.

The impact of this vulnerability

Possible sensitive information disclosure.

 

 

How to fix this vulnerability

In robots.txt you should include only files or directories linked on the site.

 

 

 

 

  • 3 weeks later...

HTTP TRACE method is enabled on this web server.

In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

 

Vulnerability description

This file is listed in robots.txt but it's not linked anywhere in the site.

This vulnerability affects /client.

The impact of this vulnerability

Possible sensitive information disclosure.

 

 

How to fix this vulnerability

In robots.txt you should include only files or directories linked on the site.

 

 

 

 

GHDB: robots.txt file

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

 

Category : Files containing juicy info

 

Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits. An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword.

This vulnerability affects /robots.txt.

 

Attack details

We found

(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.