Jump to content

High Ends Site Upload

zymn

By zymn
in Beta Test Your Stuff!

 Share

Recommended Posts

waynew Advanced Member

waynew

Posted
Posted

LOL:

 

STOMACH ACHE!

FOOD NOT FOUND!

 

--------------------------------------------------------------------------------

 

Lol,you tried to go to /zymn/uploads/uploads

 

Lol, like, this aint here yo.

 

--------------------------------------------------------------------------------

 

Oh yeah, I logged your IP address. I'm sending you to the FBI

86.43.86.205

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

if you know that why isnt it being taken care of ???

Vulnerability description

By this form input is possible to upload a file to the server.

This vulnerability affects /zymn/upload.php.

The impact of this vulnerability

User may upload malicious files to server.

 

How to fix this vulnerability

Check if the script inputs are properly validated.

 

 

Vulnerability description

This file is listed in robots.txt but it's not linked anywhere in the site.

This vulnerability affects /client.

The impact of this vulnerability

Possible sensitive information disclosure.

 

 

How to fix this vulnerability

In robots.txt you should include only files or directories linked on the site.

 

 

 

 

Link to comment
Share on other sites
  • 3 weeks later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

HTTP TRACE method is enabled on this web server.

In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

 

Vulnerability description

This file is listed in robots.txt but it's not linked anywhere in the site.

This vulnerability affects /client.

The impact of this vulnerability

Possible sensitive information disclosure.

 

 

How to fix this vulnerability

In robots.txt you should include only files or directories linked on the site.

 

 

 

 

GHDB: robots.txt file

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

 

Category : Files containing juicy info

 

Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits. An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword.

This vulnerability affects /robots.txt.

 

Attack details

We found

(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.