kiddies Asisten LAB
Jumlah posting : 135 Join date : 05.05.09
| Subyek: MLM bug in router Wed May 20, 2009 10:57 pm | |
| - Code:
-
- Nikto v2.03/2.04 --------------------------------------------------------------------------- + Target IP: 202.67.9.166 + Target Hostname: flexterkita.com + Target Port: 80 + Start Time: 2009-05-22 11:16:56 --------------------------------------------------------------------------- + Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.8 - Root page / redirects to: ./?pg=home + OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.8 + mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version) + OpenSSL/0.9.8e-fips-rhel5 appears to be outdated (current is at least 0.9.8i) (may depend on server version) + mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.8 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082. + OSVDB-637: GET /~root - Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users). + OSVDB-0: GET /cgi-sys/formmail.pl : Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found. + OSVDB-0: GET /cgi-sys/guestbook.cgi : May allow attackers to execute commands as the web daemon. + OSVDB-0: GET /cgi-sys/Count.cgi : This may allow attackers to execute arbitrary commands on the server + OSVDB-3233: GET /mailman/listinfo : Mailman was found on the server. + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details + OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-3092: GET /cgi-sys/entropysearch.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web + OSVDB-3092: GET /cgi-sys/FormMail-clone.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web + OSVDB-3092: GET /cgi-sys/mchat.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web + OSVDB-3092: GET /cgi-sys/scgiwrap : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web + OSVDB-3092: GET /img-sys/ : Default image directory should not allow directory listing. + OSVDB-3092: GET /java-sys/ : Default Java directory should not allow directory listing. + Default account found for 'Bandmin' at /bandwidth/index.cgi (ID '1502', PW '1502'). X-Micro WLAN 11b router - Successfully authenticated to realm "Bandmin".
- Code:
-
+ Default account found for 'Bandmin' at /bandwidth/index.cgi (ID '1502', PW '1502'). X-Micro WLAN 11b router - Successfully authenticated to realm "Bandmin". <<<< router user name+password << cari yang mana user, yang mana password nikto emank canggih euy..... | |
|
gonzhack Asisten LAB
Jumlah posting : 69 Join date : 10.05.09
| Subyek: Re: MLM bug in router Fri May 22, 2009 9:07 am | |
| | |
|
kiddies Asisten LAB
Jumlah posting : 135 Join date : 05.05.09
| Subyek: Re: MLM bug in router Fri May 22, 2009 10:39 am | |
| - gonzhack wrote:
- keren ka kiddies..
waduh om, aku kan g isa papa kali om....jgn merendah mulu om...... | |
|
petimati Admin
Jumlah posting : 89 Join date : 11.05.09
| Subyek: Re: MLM bug in router Wed May 27, 2009 5:12 am | |
| mantap..............laptopnya mau dikim kemana ne | |
|
gunslinger_ Asisten LAB
Jumlah posting : 184 Join date : 15.05.09 Age : 30 Lokasi : mars
| Subyek: Re: MLM bug in router Thu Jun 04, 2009 8:19 am | |
| | |
|
Sponsored content
| Subyek: Re: MLM bug in router | |
| |
|