Jump to content

HELP-ME NMAP AND SQL MAP TEST


dr4kiz

Recommended Posts

Posted

I got this information with a test that I'm doing authorization, could someone help me in what I can do to try to invade? with this information

nmap -sV --script vuln equipefatimabrum.com.br

Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-22 15:26 -03
Nmap scan report for equipefatimabrum.com.br (187.1.136.21)
Host is up (0.059s latency).
rDNS record for 187.1.136.21: web15f07.uni5.net
Not shown: 992 filtered tcp ports (no-response), 3 filtered tcp ports (port-unreach)
PORT     STATE  SERVICE  VERSION
21/tcp   open   ftp      ProFTPD
22/tcp   open   ssh      OpenSSH 8.0 (protocol 2.0)
| vulners: 
|   cpe:/a:openbsd:openssh:8.0: 
|       CVE-2020-15778  6.8     https://vulners.com/cve/CVE-2020-15778
|       C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3    6.8     https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3  *EXPLOIT*
|       10213DBE-F683-58BB-B6D3-353173626207    6.8     https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207  *EXPLOIT*
|       CVE-2021-41617  4.4     https://vulners.com/cve/CVE-2021-41617
|       CVE-2019-16905  4.4     https://vulners.com/cve/CVE-2019-16905
|       CVE-2020-14145  4.3     https://vulners.com/cve/CVE-2020-14145
|       CVE-2016-20012  4.3     https://vulners.com/cve/CVE-2016-20012
|_      CVE-2021-36368  2.6     https://vulners.com/cve/CVE-2021-36368
80/tcp   open   http     Apache httpd
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-passwd: ERROR: Script execution failed (use -d to debug)
|_http-server-header: Apache
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
443/tcp  open   ssl/http Apache httpd
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=equipefatimabrum.com.br
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: https://equipefatimabrum.com.br:443/
|     Form id: sender
|     Form action: #
|     
|     Path: https://equipefatimabrum.com.br:443/
|     Form id: frmorca
|     Form action: send.php
|     
|     Path: https://equipefatimabrum.com.br:443/
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/sobrenos.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/depoimentos.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/blog.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/beneficios.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/zoom.php?id=810
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/prod_zoom.php?id=2075
|     Form id: form2075
|     Form action: lanca_prod.php
|     
|     Path: https://equipefatimabrum.com.br:443/prod_zoom.php?id=2075
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/lista_ped.php
|     Form id: fechamento
|     Form action: fechaPed.php
|     
|     Path: https://equipefatimabrum.com.br:443/lista_ped.php
|     Form id: fretecalc
|     Form action: calculaFrete.php
|     
|     Path: https://equipefatimabrum.com.br:443/lista_ped.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/areacli.php
|     Form id: sender
|     Form action: /arealog.php?passport=110ed02145a19d366d19eab6df35be7e
|     
|     Path: https://equipefatimabrum.com.br:443/areacli.php
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/zoom.php?id=966
|     Form id: name
|     Form action: enviaNews.php
|     
|     Path: https://equipefatimabrum.com.br:443/zoom.php?id=801
|     Form id: name
|_    Form action: enviaNews.php
|_http-server-header: Apache
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-phpself-xss: ERROR: Script execution failed (use -d to debug)
| http-fileupload-exploiter: 
|   
|     Couldn't find a file-type field.
|   
|_    Couldn't find a file-type field.
| http-enum: 
|   /login.php: Possible admin folder
|   /robots.txt: Robots file
|_  /icons/: Potentially interesting folder w/ directory listing
| http-aspnet-debug: 
|_  status: DEBUG is enabled
3306/tcp closed mysql

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 174.29 seconds

Posted

Give us your contact's name and we can check with them on Monday then maybe we can help with the test.

Posted

Assuming you didn't have permission as you never replied so locking this as unauthorised hacking.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...