Académique Documents
Professionnel Documents
Culture Documents
6
---------------------------------------------------------------------------
+ Target IP: 202.38.172.174
+ Target Hostname: www.pcmcindia.gov.in
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=IN/ST=Maharashtra/L=Pune/O=Pimpri Chinchwad
Municipal Corporation/OU=Government Organisation IT/CN=www.pcmcindia.gov.in
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
+ Start Time: 2020-01-30 10:36:19 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Cookie PHPSESSID created without the secure flag
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.4.33
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to
render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache
2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ Web Server returns a valid response with junk HTTP methods, this may cause false
positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-12184: /marathi/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals
potentially sensitive information via certain HTTP requests that contain specific
QUERY strings.
+ OSVDB-12184: /marathi/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals
potentially sensitive information via certain HTTP requests that contain specific
QUERY strings.
+ OSVDB-12184: /marathi/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals
potentially sensitive information via certain HTTP requests that contain specific
QUERY strings.
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream:
can't connect: : Invalid argument
+ Scan terminated: 20 error(s) and 15 item(s) reported on remote host
+ End Time: 2020-01-30 10:44:56 (GMT5.5) (517 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
---------------------------------------------------------------------------
+ Target IP: 202.38.172.174
+ Target Hostname: www.pcmcindia.gov.in
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=IN/ST=Maharashtra/L=Pune/O=Pimpri Chinchwad
Municipal Corporation/OU=Government Organisation IT/CN=www.pcmcindia.gov.in
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
+ Start Time: 2020-02-03 17:09:34 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to
render the content of the site in a different fashion to the MIME type
+ Cookie PHPSESSID created without the secure flag
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.4.33
+ Multiple index files found: /index.php, /index.html
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache
2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /test.php: Output from the phpinfo() function was found.
+ OSVDB-3233: /test.php: PHP is installed, and a test script which runs phpinfo()
was found. This gives a lot of system information.
+ /administration.php: Admin login page/section found.
+ OSVDB-3092: /test.php: This might be interesting...
+ 26591 requests: 1 error(s) and 16 item(s) reported on remote host
+ End Time: 2020-02-03 20:16:02 (GMT5.5) (11188 seconds)
---------------------------------------------------------------------------
-----------------
DIRB v2.22
By The Dark Raver
-----------------
-----------------
===========================================================================
Testing [XSS from URL]...
===========================================================================
===========================================================================
[*] Test: [ 1/1 ] <-> 2020-02-03 18:56:37.939006
===========================================================================
[+] Target:
[ https://www.pcmcindia.gov.in ]
---------------------------------------------
[!] Hashing:
[ 6cea8d3cd00ff3e2fba23b984863299b ] : [ XSA ]
---------------------------------------------
https://www.pcmcindia.gov.in/test.php?Id=200
=============================================
[*] Injection(s) Results:
=============================================
==================================================
Mosquito(es) landed!
==================================================
===========================================================================
[*] Final Results:
===========================================================================
- Injections: 1
- Failed: 0
- Successful: 1
- Accur: 100.0 %
===========================================================================
[*] List of XSS injections:
===========================================================================
---------------------
===========================================================================
Testing [XSS from URL]...
===========================================================================
===========================================================================
[*] Test: [ 1/1 ] <-> 2020-02-03 18:54:30.602553
===========================================================================
[+] Target:
[ https://www.pcmcindia.gov.in ]
---------------------------------------------
[!] Hashing:
[ 35fdd4c6403ccd2a066a52a1ff173a27 ] : [ COO ]
---------------------------------------------
https://www.pcmcindia.gov.in/test.php?Id=200
=============================================
[*] Injection(s) Results:
=============================================
==================================================
Mosquito(es) landed!
==================================================
===========================================================================
[*] Final Results:
===========================================================================
- Injections: 1
- Failed: 0
- Successful: 1
- Accur: 100.0 %
===========================================================================
[*] List of XSS injections:
===========================================================================
https://www.pcmcindia.gov.in/marathi/news-detail.php?Id=200
XSStrike v3.1.4
XSStrike v3.1.4
XSStrike v3.1.4