Apache 2.4.59
tcp/443
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e073ac50f4b3ac50f4b3ac50f4b3ac50f4b3ac50f4b
Symfony profiler enabled: https://app.mynoji.com/_profiler/empty/search/results
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0f253daf9ad803b95595387d9d95387d9d
Found 3 files trough .DS_Store spidering: /build /uploads /uploads/courses
Open service 217.182.205.207:443 · app.mynoji.com
2024-05-13 01:56
HTTP/1.1 302 Found Date: Mon, 13 May 2024 01:56:24 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 377915 X-Debug-Token-Link: https://app.mynoji.com/_profiler/377915 X-Robots-Tag: noindex Expires: Mon, 13 May 2024 01:56:24 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22377915%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=h13rnjf07r7h50n8bee59rp58f; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-05-12 22:06
HTTP/1.1 302 Found Date: Sun, 12 May 2024 22:06:43 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 6f37e6 X-Debug-Token-Link: https://app.mynoji.com/_profiler/6f37e6 X-Robots-Tag: noindex Expires: Sun, 12 May 2024 22:06:43 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%226f37e6%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=m0js9v5s4lreodtsvrr4opl6cs; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-05-08 19:02
HTTP/1.1 302 Found Date: Wed, 08 May 2024 19:02:30 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: bf98e3 X-Debug-Token-Link: https://app.mynoji.com/_profiler/bf98e3 X-Robots-Tag: noindex Expires: Wed, 08 May 2024 19:02:30 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22bf98e3%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=i0gkrbla2jd8lu4e4vng5um5dg; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-05-08 18:08
HTTP/1.1 302 Found Date: Wed, 08 May 2024 18:08:41 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 380916 X-Debug-Token-Link: https://app.mynoji.com/_profiler/380916 X-Robots-Tag: noindex Expires: Wed, 08 May 2024 18:08:41 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22380916%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=61epfh79ld3u933aqb1utkl3en; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-30 23:42
HTTP/1.1 302 Found Date: Tue, 30 Apr 2024 23:43:07 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: e02df7 X-Debug-Token-Link: https://app.mynoji.com/_profiler/e02df7 X-Robots-Tag: noindex Expires: Tue, 30 Apr 2024 23:43:07 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22e02df7%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=c1io2jpvjr01jpchjh9o45emr5; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-30 22:47
HTTP/1.1 302 Found Date: Tue, 30 Apr 2024 22:47:51 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: f7684c X-Debug-Token-Link: https://app.mynoji.com/_profiler/f7684c X-Robots-Tag: noindex Expires: Tue, 30 Apr 2024 22:47:51 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22f7684c%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=0bmba24cim3kou5fijmf9frqkh; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-28 20:53
HTTP/1.1 302 Found Date: Sun, 28 Apr 2024 20:53:13 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 723967 X-Debug-Token-Link: https://app.mynoji.com/_profiler/723967 X-Robots-Tag: noindex Expires: Sun, 28 Apr 2024 20:53:13 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22723967%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=b4uhgemhgmctes15l6s37j25ll; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-28 20:20
HTTP/1.1 302 Found Date: Sun, 28 Apr 2024 20:20:40 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 978832 X-Debug-Token-Link: https://app.mynoji.com/_profiler/978832 X-Robots-Tag: noindex Expires: Sun, 28 Apr 2024 20:20:40 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22978832%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=9jnht2sq0b8tqvsk3jbg0kfqqr; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-19 00:39
HTTP/1.1 302 Found Date: Fri, 19 Apr 2024 00:39:42 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 2bb6ba X-Debug-Token-Link: https://app.mynoji.com/_profiler/2bb6ba X-Robots-Tag: noindex Expires: Fri, 19 Apr 2024 00:39:42 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%222bb6ba%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=okb2kdmbinhoqgt76q99t5qeki; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>
Open service 217.182.205.207:443 · app.mynoji.com
2024-04-18 22:17
HTTP/1.1 302 Found Date: Thu, 18 Apr 2024 22:17:55 GMT Server: Apache/2.4.59 (Debian) Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: ff80f6 X-Debug-Token-Link: https://app.mynoji.com/_profiler/ff80f6 X-Robots-Tag: noindex Expires: Thu, 18 Apr 2024 22:17:55 GMT Set-Cookie: sf_redirect=%7B%22token%22%3A%22ff80f6%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=bd1rvg65rvsvc8jaje409n40c0; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: /signin Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Redirecting to /signin <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/signin'" /> <title>Redirecting to /signin</title> </head> <body> Redirecting to <a href="/signin">/signin</a>. </body> </html>