Apache
tcp/443
The following URL is publicly accessible and is leaking deployment credentials
Fingerprint: 13b3a7b18ffc92a5ebda39da22333d1f1834ec91fcc492636e8d512090a52bd3
HTTP/1.1 200 OK Date: Tue, 19 Sep 2023 07:31:43 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=397c86814e66546eafb332564e132511; expires=Sat, 23-Sep-2023 11:31:43 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>{ "name": "WClasses Produção", "host": "162.240.237.128", "protocol": "ftp", "port": 21, "username": "desenvolvimento@wclasses.com.br", "password": "Xykkg@190", "remotePath": "/wclasses", "uploadOnSave": false, "useTempFile": false, "openSsh": false }
Fingerprint: 13b3a7b17cfc7502c36c325da4df93f0a921714a239824ca0df518f05f1977e8
{ "name": "WClasses Produção", "host": "162.240.237.128", "protocol": "ftp", "port": 21, "username": "desenvolvimento@wclasses.com.br", "password": "Xykkg@190", "remotePath": "/wclasses", "uploadOnSave": false, "useTempFile": false, "openSsh": false }
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204ade9e7
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://wclasses@bitbucket.org/wclasses/wclasses.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "hostgator-master"] remote = origin merge = refs/heads/hostgator-master [branch "permissao"] remote = origin merge = refs/heads/permissao [pull] rebase = false
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652215b2e6cd
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://wclasses@bitbucket.org/wclasses/wclasses.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "hostgator-master"] remote = origin merge = refs/heads/hostgator-master [branch "permissao"] remote = origin merge = refs/heads/permissao
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-18 14:09
HTTP/1.1 400 Bad Request Date: Tue, 18 Jun 2024 14:09:09 GMT Server: Apache Content-Length: 483 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 400 Bad Request <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /> </p> <p>Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.</p> </body></html>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-16 19:59
HTTP/1.1 200 OK Date: Sun, 16 Jun 2024 19:59:33 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=08a660f16e337a6c1e801869e21f4e6e; expires=Thu, 20-Jun-2024 23:59:33 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-12 07:14
HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 07:14:39 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=11d0b36f1f81bd2c3013cf0322195b08; expires=Sun, 16-Jun-2024 11:14:39 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-10 07:26
HTTP/1.1 200 OK Date: Mon, 10 Jun 2024 07:26:11 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=7f2c0377ad74e2c97f7431d6dad7d84c; expires=Fri, 14-Jun-2024 11:26:11 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-08 00:27
HTTP/1.1 200 OK Date: Sat, 08 Jun 2024 00:27:44 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=3913d207e887f79b55799e22085ebcdd; expires=Wed, 12-Jun-2024 04:27:44 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-05 23:53
HTTP/1.1 200 OK Date: Wed, 05 Jun 2024 23:53:22 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=0e919803c6511324853a9179045d7841; expires=Mon, 10-Jun-2024 03:53:22 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>
Open service 162.240.237.128:443 · feduc.wclasses.com.br
2024-06-04 00:44
HTTP/1.1 200 OK Date: Tue, 04 Jun 2024 00:44:44 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=407bab62f7cac4caf8426622179071c3; expires=Sat, 08-Jun-2024 04:44:44 GMT; Max-Age=360000; path=/ Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <script>top.window.location = 'https://feduc.wclasses.com.br:443/index.php?r=login'</script>