MiniServ
tcp/10000
nginx 1.14.0
tcp/80
MySQL is currently open without authentication.
This results in all the database data made available publicly.
Severity: high
Fingerprint: cf350410ecceb5fd43a3a8616e8d6f8b778a23c78ac982486fc19507d32c4312
Databases: 55, row count: 149707, size: 11.9 MB Found table dbmonai.crop_images with 2436 records Found table dbmonai.detects with 1393 records Found table dbmonai.failed_jobs with 3 records Found table dbmonai.images with 4443 records Found table dbmonai.jobs with 0 records Found table dbmonai.log_errors with 14 records Found table dbmonai.migrations with 15 records Found table dbmonai.model_has_permissions with 0 records Found table dbmonai.model_has_roles with 5 records Found table dbmonai.monitoring_servers with 4 records Found table dbmonai.password_resets with 0 records Found table dbmonai.permissions with 0 records Found table dbmonai.personal_access_tokens with 0 records Found table dbmonai.role_has_permissions with 0 records Found table dbmonai.roles with 2 records Found table dbmonai.sessions with 7 records Found table dbmonai.users with 5 records Found table mysql.columns_priv with 0 records Found table mysql.component with 0 records Found table mysql.db with 3 records Found table mysql.default_roles with 0 records Found table mysql.engine_cost with 2 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.global_grants with 92 records Found table mysql.gtid_executed with 0 records Found table mysql.help_category with 53 records Found table mysql.help_keyword with 914 records Found table mysql.help_relation with 3199 records Found table mysql.help_topic with 451 records Found table mysql.innodb_index_stats with 114 records Found table mysql.innodb_table_stats with 19 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.password_history with 0 records Found table mysql.plugin with 0 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 1 records Found table mysql.replication_asynchronous_connection_failover with 0 records Found table mysql.replication_asynchronous_connection_failover_managed with 0 records Found table mysql.replication_group_configuration_version with 1 records Found table mysql.replication_group_member_actions with 2 records Found table mysql.role_edges with 0 records Found table mysql.server_cost with 6 records Found table mysql.servers with 0 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 2 records Found table mysql.time_zone with 1815 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 2006 records Found table mysql.time_zone_transition with 122161 records Found table mysql.time_zone_transition_type with 10529 records Found table mysql.user with 6 records
Open service 103.182.47.37:80
2024-06-20 07:29
HTTP/1.1 200 OK Server: nginx/1.14.0 (Ubuntu) Date: Thu, 20 Jun 2024 07:29:45 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Wed, 17 Apr 2024 01:08:17 GMT Connection: close ETag: "661f2101-264" Accept-Ranges: bytes Page title: Welcome to nginx! <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Open service 103.182.47.37:10000
2024-06-20 06:17
HTTP/1.0 200 Document follows Date: Thu, 20 Jun 2024 06:17:18 GMT Server: MiniServ Connection: close Auth-type: auth-required=1 Set-Cookie: redirect=1; path=/; secure; httpOnly Set-Cookie: testing=1; path=/; secure; httpOnly X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; child-src 'self' X-Content-Type-Options: nosniff X-no-links: 1 Content-type: text/html; Charset=UTF-8 Page title: Login to Webmin <!DOCTYPE HTML> <html data-bgs="gainsboro" class="session_login"> <head> <meta name="color-scheme" content="only light"> <noscript> <style> html[data-bgs="gainsboro"] { background-color: #d6d6d6; } html[data-bgs="nightRider"] { background-color: #1a1c20; } html[data-bgs="nightRider"] div[data-noscript] { color: #979ba080; } html[data-slider-fixed='1'] { margin-right: 0 !important; } body > div[data-noscript] ~ * { display: none !important; } div[data-noscript] { visibility: hidden; animation: 2s noscript-fadein; animation-delay: 1s; text-align: center; animation-fill-mode: forwards; } @keyframes noscript-fadein { 0% { opacity: 0; } 100% { visibility: visible; opacity: 1; } } </style> <div data-noscript> <div class="fa fa-3x fa-exclamation-triangle margined-top-20 text-danger"></div> <h2>JavaScript is disabled</h2> <p>Please enable javascript and refresh the page</p> </div> </noscript> <meta charset="utf-8"> <link data-link-ref rel="apple-touch-icon" sizes="180x180" href="/images/favicons/webmin/apple-touch-icon.png"> <link data-link-ref rel="icon" type="image/png" sizes="32x32" href="/images/favicons/webmin/favicon-32x32.png"> <link data-link-ref rel="icon" type="image/png" sizes="192x192" href="/images/favicons/webmin/android-chrome-192x192.png"> <link data-link-ref rel="icon" type="image/png" sizes="16x16" href="/images/favicons/webmin/favicon-16x16.png"> <link data-link-ref rel="mask-icon" href="/images/favicons/webmin/safari-pinned-tab.svg" color="#004090"> <meta data-link-ref name="msapplication-TileImage" content="/images/favicons/webmin/mstile-150x150.png"> <meta name="msapplication-TileColor" content="#004090"> <meta name="theme-color" content="#004090"> <title>Login to Webmin</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="/unauthenticated/css/bundle.min.css?219500009999999999" rel="stylesheet"> <script>document.addEventListener("DOMContentLoaded", function(event) {var a=document.querySelectorAll('input[type="password"]');i=0; for(length=a.length;i<length;i++){var b=document.createElement("span"),d=30<a[i].offsetHeight?1:0;b.classList.add("input_warning_caps");b.setAttribute("title","Caps Lock");d&&b.classList.add("large");a[i].classList.add("use_input_warning_caps");a[i].parentNode.insertBefore(b,a[i].nextSibling);a[i].addEventListener("blur",function(){this.nextSibling.classList.remove("visible")});a[i].addEventListener("keydown",function(c){"function"===typeof c.getModifierState&&((state=20===c.keyCode?!c.getModifierState("CapsLock"): c.getModifierState("CapsLock"))?this.nextSibling.classList.add("visible"):this.nextSibling.classList.remove("visible"))})};});function spinner() {var x = document.querySelector('button i.fa-sign-in:not(.invisible)') || document.querySelector('button i.fa-qrcode:not(.invisible)'),s = '<span class="cspinner_container"><span class="cspinner"><span class="cspinner-icon white small"></span></span></span>';if(x){x.classList.add("invisible"); x.insertAdjacentHTML('afterend', s);x.parentNode.classList.add("disabled");x.parentNode.disabled=true}}setTimeout(function(){if(navigator&&navigator.oscpu){var t=navigator.oscpu,i=document.querySelector("html"),e="data-platform";t.indexOf("Linux")>-1?i.setAttribute(e,"linux"):t.indexOf("Windows")>-1&&i.setAttribute(e,"windows")}});</script> <link href="/unauthenticated/css/fonts-roboto.min.css?219500009999999999" rel="stylesheet"> </head> <body class="session_login" > <div class="container session_login" data-dcontainer="1"> <div class="alert alert-warning" data-defcert> <strong><i class ="fa fa-exclamation-triangle"></i> Warning!</strong><br /><span>Default Webmin bundled SSL certificate is being used. It is highly advised to update default <tt>/etc/webmin/miniserv.pem</tt> certificate before proceeding with login.</span> </div> <form class="form-signin session_login clearfix" action="/session_login.cgi" method="post" role="form" onsubmit="spinner()"> <i class="wbm-webmin"></i><h2 class="form-signin-heading"><span> Webmin</span></h2> <p class="form-signin-paragraph">You must enter a username a