Apache 2.4.7
tcp/80
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c87f05b7087f05b703fb5941b9c5d767cb116269ccfb824ca
Found 26 files trough .DS_Store spidering: /backend.php /backend_dev.php /css /frontend_dev.php /images /images/Down-arrow-22-orange.png /images/mobile /images/mobile/ajax-loader.png /images/mobile/icon-search-black.png /images/mobile/icons-18-black.png /images/mobile/icons-18-white.png /images/mobile/icons-36-black.png /images/mobile/icons-36-white.png /images/mobile/logo.png /images/mobile/logo.xcf /images/title.png /index.php /js /MAMP-PRO-Logo.gif /robots.txt /sfAdminDashPlugin /sfDoctrinePlugin /sfProtoculousPlugin /style.css /uploads /wip.html
The application has Symfony verbose mode enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 05ab011344cbe668c52dda4df74d38988fc608f22a8ad83b5c19cf9eb635e618
app_sf_admin_dash_default_image: config.png app_sf_admin_dash_image_dir: /sfAdminDashPlugin/images/icons/ app_sf_admin_dash_include_jquery: true app_sf_admin_dash_logout: true app_sf_admin_dash_resize_mode: thumbnail app_sf_admin_dash_site: 'My Site' app_sf_admin_dash_web_dir: /sfAdminDashPlugin sf_admin_module_web_dir: /sfDoctrinePlugin sf_admin_web_dir: /sf/sf_admin sf_app: frontend sf_app_base_cache_dir: /var/www/questions/cache/frontend sf_app_cache_dir: /var/www/questions/cache/frontend/dev sf_app_config_dir: /var/www/questions/apps/frontend/config sf_app_dir: /var/www/questions/apps/frontend sf_app_i18n_dir: /var/www/questions/apps/frontend/i18n sf_app_lib_dir: /var/www/questions/apps/frontend/lib sf_app_module_dir: /var/www/questions/apps/frontend/modules sf_app_template_dir: /var/www/questions/apps/frontend/templates sf_apps_dir: /var/www/questions/apps sf_cache: false sf_cache_dir: /var/www/questions/cache sf_calendar_web_dir: /sf/calendar sf_charset: utf-8 sf_check_lock: false sf_check_symfony_version: false sf_compressed: false sf_config_cache_dir: /var/www/questions/cache/frontend/dev/config sf_config_dir: /var/www/questions/config sf_csrf_secret: false sf_data_dir: /var/www/questions/data sf_debug: true sf_default_culture: en sf_doc_dir: /var/www/questions/doc sf_enabled_modules: - default sf_environment: dev sf_error_404_action: error404 sf_error_404_module: default sf_error_reporting: 32767 sf_escaping_method: ESC_SPECIALCHARS sf_escaping_strategy: false sf_etag: false sf_i18n: false sf_i18n_cache_dir: /var/www/questions/cache/frontend/dev/i18n sf_lazy_cache_key: true sf_lib_dir: /var/www/questions/lib sf_log_dir: /var/www/questions/log sf_logging_enabled: true sf_login_action: login sf_login_module: default sf_max_forwards: 5 sf_module_cache_dir: /var/www/questions/cache/frontend/dev/modules sf_module_disabled_action: disabled sf_module_disabled_module: default sf_no_script_name: false sf_orm: doctrine sf_plugins_dir: /var/www/questions/plugins sf_prototype_web_dir: /sfProtoculousPlugin sf_rich_text_js_dir: js/tiny_mce sf_root_dir: /var/www/questions sf_secure_action: secure sf_secure_module: default sf_standard_helpers: - Partial - Cache - Form sf_strip_comments: true sf_symfony_lib_dir: /var/www/questions/lib/symfony sf_template_cache_dir: /var/www/questions/cache/frontend/dev/template sf_test_cache_dir: /var/www/questions/cache/frontend/dev/test sf_test_dir: /var/www/questions/test sf_upload_dir: /var/www/questions/web/uploads sf_use_database: true sf_validation_error_class: form_error sf_validation_error_id_prefix: error_for_ sf_validation_error_prefix: ' ↓ ' sf_validation_error_suffix: ' ↓' sf_web_debug: true sf_web_debug_web_dir: /sf/sf_web_debug sf_web_dir: /var/www/questions/web
Open service 139.59.173.104:80
2024-03-21 10:28
HTTP/1.0 500 Internal Server Error Date: Thu, 21 Mar 2024 10:22:04 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Set-Cookie: symfony=kb09c5obte59sgbfh0i2o6him4; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8
Open service 139.59.173.104:80
2024-03-08 04:43
HTTP/1.0 500 Internal Server Error Date: Fri, 08 Mar 2024 04:37:23 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Set-Cookie: symfony=2k3tkn1ocpq96cf5j7cjife4u4; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8
Open service 139.59.173.104:80
2024-03-07 17:53
HTTP/1.0 500 Internal Server Error Date: Thu, 07 Mar 2024 17:46:46 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Set-Cookie: symfony=h3bpbvmnmqqo255p5860udf962; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8
Open service 139.59.173.104:80
2024-03-06 20:44
HTTP/1.0 500 Internal Server Error Date: Wed, 06 Mar 2024 20:37:51 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Set-Cookie: symfony=n4sggq5i4tnejsl7945cgouh85; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8
Open service 139.59.173.104:22
2024-03-04 03:00
Open service 139.59.173.104:80
2024-03-03 12:42
HTTP/1.0 500 Internal Server Error Date: Sun, 03 Mar 2024 12:36:07 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.9 Set-Cookie: symfony=pgeebua94gahpm39rp499ov2a0; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8
Open service 139.59.173.104:22
2024-03-02 04:21