A JSON configuration file has been found at config.json
.
It may contains application configuration such as credentials.
False positive might happen when hitting a JSON API endpoint.
Fingerprint: b18befd9dd6536826bb123be6bb123be6bb123be6bb123be6bb123be6bb123be
{"errno":"1","errstr":["\u8bbf\u95ee\u5730\u5740\u4e0d\u5b58\u5728\uff01"]}
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c026392ab026392abdd89518f43d7a051037c747eac8b036f
Found 7 files trough .DS_Store spidering: /library /model /pay /payment /safe /versionControl /view
PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.
This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
Environment variables may contain credentials.
Fingerprint: 2c44e2a6278fb0134173d6fa8a4be714b772c9baaeb804978432088dcdd4b9c1
Found PHP info page: $_SERVER['USER'] = apache $_SERVER['HOME'] = /usr/share/httpd $_SERVER['SCRIPT_NAME'] = /info.php $_SERVER['REQUEST_URI'] = /info.php $_SERVER['QUERY_STRING'] = no value $_SERVER['REQUEST_METHOD'] = GET $_SERVER['SERVER_PROTOCOL'] = HTTP/1.1 $_SERVER['GATEWAY_INTERFACE'] = CGI/1.1 $_SERVER['REMOTE_PORT'] = 36526 $_SERVER['SCRIPT_FILENAME'] = /usr/local/public_html_home61/info.php $_SERVER['SERVER_ADMIN'] = root@localhost $_SERVER['CONTEXT_DOCUMENT_ROOT'] = /usr/local/public_html_home61 $_SERVER['CONTEXT_PREFIX'] = no value $_SERVER['REQUEST_SCHEME'] = http $_SERVER['DOCUMENT_ROOT'] = /usr/local/public_html_home61 $_SERVER['REMOTE_ADDR'] = 134.122.112.12 $_SERVER['SERVER_PORT'] = 80 $_SERVER['SERVER_ADDR'] = 192.168.41.212 $_SERVER['SERVER_NAME'] = 16.162.122.80 $_SERVER['SERVER_SOFTWARE'] = Apache/2.4.37 (Red Hat Enterprise Linux) $_SERVER['SERVER_SIGNATURE'] = no value $_SERVER['PATH'] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin $_SERVER['HTTP_CONNECTION'] = close $_SERVER['HTTP_ACCEPT_ENCODING'] = gzip $_SERVER['HTTP_USER_AGENT'] = l9explore/1.3.0 $_SERVER['HTTP_HOST'] = 16.162.122.80 $_SERVER['proxy-nokeepalive'] = 1 $_SERVER['UNIQUE_ID'] = YZA9upKG25fJxPPF-NwivgAAAFM $_SERVER['FCGI_ROLE'] = RESPONDER $_SERVER['PHP_SELF'] = /info.php $_SERVER['REQUEST_TIME_FLOAT'] = 1636842938.0444 $_SERVER['REQUEST_TIME'] = 1636842938