Apache 2.4.6
tcp/8080
OpenSSL 1.0.2k-fips
tcp/8080
PHP 5.4.16
tcp/8080
mod_fcgid 2.3.9
tcp/8080
nginx 1.16.1
tcp/443 tcp/80
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65229b9314d1
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@git.openstart.ru:zamena-masla-spot.ru fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "33740_new_design_implementation"] remote = origin merge = refs/heads/33740_new_design_implementation
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522f2ac7d85
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@git.openstart.ru:zamena-masla-spot.ru fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "old_design"] remote = origin merge = refs/heads/old_design
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522e99d4c2c
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@git.openstart.ru:zamena-masla-spot.ru fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522547b0c33
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = git@git.openstart.ru:zamena-masla-spot.ru.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "grigoriy/franchise"] remote = origin merge = refs/heads/grigoriy/franchise [branch "master"] remote = origin merge = refs/heads/master
PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.
This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
Environment variables may contain credentials.
Fingerprint: 2c44e2a6278fb0134173d6fa21f87b8ca4ebcae5dc617a15f3943be66efed8bf
Found PHP info page: _SERVER["PATH"] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin _SERVER["SCRIPT_NAME"] = /info.php _SERVER["REQUEST_URI"] = /info.php _SERVER["QUERY_STRING"] = no value _SERVER["REQUEST_METHOD"] = GET _SERVER["SERVER_PROTOCOL"] = HTTP/1.0 _SERVER["GATEWAY_INTERFACE"] = CGI/1.1 _SERVER["REMOTE_PORT"] = 45022 _SERVER["SCRIPT_FILENAME"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru/info.php _SERVER["SERVER_ADMIN"] = gk@openstart.ru _SERVER["CONTEXT_DOCUMENT_ROOT"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru _SERVER["CONTEXT_PREFIX"] = no value _SERVER["REQUEST_SCHEME"] = http _SERVER["DOCUMENT_ROOT"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru _SERVER["REMOTE_ADDR"] = 167.71.13.196 _SERVER["SERVER_PORT"] = 80 _SERVER["SERVER_ADDR"] = 127.0.0.1 _SERVER["SERVER_NAME"] = zamena-masla-spot.ru _SERVER["SERVER_SOFTWARE"] = Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 _SERVER["SERVER_SIGNATURE"] = no value _SERVER["HTTP_ACCEPT_ENCODING"] = gzip _SERVER["HTTP_USER_AGENT"] = l9explore/1.3.0 _SERVER["HTTP_CONNECTION"] = close _SERVER["HTTP_X_FORWARDED_PORT"] = 443 _SERVER["HTTP_X_FORWARDED_PROTO"] = https _SERVER["HTTP_HOST"] = zamena-masla-spot.ru _SERVER["PERL5LIB"] = /usr/share/awstats/lib:/usr/share/awstats/plugins _SERVER["UNIQUE_ID"] = YfIKycn0ReYdSvuZmmBcvQAAAAE _SERVER["HTTPS"] = on _SERVER["FCGI_ROLE"] = RESPONDER _SERVER["PHP_SELF"] = /info.php _SERVER["REQUEST_TIME_FLOAT"] = 1643252425.9616 _SERVER["REQUEST_TIME"] = 1643252425
Fingerprint: 2c44e2a6278fb0134173d6fa21f87b8ca4ebcae5dc617a15f3943be625ef9e73
Found PHP info page: _SERVER["PATH"] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin _SERVER["SCRIPT_NAME"] = /info.php _SERVER["REQUEST_URI"] = /info.php _SERVER["QUERY_STRING"] = no value _SERVER["REQUEST_METHOD"] = GET _SERVER["SERVER_PROTOCOL"] = HTTP/1.0 _SERVER["GATEWAY_INTERFACE"] = CGI/1.1 _SERVER["REMOTE_PORT"] = 36844 _SERVER["SCRIPT_FILENAME"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru/info.php _SERVER["SERVER_ADMIN"] = gk@openstart.ru _SERVER["CONTEXT_DOCUMENT_ROOT"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru _SERVER["CONTEXT_PREFIX"] = no value _SERVER["REQUEST_SCHEME"] = http _SERVER["DOCUMENT_ROOT"] = /var/www/www-root/data/www/default.zamena-masla-spot.ru _SERVER["REMOTE_ADDR"] = 167.71.13.196 _SERVER["SERVER_PORT"] = 80 _SERVER["SERVER_ADDR"] = 127.0.0.1 _SERVER["SERVER_NAME"] = zamena-masla-spot.ru _SERVER["SERVER_SOFTWARE"] = Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 _SERVER["SERVER_SIGNATURE"] = no value _SERVER["HTTP_ACCEPT_ENCODING"] = gzip _SERVER["HTTP_USER_AGENT"] = l9explore/1.3.0 _SERVER["HTTP_CONNECTION"] = close _SERVER["HTTP_X_FORWARDED_PORT"] = 443 _SERVER["HTTP_X_FORWARDED_PROTO"] = https _SERVER["HTTP_HOST"] = zamena-masla-spot.ru _SERVER["PERL5LIB"] = /usr/share/awstats/lib:/usr/share/awstats/plugins _SERVER["UNIQUE_ID"] = YX2PcSt8PQCwoDfKUWAqdwAAAAk _SERVER["HTTPS"] = on _SERVER["FCGI_ROLE"] = RESPONDER _SERVER["PHP_SELF"] = /info.php _SERVER["REQUEST_TIME_FLOAT"] = 1635618673.4408 _SERVER["REQUEST_TIME"] = 1635618673
Open service 37.140.195.23:443
2024-09-11 20:14
HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Wed, 11 Sep 2024 20:14:57 GMT Content-Type: text/html Content-Length: 657 Connection: close Page title: 400 The plain HTTP request was sent to HTTPS port <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.16.1</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Open service 37.140.195.23:22
2024-09-11 14:15
Open service 37.140.195.23:80
2024-09-10 15:05
HTTP/1.1 302 Found Server: nginx/1.16.1 Date: Tue, 10 Sep 2024 15:05:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Powered-By: PHP/7.2.26 Location: http://default.140.195.23
Open service 37.140.195.23:8080
2024-09-10 11:58
HTTP/1.1 200 OK Date: Tue, 10 Sep 2024 11:58:32 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 X-Powered-By: PHP/7.3.13 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=d1190c6e0df155919db314ad953e5958; expires=Tue, 10-Sep-2024 21:00:00 GMT; Max-Age=32488; path=/; domain=.37.140.195.23 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Page title: Авторизация <!DOCTYPE html> <html class='entry-page-html' lang=""> <head> <title>Авторизация </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow" /> <script src="/js/jquery-3.4.1.min.js?1715873040"></script> <script src="/js/jquery-3.5.7.fancybox.min.js?1715873040"></script> <script src="/js/jquery-ui.js?1664282871"></script> <script src="/js/jquery-throttle-debounce.min.js?1664282871"></script> <script src="/js/jquery.mask.min.js?1664282871"></script> <script src="/js/jquery.cookie.js?1664282871"></script> <script src="/js/moment.js?1664282871"></script> <script src="/js/daterangepicker.js?1664282871"></script> <script src="/js/air_datetime/datepicker.js?1664282871"></script> <script src="/js/croppie/croppie.js?1664282871"></script> <script src="/js/common.js?1664282871"></script> <script src="/js/require.js?1664282871"></script> <script src="/js/main.js?1690188754"></script> <script src="/js/app/require-config.js?1664282871"></script> <script src="/js/chosen/chosen.proto.js?1718800898"></script> <script src="/js/chosen/chosen.jquery.js?1718800898"></script> <script src="/js/tinymce/tinymce.min.js?1664282871"></script> <link rel="stylesheet" href="/css/jquery-3.5.7.fancybox.min.css?1715873040"/> <link rel="stylesheet" href="/css/daterangepicker.css?1664282871"/> <link rel="stylesheet" href="/css/style.css?1722863985"/> <link rel="stylesheet" type="text/css" href="/js/air_datetime/datepicker.css?1664282871"/> <link rel="stylesheet" href="/js/croppie/croppie.css?1664282871"/> <link rel="stylesheet" type="text/css" href="/js/asmselect/jquery.asmselect.css"/> <link rel="stylesheet" type="text/css" href="/js/chosen/chosen.css"/> <link rel="stylesheet" href="../../vendor/components/font-awesome/css/all.min.css" crossorigin="anonymous"> <link rel="stylesheet" type="text/css" href="https://yandex.st/jquery-ui/1.11.2/themes/base/jquery-ui.min.css"/> <link href="https://fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap&subset=cyrillic" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"></script> <script>require(['main'])</script> <script> tinymce.init(getTinyMceParams('#field__content', {})); </script> </head> <body> <div class='entry-page'> <header class='header'> <div class="menu-container"> <h1 id="site_name"><a href="/"><div class="logo_container"><img src="/files/icons/spot_3kh6_solar.png" alt=""/> <img src="/files/icons/arrow.png" alt=""/> <img src="/files/icons/CRM.png" alt=""/></div></a> </h1> </div> </header> <div class=""> <script> let newDomain = document.domain.replace(/^(.+)\.$/, '$1'); if (newDomain !== document.domain) { window.location.href = 'http://' + newDomain; } </script> <div class="form-bg"> <form action='' method='post'> <input type='hidden' name='user_login' value='1' /> <div class='form_auth form-auth-wrapper'> <span class='error'></span> <table border=0 class='form form-auth'> <tr> <td><div class="form_header">Авторизация</div></td> </tr> <tr> <td><div class="auth_name"><input class="auth_input" type='text' name='login' value='' /></div></td> </tr> <tr> <td><div class="auth_pass"><input class="auth_input" type='password' name='password' value='' /></div></td> </tr> <tr> <td class="auth_forget-log-pass">Забыли логин или пароль?</td> </tr> <tr> <td><button class="auth_submit" type='submit'>Войти</button> </td> </tr> </table> </div> </form> </div> </div> </div> <div id="debugContainer"></div> <script> $('.work_day_end').click(function (){ sendPrintRequest('/ajax/kkm_action?set_id=
Open service 37.140.195.23:21
2024-09-09 19:12
220 FTP Server ready.