MySQL is currently open without authentication.
Additionally a ransom note has been found in the dataset which indicates it has been compromised
This results in all the database data made available publicly.
Severity: high
Fingerprint: cf350410ecceb5fdebd6b760d92c9051d92c9051d92c9051d92c9051d92c9051
Databases: 1, row count: 2, size: 16.4 kB Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Severity: critical
Fingerprint: cf350410ecceb5fdf7086ef0717531e1286ec22c50006d6e9a93b0244e8f11a6
Databases: 29, row count: 3318, size: 907.8 kB Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records Found table mysql.columns_priv with 0 records Found table mysql.db with 2 records Found table mysql.event with 0 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.help_category with 47 records Found table mysql.help_keyword with 825 records Found table mysql.help_relation with 1660 records Found table mysql.help_topic with 603 records Found table mysql.innodb_index_stats with 140 records Found table mysql.innodb_table_stats with 24 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.plugin with 0 records Found table mysql.proc with 0 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 2 records Found table mysql.servers with 0 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 0 records Found table mysql.time_zone with 0 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 0 records Found table mysql.time_zone_transition with 0 records Found table mysql.time_zone_transition_type with 0 records Found table mysql.user with 9 records
Severity: critical
Fingerprint: cf350410ecceb5fdf7086ef0e13a440a3bed330931047d01a149369722918321
Databases: 29, row count: 3318, size: 907.8 kB No or default MySQL authentication found.Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records Found table mysql.columns_priv with 0 records Found table mysql.db with 2 records Found table mysql.event with 0 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.help_category with 47 records Found table mysql.help_keyword with 825 records Found table mysql.help_relation with 1660 records Found table mysql.help_topic with 603 records Found table mysql.innodb_index_stats with 140 records Found table mysql.innodb_table_stats with 24 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.plugin with 0 records Found table mysql.proc with 0 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 2 records Found table mysql.servers with 0 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 0 records Found table mysql.time_zone with 0 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 0 records Found table mysql.time_zone_transition with 0 records Found table mysql.time_zone_transition_type with 0 records Found table mysql.user with 9 records
The Kafka instance is available to the public without authentication.
An attacker could connect to the queue to extract private/confidential information in real-time.
Fingerprint: 43224224eeda9da960defeaa0876f6f5949d513e41ee574e18265efa8e55ac3a
NoAuth Found topic test_topic Found topic test Found topic LIC_YIBIAO_3_SHI_LUZ Found topic RTW_EXT_NUM_CHECK Found topic __consumer_offsets
Fingerprint: 43224224eeda9da960defeaa30e3fc825fefa906bc429a769ad67409a48ae272
NoAuth Found topic LIC_YIBIAO_3_SHI_LUZ Found topic RTW_EXT_NUM_CHECK Found topic __consumer_offsets Found topic test_topic Found topic test
Fingerprint: 43224224eeda9da960defeaa3db0e17ea5f18cfeede2108189e030ea3d0bcd42
NoAuth Found topic RTW_EXT_NUM_CHECK Found topic __consumer_offsets Found topic test_topic Found topic test Found topic LIC_YIBIAO_3_SHI_LUZ
Fingerprint: 43224224eeda9da960defeaa332522c51a7931b90a9ffcf717986e8fed88abfc
NoAuth Found topic test Found topic LIC_YIBIAO_3_SHI_LUZ Found topic RTW_EXT_NUM_CHECK Found topic __consumer_offsets Found topic test_topic
Fingerprint: 43224224eeda9da960defeaa30e3fc820716021d865ac606b87daf76b87daf76
NoAuth Found topic LIC_YIBIAO_3_SHI_LUZ Found topic test_topic Found topic test Found topic __consumer_offsets
PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.
This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
Environment variables may contain credentials.
Fingerprint: 2c44e2a6278fb0134173d6fa918842e255c52656c03dfb8e74377ff0a7ae5883
Found PHP info page: $_SERVER['HTTP_HOST'] = 49.232.140.111 $_SERVER['HTTP_USER_AGENT'] = l9explore/1.3.0 $_SERVER['HTTP_ACCEPT_ENCODING'] = gzip $_SERVER['HTTP_CONNECTION'] = close $_SERVER['PATH'] = /root/anaconda3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin $_SERVER['LD_LIBRARY_PATH'] = /usr/local/httpd/lib $_SERVER['SERVER_SIGNATURE'] = no value $_SERVER['SERVER_SOFTWARE'] = Apache/2.4.52 (Unix) PHP/7.4.27 $_SERVER['SERVER_NAME'] = 49.232.140.111 $_SERVER['SERVER_ADDR'] = 172.17.0.2 $_SERVER['SERVER_PORT'] = 80 $_SERVER['REMOTE_ADDR'] = 143.198.136.88 $_SERVER['DOCUMENT_ROOT'] = /var/www/html $_SERVER['REQUEST_SCHEME'] = http $_SERVER['CONTEXT_PREFIX'] = no value $_SERVER['CONTEXT_DOCUMENT_ROOT'] = /var/www/html $_SERVER['SERVER_ADMIN'] = you@example.com $_SERVER['SCRIPT_FILENAME'] = /var/www/html/info.php $_SERVER['REMOTE_PORT'] = 44924 $_SERVER['GATEWAY_INTERFACE'] = CGI/1.1 $_SERVER['SERVER_PROTOCOL'] = HTTP/1.1 $_SERVER['REQUEST_METHOD'] = GET $_SERVER['QUERY_STRING'] = no value $_SERVER['REQUEST_URI'] = /info.php $_SERVER['SCRIPT_NAME'] = /info.php $_SERVER['PHP_SELF'] = /info.php $_SERVER['REQUEST_TIME_FLOAT'] = 1644285657.0348 $_SERVER['REQUEST_TIME'] = 1644285657 $_SERVER['argv'] = Array ( ) $_SERVER['argc'] = 0 $_ENV['HOSTNAME'] = 4d6ec12db9a1 $_ENV['TERM'] = xterm $_ENV['LD_LIBRARY_PATH'] = /usr/local/httpd/lib $_ENV['LS_COLORS'] = rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36: $_ENV['PATH'] = /root/anaconda3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin $_ENV['PWD'] = / $_ENV['LANG'] = zh_CN.UTF-8 $_ENV['HOME'] = /root $_ENV['SHLVL'] = 2 $_ENV['_'] = /usr/local/httpd/bin/httpd