MiniServ 2.013
tcp/10000
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e072b8e8c602b8e8c602b8e8c602b8e8c602b8e8c60
Symfony profiler enabled: http://5.189.153.240/_profiler/empty/search/results
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e07b091b323b091b323b091b323b091b323b091b323
Symfony profiler enabled: http://5.189.153.240:443/_profiler/empty/search/results
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e071ef95b891ef95b891ef95b891ef95b891ef95b89
Symfony profiler enabled: http://5.189.153.240:10000/_profiler/empty/search/results
Open service 5.189.153.240:21
2024-09-10 16:38
220 ProFTPD Server (ProFTPD) [::ffff:5.189.153.240]
Open service 5.189.153.240:22
2024-09-10 14:25
Open service 5.189.153.240:3306
2024-09-10 13:00
MySQL detected
Open service 5.189.153.240:10000
2024-09-09 20:36
HTTP/1.0 200 Document follows Date: Mon, 9 Sep 2024 20:36:14 GMT Server: MiniServ/2.013 Connection: close Auth-type: auth-required=1 Set-Cookie: redirect=1; path=/; httpOnly Set-Cookie: testing=1; path=/; httpOnly Strict-Transport-Security: max-age=0; X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; child-src 'self' X-Content-Type-Options: nosniff X-no-links: 1 Content-type: text/html; Charset=UTF-8 Page title: Login to Webmin <!DOCTYPE HTML> <html data-bgs="gainsboro" class="session_login"> <head> <meta name="color-scheme" content="only light"> <noscript> <style> html[data-bgs="gainsboro"] { background-color: #d6d6d6; } html[data-bgs="nightRider"] { background-color: #1a1c20; } html[data-bgs="nightRider"] div[data-noscript] { color: #979ba080; } html[data-slider-fixed='1'] { margin-right: 0 !important; } body > div[data-noscript] ~ * { display: none !important; } div[data-noscript] { visibility: hidden; animation: 2s noscript-fadein; animation-delay: 1s; text-align: center; animation-fill-mode: forwards; } @keyframes noscript-fadein { 0% { opacity: 0; } 100% { visibility: visible; opacity: 1; } } </style> <div data-noscript> <div class="fa fa-3x fa-exclamation-triangle margined-top-20 text-danger"></div> <h2>JavaScript is disabled</h2> <p>Please enable javascript and refresh the page</p> </div> </noscript> <meta charset="utf-8"> <link data-link-ref rel="apple-touch-icon" sizes="180x180" href="/images/favicons/webmin/apple-touch-icon.png"> <link data-link-ref rel="icon" type="image/png" sizes="32x32" href="/images/favicons/webmin/favicon-32x32.png"> <link data-link-ref rel="icon" type="image/png" sizes="192x192" href="/images/favicons/webmin/android-chrome-192x192.png"> <link data-link-ref rel="icon" type="image/png" sizes="16x16" href="/images/favicons/webmin/favicon-16x16.png"> <link data-link-ref rel="mask-icon" href="/images/favicons/webmin/safari-pinned-tab.svg" color="#004caa"> <meta data-link-ref name="msapplication-TileImage" content="/images/favicons/webmin/mstile-150x150.png"> <meta name="msapplication-TileColor" content="#004caa"> <meta name="theme-color" content="#004caa"> <title>Login to Webmin</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="/unauthenticated/css/bundle.min.css?2013000009999999999" rel="stylesheet"> <script>document.addEventListener("DOMContentLoaded", function(event) {var a=document.querySelectorAll('input[type="password"]');i=0; for(length=a.length;i<length;i++){var b=document.createElement("span"),d=30<a[i].offsetHeight?1:0;b.classList.add("input_warning_caps");b.setAttribute("title","Caps Lock");d&&b.classList.add("large");a[i].classList.add("use_input_warning_caps");a[i].parentNode.insertBefore(b,a[i].nextSibling);a[i].addEventListener("blur",function(){this.nextSibling.classList.remove("visible")});a[i].addEventListener("keydown",function(c){"function"===typeof c.getModifierState&&((state=20===c.keyCode?!c.getModifierState("CapsLock"): c.getModifierState("CapsLock"))?this.nextSibling.classList.add("visible"):this.nextSibling.classList.remove("visible"))})};});function spinner() {var x = document.querySelector('button i.fa-sign-in:not(.invisible)') || document.querySelector('button i.fa-qrcode:not(.invisible)'),s = '<span class="cspinner_container"><span class="cspinner"><span class="cspinner-icon white small"></span></span></span>';if(x){x.classList.add("invisible"); x.insertAdjacentHTML('afterend', s);x.parentNode.classList.add("disabled");x.parentNode.disabled=true}}setTimeout(function(){if(navigator&&navigator.oscpu){var t=navigator.oscpu,i=document.querySelector("html"),e="data-platform";t.indexOf("Linux")>-1?i.setAttribute(e,"linux"):t.indexOf("Windows")>-1&&i.setAttribute(e,"windows")}});</script> <link href="/unauthenticated/css/fonts-roboto.min.css?2013000009999999999" rel="stylesheet"> </head> <body class="session_login" > <div class="container session_login" data-dcontainer="1"> <form class="form-signin session_login clearfix" action="/session_login.cgi" method="post" role="form" onsubmit="spinner()"> <i class="wbm-webmin"></i><h2 class="form-signin-heading"><span> Webmin</span></h2> <p class="form-signin-paragraph">You must enter a username and password to login to the server on<strong> 5.189.153.240</strong></p> <div class="input-group form-group"> <input type="text" name="user" class="form-control session_login" autofocus=" autofocus" autocomplete="username" autocapitalize="none" placeholder="Username" autocorrect="off"> <span class="input-gro