awselb 2.0
tcp/80
nginx
tcp/443
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65220f794b30
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://lizmanchego@bitbucket.org/baguerweb/web-derek.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "develop"] remote = origin merge = refs/heads/develop
Severity: high
Fingerprint: 2580fa947e78dd08e645819d5824ae6e78b8902bc39bee77da0ebf04635cdb1f
HTTP/1.1 200 OK Date: Tue, 09 May 2023 03:40:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Page title: Tienda Derek[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://lizmanchego@bitbucket.org/baguerweb/web-derek.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "develop"] remote = origin merge = refs/heads/develop
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38cb828adac124967581c201a6e
Found 4 files trough .DS_Store spidering: /assets /css /img /js
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65224251d006
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://lizmanchego@bitbucket.org/baguerweb/web-stirpe.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "develop"] remote = origin merge = refs/heads/develop
Open service 52.6.18.78:443
2024-06-14 06:11
HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 06:11:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx X-Powered-By: PHP/8.2.10 Cache-Control: no-cache, private Set-Cookie: october_session=eyJpdiI6IndvR2p4MkRsVWgvcFFQRzNsTUNtcEE9PSIsInZhbHVlIjoiNWdhZFZ3TkQyOFlpNS95OFB1b09VblhWTEpOdFRCUVpLNEV0TWpuVE5CSUdEY3prdFgrQk5Rc3JhZGtaTnVhd2VmU3ZZWnl3bUFvdFBtdlg4T08vSlQxYzZOaVpuMlZyb2tJRGRsTlRjYmxDQkhpK3htTWZpYktJMVh2Wmc4WVciLCJtYWMiOiIyMGY5ZDA1NWRiNjJiODZjNzcyMGMwZmQwZjk0OWRhMzEwNmU3YzQxMTkyMzMzODM0ZmI4MzBhNDc1YWZkMGYyIiwidGFnIjoiIn0%3D; expires=Fri, 14 Jun 2024 08:11:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Open service 52.6.18.78:80
2024-06-13 23:09
HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Thu, 13 Jun 2024 23:09:34 GMT Content-Type: text/html Content-Length: 134 Connection: close Location: https://52.6.18.78:443/ Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> </body> </html>
Open service 52.6.18.78:443 · devderek.com.co
2024-06-03 23:39
HTTP/1.1 200 OK Date: Mon, 03 Jun 2024 23:39:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx X-Powered-By: PHP/8.2.10 Cache-Control: no-cache, private Set-Cookie: october_session=eyJpdiI6Ikg5UVFnZ1VsYit4d3dqbGZFN1h5a0E9PSIsInZhbHVlIjoiUmczSTBXamt0alo5UmpoR2Nhem42Z0ZhYTdlN0JQbEVINnU4SFJ4WGVQd1JwcWFkL24xRUhJS21NbVVCb1VnZjZ3U0FpOHcwRXI3eHBQYjIxd0lPTnhRSy9oaXlINlRIek1MUzNDSEd2ZjBYNTdZc2NQY0N6LzNhZE13dmFEL00iLCJtYWMiOiI3M2E1ZTM4NzliYmVhYzBjMzU1NjRiMzkxNGM5YWM0OGM2OTg4OGUxZGIwZmJjZGNlMDdmMjMzZWVjNGZjODRkIiwidGFnIjoiIn0%3D; expires=Tue, 04 Jun 2024 01:39:10 GMT; Max-Age=7200; path=/; httponly; samesite=lax