[XSS,Int Overflow,Dir. Trav.]Flightleveljobs.com dump

ICE_ · 02-23-2013, 05:43 AM

Site: www.flightleveljobs.com
IP: 72.29.93.195
OS: Linux 2.6.9 - 2.6.27
Scanned Ports: 1000
Open Ports: 11
Filtered Ports: 928
Closed Ports: 61
Host Name: ns1.profitgateinc.com

Ports:

port/protocol state service version

Code:
21/tcp  open  ftp        Pure-FTPd

25/tcp  open  smtp       Exim smtpd 4.80

53/tcp  open  domain     ISC BIND 9.3.6-20.P1.el5_8.6

80/tcp  open  http?

110/tcp open  pop3       Dovecot pop3d

143/tcp open  imap       Dovecot imapd

443/tcp open  ssl/https?

465/tcp open  ssl/smtp   Exim smtpd 4.80

587/tcp open  smtp       Exim smtpd 4.80

993/tcp open  ssl/imap   Dovecot imapd

995/tcp open  ssl/pop3   Dovecot pop3d

Pure-FTPd Vulnerabilities:

Code:
CVE ID: CVE-2001-3171

CWE ID: 22

Vulnerability Type(s): Directory Traversal

Score: 3.6

CVE ID: CVE-2011-1575

CWE ID: 399

Vulnerability Type(s): Unkown

Score: 5.8

CVE ID: CVE-2001-0988

CWE ID: 264

Vulnerability Type(s): Privilege 

Score: 4.4

CVE ID: CVE-2001-0418

CWE ID: 20

Vulnerability Type(s): Denial Of Service

Score: 4.0

CVE ID: CVE-2001-0656

CWE ID: Unkown

Vulnerability Type(s): Denail Of Service

Score: 5.0

Vulnerabilities:

High Risk: 17

Cross Site Scripting: 11

Integer Overflow: 4

Possible Directory Traversal: 2

Medium Risk: 6
Local Filesystem Paths Found: 2
PHP Error Detected: 4

High Risk Areas:

Cross Site Scripting:

Code:
http://flightleveljobs.com/employers/help.php

http://flightleveljobs.com/jobseekers/help.php

http://flightleveljobs.com/jobseekers/login.php

http://flightleveljobs.com/jobseekers/login.php

http://flightleveljobs.com/results.php?pg=9.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000027v566881%3E

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000025v566881%3E&subcityhiddenval=New%20York&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=1&submit=Search

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000035v566881%3E&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=1&submit=Search

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000017v566881%3E&contract=Contract&contract=Permanent&contract=Temporary&kw=1&submit=Search

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1&contract=Contract.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000019v566881%3E&contract=Permanent&contract=Temporary&kw=1&submit=Search

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=1&submit=Search.htaccess.aspx--%3E%22%3E'%3E'%22%3Cvvv000029v566881%3E

http://flightleveljobs.com/results.php?subcategoryhiddenval=1--%3E%22%3E'%3E'%22%3Cvvv000030v566881%3E&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=1&submit=Search

Integer Overflow:

http://flightleveljobs.com/results.php?pg=2147483647

http://flightleveljobs.com/results.php?pg=2147483648

http://flightleveljobs.com/results.php?pg=4294967295

http://flightleveljobs.com/results.php?pg=4294967296

Possible Directory Traversal:

Code:
http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=.%5C1&submit=Sear&pg=9

http://flightleveljobs.com/results.php?subcategoryhiddenval=1&subcountyhiddenval=1&subcityhiddenval=New%20York&category=1&contract=Contract&contract=Permanent&contract=Temporary&kw=.%5C1&submit=Search

SCAN END

Scan was done by Earthly Minds

Scan results and credits are copyright of IronHeart Security (website in progress).

BreShiE · 02-23-2013, 07:43 AM

This is what happens when you use a program to scan a website, it picks up false positives. Let me guess, you used something like WebCruiser, right?

Charon · 02-23-2013, 09:59 AM

Yep a scanner and I bet they're all false positives like BreShiE mentioned. You should try to find vulnerabilities manually. Wink

ICE_ · 02-23-2013, 02:21 PM

(02-23-2013, 07:43 AM)BreShiE Wrote: This is what happens when you use a program to scan a website, it picks up false positives. Let me guess, you used something like WebCruiser, right?

well, yes this is scanner results, no I used subgraph vega, yes I checked most of the XSS manually