Doxbin - zameen com possible exploits admin page

  ____            _     _       
 |  _ \  _____  _| |__ (_)_ __  
 | | | |/ _ \ \/ / '_ \| | '_ \ 
 | |_| | (_) >  <| |_) | | | | |
 |____/ \___/_/\_\_.__/|_|_| |_|

Title:zameen com possible exploits admin page

Created:Sep 10th, 2020

Created by: maxkimboi

Comments: 0

thumb_up0 thumb_down0

Username: Anonymous - (Login)

Submit Comment

Please note that all posted information is publicly available and must follow our TOS.

 
    _  _    ____ _               _   ____                                                    
  _| || |_ / ___| |__   ___  ___| |_/ ___|  ___  ___                                         
 |_  ..  _| |  _| '_ \ / _ \/ __| __\___ \ / _ \/ __|                                        
 |_      _| |_| | | | | (_) \__ \ |_ ___) |  __/ (__                                         
   |_||_|  \____|_| |_|\___/|___/\__|____/ \___|\___|                                        
    _  _    ____ _               _   ____              ____       _    _     _               
  _| || |_ / ___| |__   ___  ___| |_/ ___|  ___  ___  |  _ \ __ _| | _(_)___| |_ __ _ _ __   
 |_  ..  _| |  _| '_ \ / _ \/ __| __\___ \ / _ \/ __| | |_) / _` | |/ / / __| __/ _` | '_ \  
 |_      _| |_| | | | | (_) \__ \ |_ ___) |  __/ (__  |  __/ (_| |   <| \__ \ || (_| | | | | 
   |_||_|  \____|_| |_|\___/|___/\__|____/ \___|\___| |_|   \__,_|_|\_\_|___/\__\__,_|_| |_| 
                                                                                                     
                                                                                                
zameen.com possible exploits 

[i] Total Subdomains Found : 7

[+] Subdomain: api6.zameen.com
[-] IP: 52.17.95.46

[+] Subdomain: uae.zameen.com
[-] IP: 72.32.201.11

[+] Subdomain: signature.zameen.com
[-] IP: 52.16.154.103

[+] Subdomain: facebook.zameen.com
[-] IP: 78.47.98.254

[+] Subdomain: mail.zameen.com
[-] IP: 72.32.201.11

[+] Subdomain: alerts.zameen.com
[-] IP: 52.49.118.208

[+] Subdomain: agency.zameen.com
[-] IP: 52.31.254.172
https://profolio.zameen.com/javascript/calendar/bgiframe.js
https://profolio.zameen.com/javascript/mapbox-gl.js
https://zameen.com/HomeFinance/Pakistan-Mortgages.php
https://www.zameen.com/profolio/index.php

ADMINS LOGIN PAGE: http://signature.zameen.com 

HTTP:
-> The remote web server contains web pages that are protected by 'Basic' authentication over cleartext.
PHP: 
-> Unsupported version of PHP was detected.
	Installed version    5.3.29
        End of support date  2014/08/14
 	Latest versions   7.1.x / 7.2.x / 7.3.x

-> PHP expose_php Information Disclosure
The PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such a URL triggers an Easter egg built into PHP itself.

rDNS record for 52.16.154.103: ec2-52-16-154-103.eu-west-1.compute.amazonaws.com
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.31 ((Amazon))
|_http-server-header: Apache/2.2.31 (Amazon)
| vulscan: VulDB - https://vuldb.com:
| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
| [64485] Apache Struts up to 2.2.3.0 privilege escalation
| [64457] Apache Struts up to 2.2.3.0 cross site scripting
| [60352] Apache Struts up to 2.2.3 memory corruption
| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability

Apache Http Server
CVE Name CVSS
CVE-2019-3878 libapache2-mod-auth-mellon – security update 6.8
CVE-2019-0227 Apache Axis 1.4 - Remote Code Execution 5.4
CVE-2019-0220 Apache HTTP Server 安全漏洞 5
CVE-2019-0217 Apache HTTP Server 竞争条件问题漏洞 6
CVE-2019-0215 Apache HTTP Server 访问控制错误漏洞 6
CVE-2019-0211 Apache HTTP Server Local Privilege Escalation Exploit 7.2
CVE-2019-0197 Apache HTTP Server 安全漏洞 4.9
CVE-2019-0196 Apache httpd 安全漏洞 5
CVE-2019-0190 Apache HTTP Server 安全漏洞 5
CVE-2019-0186 Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting 4.3
CVE-2018-8021 Apache Superset < 0.23 - Remote Code Execution

BY:
	#GhostSec
	#GhostSecPakistan 	

CREDIT: 
	@sec420x
	@ghostsecpak