Preliminary vulnerability analysis:
Classification:
CWE : CWE-693
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

Vulnerability Report 1 GuestMob
+ Target IP: 151.101.2.137
+ Target Hostname: guestmob.myspreadshop.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=*.myspreadshop.com
Ciphers: TLS_AES_256_GCM_SHA384
Issuer: /C=US/O=Let's Encrypt/CN=R3
+ Message: Multiple IP addresses found: 151.101.2.137, 151.101.66.137, 151.101.130.137, 151.101.194.137
+ Start Time: 2022-02-15 20:12:00 (GMT-5)
---------------------------------------------------------------------------
+ Server: nginx/9.5
+ Retrieved via header: 1.1 varnish, 1.1 varnish
+ Retrieved x-served-by header: cache-dfw18677-DFW, cache-dal21249-DAL
+ Retrieved x-server-name header: sprd-shop03_na1
+ Retrieved access-control-allow-origin header: *
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'x-cache' found, with contents: MISS, HIT
+ Uncommon header 'x-server-name' found, with contents: sprd-shop03_na1
+ Uncommon header 'x-served-by' found, with contents: cache-dfw18677-DFW, cache-dal21249-DAL
+ Uncommon header 'x-trace-id' found, with contents: 163eb2966f0caca893ea8e8532bcd5d0e7441c34
+ Uncommon header 'server-timing' found, with contents: HIT-CLUSTER, fastly;desc="Edge time";dur=1
+ Uncommon header 'x-timer' found, with contents: S1644995523.367104,VS0,VE1
+ Uncommon header 'x-dns-prefetch-control' found, with contents: on
+ Uncommon header 'x-application' found, with contents: shop
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Server banner has changed from 'nginx/9.5' to 'Varnish' which may suggest a WAF, load balancer or proxy is in place
+ "robots.txt" contains 3 entries which should be manually viewed.
+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
+ Server is using a wildcard certificate: *.myspreadshop.com
+ Allowed HTTP Methods: HEAD, GET, OPTIONS
 
RAW Paste Data
+ Target IP: 151.101.2.137 + Target Hostname: guestmob.myspreadshop.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /CN=*.myspreadshop.com Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C=US/O=Let's Encrypt/CN=R3 + Message: Multiple IP addresses found: 151.101.2.137, 151.101.66.137, 151.101.130.137, 151.101.194.137 + Start Time: 2022-02-15 20:12:00 (GMT-5) --------------------------------------------------------------------------- + Server: nginx/9.5 + Retrieved via header: 1.1 varnish, 1.1 varnish + Retrieved x-served-by header: cache-dfw18677-DFW, cache-dal21249-DAL + Retrieved x-server-name header: sprd-shop03_na1 + Retrieved access-control-allow-origin header: * + The anti-clickjacking X-Frame-Options header is not present. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + Uncommon header 'x-cache' found, with contents: MISS, HIT + Uncommon header 'x-server-name' found, with contents: sprd-shop03_na1 + Uncommon header 'x-served-by' found, with contents: cache-dfw18677-DFW, cache-dal21249-DAL + Uncommon header 'x-trace-id' found, with contents: 163eb2966f0caca893ea8e8532bcd5d0e7441c34 + Uncommon header 'server-timing' found, with contents: HIT-CLUSTER, fastly;desc="Edge time";dur=1 + Uncommon header 'x-timer' found, with contents: S1644995523.367104,VS0,VE1 + Uncommon header 'x-dns-prefetch-control' found, with contents: on + Uncommon header 'x-application' found, with contents: shop + The site uses SSL and Expect-CT header is not present. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + Server banner has changed from 'nginx/9.5' to 'Varnish' which may suggest a WAF, load balancer or proxy is in place + "robots.txt" contains 3 entries which should be manually viewed. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack. + Server is using a wildcard certificate: *.myspreadshop.com + Allowed HTTP Methods: HEAD, GET, OPTIONS
My Pastes
* Vulnerability Report 1 GuestMob
 1 hour ago | 2.23 KB

Public Pastes
   * Weather Inheritance
 Python | 3 min ago | 1.33 KB

   * set d, f
 C++ | 10 min ago | 1.91 KB

   * Guinea Pig _ MidExamPrepar_ JS Fund.
 JavaScript | 19 min ago | 1.21 KB

   * ftlib_make
 Bash | 21 min ago | 1.78 KB

   * Permadeath reanim roblox
 Lua | 22 min ago | 4.90 KB

   * work - dig blocks
 Lua | 27 min ago | 1.71 KB

   * Kostik Iln Crosshair Circular Boundary
 Python | 33 min ago | 1.06 KB

   * Evos
 Python | 41 min ago | 2.64 KB

create new paste  /  syntax languages  /  archive  /  faq  /  tools  /  night mode  /  api  /  scraping api  /  news  /  pro
privacy statement  /  cookies policy  /  terms of serviceupdated  /  security disclosure  /  dmca  /  report abuse  /  contact


By using Pastebin.com you agree to our cookies policy to enhance your experience.
Site design & logo © 2022 Pastebin
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand