CWE-200, Information Disclosure, DORK, GHDB, BHDB REPORT SUMMARY for rankmyhack.com

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.rankmyhack.com/
SCAN DATE
 9/6/2011 6:05:15 PM
REPORT DATE
 9/7/2011 7:49:10 PM
SCAN DURATION
 00:04

Total Requests

29

Average Speed

req/sec.
14
identified
2
confirmed
0
critical
6
informational

SETTINGS

Scan Settings
PROFILE
 Previous Settings
ENABLED Test
 Static Tests
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
7 %
LOW
50 %
INFORMATION
43 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/images/ Directory Listing (Apache) No
/includes/indexheader.php [Possible] Internal Path Leakage (*nix) No
/includes/nomenu.php Programming Error Message No
[Possible] Internal Path Leakage (*nix) No
/includes/standardheader.php [Possible] Internal Path Leakage (*nix) No
/login.php Password Transmitted Over HTTP Yes
Auto Complete Enabled Yes
/sitemap.xml Apache Version Disclosure No
PHP Version Disclosure No
OpenSSL Version Disclosure No
Apache Module Version Disclosure No
Frontpage Version Disclosure No
Sitemap Identified No
/userview.php E-mail Address Disclosure No
Password Transmitted Over HTTP

Password Transmitted Over HTTP
1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

Classification

OWASP A9 PCI v1.2-6.5.9 PCI v2.0-6.5.4 CWE-311 WASC-04
- /login.php

/login.php CONFIRMED

http://www.rankmyhack.com/login.php

Form target action

mshtml.HTMLInputElementClass

Request

GET /login.php HTTP/1.1
Referer: http://www.rankmyhack.com/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 5382
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"> <a href=./index.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HOME]</a> <a href=./leaderboard.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LEADER_BOARD]</a> <a href=./hacks.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HACKS]</a> <a href=./bounties.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[BOUNTIES]</a> <a href=./tutorials.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[RESOURCES]</a> <a href=./duel.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[DUELS]</a> <a href=./submit.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[SUBMIT_HACK]</a> <a href=./warroom.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[WAR_ROOM]</a> <a href=./login.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LOGIN/REGISTER]</a></div><div style="position:absolute;border:1px solid green;background-color:black;width:800px;left:50%;margin-left:-400px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><tr><td class="spacer" colspan=5 align=center><br></td></tr> <!--in the black main box--> <tr><td class=spacer align=right><table width=300 cellpadding=0 cellspacing=0 border=0 ><tr><td class=topleft width=16 height=16></td><td class=topmiddle align=center><h1>[REGISTER]</h1></td><td class=topright width=16 height=16></td></tr><tr><form action="./login.php" method="POST"> <td class=leftmiddle width=16></td> <td align=center > <p>Register as a RankMyHack user.</p><br> <p>EMAIL</p><input type=text name=email id=email> <p>USERNAME</p><input type=text name=username id=username> <input type=hidden name=action value=register> <br><input type=submit value=Register> <br><p>(Requires A Valid Email Address)</p> </td> <td class=rightmiddle width=10></td></form></tr><tr> <td class=bottomleft width=16 height=20></td> <td class=bottommiddle></td> <td class=bottomright width=16 height=20></td></tr></table></td><td class=spacer align=left><table align=center width=400 cellpadding=0 cellspacing=0 border=0 ><tr><td class=topleft width=16 height=16></td><td class=topmiddle align=center><h1>[LOGIN]</h1></td><td class=topright width=16 height=16></td></tr><tr> <form action="./login.php" method=POST> <td class=leftmiddle width=16></td> <td align=center> <p>Login to view your RankMyHack UserCP.</p><br> <p>USER:</p><input type=text size=22 id=username name=username> <p>PASS:</p><input type=password size=22 id=password name=password> <input type=hidden name="action" value="login"> <br><input type=submit value=Login> <br><a href=./passreset.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">Forgotten Your Password?</a> </td> </form> <td class=rightmiddle width=10></td></tr><tr> <td class=bottomleft width=16 height=20></td> <td class=bottommiddle></td> <td class=bottomright width=16 height=20></td></tr></table></td></tr> </tr> <tr><td class="spacer"><br></td></tr><tr><td align=center colspan=10 class="spacer"><!-- AddToAny BEGIN --><a class="a2a_dd" href="http://www.addtoany.com/share_save?linkurl=http%3A%2F%2Fwww.rankmyhack.com&linkname=RankMyHack.Com%20-%20The%20Hacker%20Ranking%20System"><img src="./images/share_save_171_16.png" width="171" height="16" border="0" alt="Share"/></a><script type="text/javascript">var a2a_config = a2a_config || {};a2a_config.linkname = "RankMyHack.Com - The Hacker Ranking System";a2a_config.linkurl = "http://www.rankmyhack.com";</script><script type="text/javascript" src="./includes/page.js"></script><!-- AddToAny END --></td></tr><tr><td colspan=10 align=center class="spacer"><p class=subtle>© RankMyHack.Com by s0lar ©<br><a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./rules.php>Rules & Disclaimer</a>- <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./about.php>About</a> - <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./contact.php>Contact</a> - <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href="./contact.php?subject='Advertising Enquiry'">Advertising</a></p></td></tr></table></div></html>
Auto Complete Enabled

Auto Complete Enabled
1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /login.php

/login.php CONFIRMED

http://www.rankmyhack.com/login.php

Identified Field Name

password

Request

GET /login.php HTTP/1.1
Referer: http://www.rankmyhack.com/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 5382
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"> <a href=./index.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HOME]</a> <a href=./leaderboard.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LEADER_BOARD]</a> <a href=./hacks.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HACKS]</a> <a href=./bounties.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[BOUNTIES]</a> <a href=./tutorials.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[RESOURCES]</a> <a href=./duel.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[DUELS]</a> <a href=./submit.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[SUBMIT_HACK]</a> <a href=./warroom.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[WAR_ROOM]</a> <a href=./login.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LOGIN/REGISTER]</a></div><div style="position:absolute;border:1px solid green;background-color:black;width:800px;left:50%;margin-left:-400px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><tr><td class="spacer" colspan=5 align=center><br></td></tr> <!--in the black main box--> <tr><td class=spacer align=right><table width=300 cellpadding=0 cellspacing=0 border=0 ><tr><td class=topleft width=16 height=16></td><td class=topmiddle align=center><h1>[REGISTER]</h1></td><td class=topright width=16 height=16></td></tr><tr><form action="./login.php" method="POST"> <td class=leftmiddle width=16></td> <td align=center > <p>Register as a RankMyHack user.</p><br> <p>EMAIL</p><input type=text name=email id=email> <p>USERNAME</p><input type=text name=username id=username> <input type=hidden name=action value=register> <br><input type=submit value=Register> <br><p>(Requires A Valid Email Address)</p> </td> <td class=rightmiddle width=10></td></form></tr><tr> <td class=bottomleft width=16 height=20></td> <td class=bottommiddle></td> <td class=bottomright width=16 height=20></td></tr></table></td><td class=spacer align=left><table align=center width=400 cellpadding=0 cellspacing=0 border=0 ><tr><td class=topleft width=16 height=16></td><td class=topmiddle align=center><h1>[LOGIN]</h1></td><td class=topright width=16 height=16></td></tr><tr> <form action="./login.php" method=POST> <td class=leftmiddle width=16></td> <td align=center> <p>Login to view your RankMyHack UserCP.</p><br> <p>USER:</p><input type=text size=22 id=username name=username> <p>PASS:</p><input type=password size=22 id=password name=password> <input type=hidden name="action" value="login"> <br><input type=submit value=Login> <br><a href=./passreset.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">Forgotten Your Password?</a> </td> </form> <td class=rightmiddle width=10></td></tr><tr> <td class=bottomleft width=16 height=20></td> <td class=bottommiddle></td> <td class=bottomright width=16 height=20></td></tr></table></td></tr> </tr> <tr><td class="spacer"><br></td></tr><tr><td align=center colspan=10 class="spacer"><!-- AddToAny BEGIN --><a class="a2a_dd" href="http://www.addtoany.com/share_save?linkurl=http%3A%2F%2Fwww.rankmyhack.com&linkname=RankMyHack.Com%20-%20The%20Hacker%20Ranking%20System"><img src="./images/share_save_171_16.png" width="171" height="16" border="0" alt="Share"/></a><script type="text/javascript">var a2a_config = a2a_config || {};a2a_config.linkname = "RankMyHack.Com - The Hacker Ranking System";a2a_config.linkurl = "http://www.rankmyhack.com";</script><script type="text/javascript" src="./includes/page.js"></script><!-- AddToAny END --></td></tr><tr><td colspan=10 align=center class="spacer"><p class=subtle>© RankMyHack.Com by s0lar ©<br><a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./rules.php>Rules & Disclaimer</a>- <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./about.php>About</a> - <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href=./contact.php>Contact</a> - <a style="font-size:7pt;" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''" href="./contact.php?subject='Advertising Enquiry'">Advertising</a></p></td></tr></table></div></html>
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Extracted Version

2.2.19

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Extracted Version

PHP/5.2.17

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
OpenSSL Version Disclosure

OpenSSL Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing OpenSSL version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks.

Impact

An attacker can look for specific security vulnerabilities for the identified version. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Extracted Version

OpenSSL/0.9.8e-fips-rhel5

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
Apache Module Version Disclosure

Apache Module Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing one of the Apache modules version. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can look for specific security vulnerabilities for the identified Apache module version. The attacker can also use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Extracted Version

mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
Frontpage Version Disclosure

Frontpage Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the FrontPage version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from headers of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Extracted Version

FrontPage/5.0.2.2635

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
Programming Error Message

Programming Error Message
1 TOTAL
LOW
Netsparker identified a programming error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. type data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.

Remedy

Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log, text file or database then show this number and a static user-friendly error message to the user.

Classification

OWASP A6 PCI v1.2-6.5.6 PCI v2.0-6.5.5 CWE-200 CAPEC-118 WASC-13
- /includes/nomenu.php

/includes/nomenu.php

http://www.rankmyhack.com/includes/nomenu.php

Identified Error Message

  • <b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b>
  • <b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening './includes/cron.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b>

Request

GET /includes/nomenu.php HTTP/1.1
Referer: http://www.rankmyhack.com/includes/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:14 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 1570
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"><br></div><div style="position:absolute;border:1px solid green;background-color:black;width:850px;left:50%;margin-left:-425px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br /><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br /><br /><b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening './includes/cron.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br />
Directory Listing (Apache)

Directory Listing (Apache)
1 TOTAL
INFORMATION
The web server responded with a list of files located in the target directory.

Impact

An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.

Actions to Take

  1. See the remedy for solution.
  2. Configure the web server to disallow directory listing requests.
  3. This can also be caused the web server products that don't have latest security patches. Ensure that all of the patches have been applied.

Remedy

Change your httpd.conf file. A secure configuration for the requested directory should be similar to the following one: 
<Directory /{YOUR DIRECTORY}>
	Options FollowSymLinks 
</Directory>
Remove the Indexes option from configuration. Do not forget to remove MultiViews as well.

External References

Classification

OWASP A6 PCI v1.2-6.5.6 CWE-548 CAPEC-127 WASC-16
- /images/

/images/

http://www.rankmyhack.com/images/

Request

GET /images/ HTTP/1.1
Referer: http://www.rankmyhack.com/images/favicon.png
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Content-Length: 987
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html> <head> <title>Index of /images</title> </head> <body><h1>Index of /images</h1><ul><li><a href="/"> Parent Directory</a></li><li><a href="Screenshot.png"> Screenshot.png</a></li><li><a href="background.jpg"> background.jpg</a></li><li><a href="banner.png"> banner.png</a></li><li><a href="banner_ad.png"> banner_ad.png</a></li><li><a href="captcha_background.png"> captcha_background.png</a></li><li><a href="corners/"> corners/</a></li><li><a href="defaultdp.jpg"> defaultdp.jpg</a></li><li><a href="favicon.png"> favicon.png</a></li><li><a href="fuck-you.jpg"> fuck-you.jpg</a></li><li><a href="share_save_171_16.png"> share_save_171_16.png</a></li><li><a href="stop.png"> stop.png</a></li></ul><address>Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17 Server at www.rankmyhack.com Port 80</address></body></html>
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /userview.php

/userview.php

http://www.rankmyhack.com/userview.php?user=withkrystal

Found E-mails

withkrystal@naver.com

Request

GET /userview.php?user=withkrystal HTTP/1.1
Referer: http://www.rankmyhack.com/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Transfer-Encoding: chunked
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title>RankMyHack.Com - The Hacker Ranking System - User Viewer - withkrystal</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"> <a href=./index.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HOME]</a> <a href=./leaderboard.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LEADER_BOARD]</a> <a href=./hacks.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HACKS]</a> <a href=./bounties.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[BOUNTIES]</a> <a href=./tutorials.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[RESOURCES]</a> <a href=./duel.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[DUELS]</a> <a href=./submit.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[SUBMIT_HACK]</a> <a href=./warroom.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[WAR_ROOM]</a><a href=./login.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LOGIN/REGISTER]</a></div><div style="position:absolute;border:1px solid green;background-color:black;width:850px;left:50%;margin-left:-425px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><table width=85% align=center cellpadding=0 cellspacing=0 border=0><tr><td class=topleft width=16 height=16></td><td colspan=6 class=topmiddle align=center><h1>[USER_STATS - withkrystal]</h1></td><td class=topright width=16 height=16></td></tr><tr class=header > <td class=leftmiddle width=16 ></td> <td rowspan=3 padding=0 align=center><img align=center padding=0 src= ./images/defaultdp.jpg width=65 height=65></p></td> <td align=center ><p>[Name]</p></td> <td align=center><p>[Site_Rank]</p></td> <td align=center><p>[Ranking_Points]</p></td> <td align=center><p>[No._Sites_Hacked]</p></td> <td align=center><p>[Date_Joined]</p></td> <td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"> <td class=leftmiddle width=16 ></td> <td align=center><p>withkrystal</p></td> <td align=center><p>8/353</p></td> <td align=center><p>1327994</p></td> <td align=center><p>27</td> <td align=center><p>1st of September 2011</p></td> <td class=rightmiddle width=10></td></tr><tr> <td class=leftmiddle width=16 ></td> <td align=center style="background-color:#004000;"><p>[Tag_Line]</p></td> <td colspan=4 align=center bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><p>Programming Team_perfxtion contact:withkrystal@naver.com</p></td> <td class=rightmiddle width=10></td></tr><tr><td class=bottomleft width=16 height=20></td><td class=bottommiddle colspan=6></td><td class=bottomright width=16 height=20></td></tr></table><br><table width=85% align=center cellpadding=0 cellspacing=0 border=0 ><tr><td class=topleft width=16 height=16></td><td colspan=6 align=center class=topmiddle><p>[SITES_HACKED_BY withkrystal]</p></td><td class=topright width=16 height=16></td></tr><tr class="header"><td class=leftmiddle width=16 ></td><td align=center colspan=3><p>[Date]</p></td><td colspan=2 align=center ><p>[Site]</p></td><td colspan=1 align=center ><p>[Ranking_Points]</p></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.com.ne.kr" target="_new"><p>1st of September 2011 06:49:34 PM</p></a></td><td colspan=2 align=center ><a href="http://www.com.ne.kr" target="_new"><p>com.ne.kr</p></a></td><td align=center ><a href="http://www.com.ne.kr" target="_new"><p>2609</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.woobi.co.kr" target="_new"><p>1st of September 2011 06:52:33 PM</p></a></td><td colspan=2 align=center ><a href="http://www.woobi.co.kr" target="_new"><p>woobi.co.kr</p></a></td><td align=center ><a href="http://www.woobi.co.kr" target="_new"><p>157</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.cafe24.com" target="_new"><p>1st of September 2011 07:00:56 PM</p></a></td><td colspan=2 align=center ><a href="http://www.cafe24.com" target="_new"><p>cafe24.com</p></a></td><td align=center ><a href="http://www.cafe24.com" target="_new"><p>52374</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.naver.net" target="_new"><p>1st of September 2011 07:04:48 PM</p></a></td><td colspan=2 align=center ><a href="http://www.naver.net" target="_new"><p>naver.net</p></a></td><td align=center ><a href="http://www.naver.net" target="_new"><p>4013</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.dcinside.com" target="_new"><p>1st of September 2011 07:12:54 PM</p></a></td><td colspan=2 align=center ><a href="http://www.dcinside.com" target="_new"><p>dcinside.com</p></a></td><td align=center ><a href="http://www.dcinside.com" target="_new"><p>61779</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.skhs.hs.kr" target="_new"><p>1st of September 2011 07:31:35 PM</p></a></td><td colspan=2 align=center ><a href="http://www.skhs.hs.kr" target="_new"><p>skhs.hs.kr</p></a></td><td align=center ><a href="http://www.skhs.hs.kr" target="_new"><p>0</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.humoruniv.com" target="_new"><p>1st of September 2011 07:40:01 PM</p></a></td><td colspan=2 align=center ><a href="http://www.humoruniv.com" target="_new"><p>humoruniv.com</p></a></td><td align=center ><a href="http://www.humoruniv.com" target="_new"><p>3655</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.webgamech.com" target="_new"><p>1st of September 2011 07:56:46 PM</p></a></td><td colspan=2 align=center ><a href="http://www.webgamech.com" target="_new"><p>webgamech.com</p></a></td><td align=center ><a href="http://www.webgamech.com" target="_new"><p>97</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.gameangel.com" target="_new"><p>1st of September 2011 08:00:12 PM</p></a></td><td colspan=2 align=center ><a href="http://www.gameangel.com" target="_new"><p>gameangel.com</p></a></td><td align=center ><a href="http://www.gameangel.com" target="_new"><p>1874</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.blueweb.co.kr" target="_new"><p>2nd of September 2011 11:26:13 AM</p></a></td><td colspan=2 align=center ><a href="http://www.blueweb.co.kr" target="_new"><p>blueweb.co.kr</p></a></td><td align=center ><a href="http://www.blueweb.co.kr" target="_new"><p>1609</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.ygosu.com" target="_new"><p>2nd of September 2011 11:33:22 AM</p></a></td><td colspan=2 align=center ><a href="http://www.ygosu.com" target="_new"><p>ygosu.com</p></a></td><td align=center ><a href="http://www.ygosu.com" target="_new"><p>1387</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.gigap.net" target="_new"><p>2nd of September 2011 11:54:59 AM</p></a></td><td colspan=2 align=center ><a href="http://www.gigap.net" target="_new"><p>gigap.net</p></a></td><td align=center ><a href="http://www.gigap.net" target="_new"><p>35</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.sw100.net" target="_new"><p>2nd of September 2011 12:00:56 PM</p></a></td><td colspan=2 align=center ><a href="http://www.sw100.net" target="_new"><p>sw100.net</p></a></td><td align=center ><a href="http://www.sw100.net" target="_new"><p>12</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.upschool.net" target="_new"><p>2nd of September 2011 12:54:55 PM</p></a></td><td colspan=2 align=center ><a href="http://www.upschool.net" target="_new"><p>upschool.net</p></a></td><td align=center ><a href="http://www.upschool.net" target="_new"><p>69</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.cb21.net" target="_new"><p>2nd of September 2011 02:13:57 PM</p></a></td><td colspan=2 align=center ><a href="http://www.cb21.net" target="_new"><p>cb21.net</p></a></td><td align=center ><a href="http://www.cb21.net" target="_new"><p>55</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.kostat.go.kr" target="_new"><p>2nd of September 2011 02:23:34 PM</p></a></td><td colspan=2 align=center ><a href="http://www.kostat.go.kr" target="_new"><p>kostat.go.kr</p></a></td><td align=center ><a href="http://www.kostat.go.kr" target="_new"><p>374</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.handong.edu" target="_new"><p>2nd of September 2011 02:57:54 PM</p></a></td><td colspan=2 align=center ><a href="http://www.handong.edu" target="_new"><p>handong.edu</p></a></td><td align=center ><a href="http://www.handong.edu" target="_new"><p>100124</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.edu.co.nz" target="_new"><p>2nd of September 2011 04:07:58 PM</p></a></td><td colspan=2 align=center ><a href="http://www.edu.co.nz" target="_new"><p>edu.co.nz</p></a></td><td align=center ><a href="http://www.edu.co.nz" target="_new"><p>100000</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.ddu.ac.kr" target="_new"><p>2nd of September 2011 04:09:33 PM</p></a></td><td colspan=2 align=center ><a href="http://www.ddu.ac.kr" target="_new"><p>ddu.ac.kr</p></a></td><td align=center ><a href="http://www.ddu.ac.kr" target="_new"><p>0</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMouseOver="bgColor='green';" onMouseOut="bgColor='000000';"><td class=leftmiddle width=16 ></td><td align=center colspan=3 ><a href="http://www.pusan.ac.kr" target="_new"><p>2nd of September 2011 04:53:40 PM</p></a></td><td colspan=2 align=center ><a href="http://www.pusan.ac.kr" target="_new"><p>pusan.ac.kr</p></a></td><td align=center ><a href="http://www.pusan.ac.kr" target="_new"><p>1419</p></a></td><td class=rightmiddle width=10></td></tr><tr bgcolor="000000" onMou..
Sitemap Identified

Sitemap Identified
1 TOTAL
INFORMATION
Netsparker identified Sitemap file on the target web site. This issue is reported as extra information.

Impact

This issue is reported as extra information, there is no direct impact resulting from this.
- /sitemap.xml

/sitemap.xml

http://www.rankmyhack.com/sitemap.xml

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:13 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Last-Modified: Tue, 19 Jul 2011 21:50:06 GMT
ETag: "2a50002-207f-4a873194c9f80"
Accept-Ranges: bytes
Content-Length: 8319
Content-Type: application/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.rankmyhack.com/</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/index.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/leaderboard.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/hacks.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/bounties.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/submit.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/warroom.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=&lt;script&gt;</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/rules.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/about.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Advertising%20Enquiry'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/userview.php?user=Legend</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=bounty</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/contact.php?subject='Potential%20Resource%20Submission'</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?tutid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?comid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=1</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=4</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=5</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=7</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=6</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=3</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/tutorials.php?toolid=2</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=duel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=submit</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/login.php?r=warroom</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/passreset.php</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=UnknownAX</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Codeine</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=s0lar</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=gamemaster</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Daniel</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Novatic</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prariredog</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Prodigy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Bacardi</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Gh0sT</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=HaxOr</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=MrSpy</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=L1LJM0n3y</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=~!White!~</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Virus</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=sputniq</loc> <changefreq>always</changefreq></url><url> <loc>http://www.rankmyhack.com/duel.php?vs=Legend</loc> <changefreq>always</changefreq></url></urlset>
[Possible] Internal Path Leakage (*nix)

[Possible] Internal Path Leakage (*nix)
3 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

External References

Classification

PCI v1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
- /includes/nomenu.php

/includes/nomenu.php

http://www.rankmyhack.com/includes/nomenu.php

Identified Internal Path(s)

  • /home/rankmyha/public_html/includes/nomenu.php
  • /usr/lib/php:/usr/local/lib/php

Request

GET /includes/nomenu.php HTTP/1.1
Referer: http://www.rankmyhack.com/includes/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:14 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 1570
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"><br></div><div style="position:absolute;border:1px solid green;background-color:black;width:850px;left:50%;margin-left:-425px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br /><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br /><br /><b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening './includes/cron.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/rankmyha/public_html/includes/nomenu.php</b> on line <b>62</b><br />
- /includes/indexheader.php

/includes/indexheader.php

http://www.rankmyhack.com/includes/indexheader.php

Identified Internal Path(s)

  • /home/rankmyha/public_html/includes/indexheader.php
  • /usr/lib/php:/usr/local/lib/php

Request

GET /includes/indexheader.php HTTP/1.1
Referer: http://www.rankmyhack.com/includes/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:14 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 2945
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;width:100%;"> <a href=./index.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HOME]</a> <a href=./leaderboard.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LEADER_BOARD]</a> <a href=./hacks.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HACKS]</a> <a href=./bounties.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[BOUNTIES]</a> <a href=./tutorials.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[RESOURCES]</a> <a href=./duel.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[DUELS]</a> <a href=./submit.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[SUBMIT_HACK]</a> <a href=./warroom.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[WAR_ROOM]</a><a href=./login.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LOGIN/REGISTER]</a></div><div style="position:absolute;border:1px solid green;background-color:black;width:850px;left:50%;margin-left:-425px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/indexheader.php</b> on line <b>48</b><br /><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/indexheader.php</b> on line <b>48</b><br /><br /><b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening './includes/cron.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/rankmyha/public_html/includes/indexheader.php</b> on line <b>48</b><br /><tr><td class=spacer colspan=2<p style="margin-top:0;margin-bottom:0;font-family:Verdana;font-size:10px;letter-spacing:1px;font-weight: bold;color:red;"></p></td></tr>
- /includes/standardheader.php

/includes/standardheader.php

http://www.rankmyhack.com/includes/standardheader.php

Identified Internal Path(s)

  • /home/rankmyha/public_html/includes/standardheader.php
  • /usr/lib/php:/usr/local/lib/php

Request

GET /includes/standardheader.php HTTP/1.1
Referer: http://www.rankmyhack.com/includes/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.rankmyhack.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 18:05:14 GMT
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Content-Length: 2777
Content-Type: text/html


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="DESCRIPTION" content="RankMyHack.com - The worlds first hacker ranking system, compete with the worlds elite to become the prove yourself as the worlds best hacker."><meta name="KEYWORDS" content="worlds,best,hacker,hack,ranking,elite,website,hackers,defacers,tutorials,hacking"><LINK REL="SHORTCUT ICON" HREF="/images/favicon.png"><link rel="stylesheet" type="text/css" href="standard_style.css" /></head><center></center><div align=center style="position:absoulte;top:0px;"> <a href=./index.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HOME]</a> <a href=./leaderboard.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LEADER_BOARD]</a> <a href=./hacks.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[HACKS]</a> <a href=./bounties.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[BOUNTIES]</a> <a href=./tutorials.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[RESOURCES]</a> <a href=./duel.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[DUELS]</a> <a href=./submit.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[SUBMIT_HACK]</a> <a href=./warroom.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[WAR_ROOM]</a><a href=./login.php onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration=''">[LOGIN/REGISTER]</a></div><div style="position:absolute;border:1px solid green;background-color:black;width:850px;left:50%;margin-left:-425px;margin-right:auto ;text-align:center;"><img src="./images/banner.png"></img><table align=center width=95% cellpadding=0 cellspacing=0 border=0 ><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/standardheader.php</b> on line <b>79</b><br /><br /><b>Warning</b>: include(./includes/cron.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/rankmyha/public_html/includes/standardheader.php</b> on line <b>79</b><br /><br /><b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening './includes/cron.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/rankmyha/public_html/includes/standardheader.php</b> on line <b>79</b><br />