Robot | Path | Permission |
GoogleBot | / | ✔ |
BingBot | / | ✔ |
BaiduSpider | / | ✔ |
YandexBot | / | ✔ |
# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead. # Please see https://developer.wordpress.com/docs/firehose/ for more details. Sitemap: https://codewatch.org/sitemap.xml Sitemap: https://codewatch.org/news-sitemap.xml User-agent: * Disallow: /wp-admin/ Allow: /wp-admin/admin-ajax.php Disallow: /wp-login.php Disallow: /wp-signup.php Disallow: /press-this.php Disallow: /remote-login.php Disallow: /activate/ Disallow: /cgi-bin/ Disallow: /mshots/v1/ Disallow: /next/ Disallow: /public.api/ # This file was generated on Wed, 01 Feb 2023 04:36:31 |
Title | CodeWatch |
Description | CodeWatch Home PRTG < 18.2.39 Command Injection Vulnerability This post is as much about the penetration testing process and mindset as it is about the |
Keywords | N/A |
WebSite | codewatch.org |
Host IP | 91.134.221.6 |
Location | Bulgaria |
Site | Rank |
US$1,022,730
Last updated: 2023-05-06 04:14:50
codewatch.org has Semrush global rank of 10,349,074. codewatch.org has an estimated worth of US$ 1,022,730, based on its estimated Ads revenue. codewatch.org receives approximately 118,008 unique visitors each day. Its web server is located in Bulgaria, with IP address 91.134.221.6. According to SiteAdvisor, codewatch.org is safe to visit. |
Purchase/Sale Value | US$1,022,730 |
Daily Ads Revenue | US$945 |
Monthly Ads Revenue | US$28,322 |
Yearly Ads Revenue | US$339,861 |
Daily Unique Visitors | 7,868 |
Note: All traffic and earnings values are estimates. |
Host | Type | TTL | Data |
codewatch.org. | A | 86396 | IP: 91.134.221.6 |
codewatch.org. | NS | 86400 | NS Record: ns2.netschematics.com. |
codewatch.org. | NS | 86400 | NS Record: ns1.netschematics.com. |
codewatch.org. | MX | 86400 | MX Record: 0 mail.spiralsecurity.com. |
codewatch.org. | TXT | 3600 | TXT Record: v=spf1 mx:spiralsecurity.com a:mail.spiralsecurity.com ip4:91.134.221.7 -all |
codewatch.org. | TXT | 3600 | TXT Record: MS=ms71471835 |
CodeWatch Home PRTG < 18.2.39 Command Injection Vulnerability This post is as much about the penetration testing process and mindset as it is about the vulnerability I discovered in a network monitoring program called PRTG Network Monitor . This vulnerability was discovered and reported to Paessler AG, the company that develops the application. I agreed to wait at least 90 days to disclose the vulnerability, to give the company time to fix it and their customer’s time to apply the patch. The patch was released on April 20, 2018 and the vulnerability was assigned a CVE of CVE-2018-9276. More details on the release can be found here . I finally have time to disclose this issue. I was performing a penetration test recently and really hadn’t found much on the scoped servers and other systems, so I began reviewing accessible services and applications to target for default/weak credential testing. I was browsing through the available web applications and came across the PRTG network |
HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 26 Oct 2021 19:50:56 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Keep-Alive: timeout=60 Location: https://www.codewatch.org/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: www.codewatch.org X-Permitted-Cross-Domain-Policies: master-only HTTP/1.1 200 OK Server: nginx Date: Tue, 26 Oct 2021 19:50:58 GMT Content-Type: text/html; charset=ISO-8859-1 Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: www.codewatch.org X-Permitted-Cross-Domain-Policies: master-only |
Domain Name: CODEWATCH.ORG Registry Domain ID: D169604756-LROR Registrar WHOIS Server: whois.godaddy Registrar URL: http://www.whois.godaddy.com Updated Date: 2021-09-07T16:10:58Z Creation Date: 2013-09-06T02:05:44Z Registry Expiry Date: 2022-09-06T02:05:44Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Registrant Organization: Domains By Proxy, LLC Registrant State/Province: Arizona Registrant Country: US Name Server: NS1.NETSCHEMATICS.COM Name Server: NS2.NETSCHEMATICS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/) >>> Last update of WHOIS database: 2021-09-14T19:07:28Z <<< |