Robot | Path | Permission |
GoogleBot | / | ✔ |
BingBot | / | ✔ |
BaiduSpider | / | ✔ |
YandexBot | / | ✔ |
Title | Noob |
Description | Search Search This Blog Noob Ninja! - Infosec Writeups Posts Featured December 07, 2019 Spilling Local Files via XXE When HTTP OOB Fails REDIRECTING TO TH |
Keywords | N/A |
WebSite | noob.ninja |
Host IP | 3.33.152.147 |
Location | United States |
Site | Rank |
US$334,194
Last updated: 2023-05-02 11:14:18
noob.ninja has Semrush global rank of 31,671,179. noob.ninja has an estimated worth of US$ 334,194, based on its estimated Ads revenue. noob.ninja receives approximately 38,561 unique visitors each day. Its web server is located in United States, with IP address 3.33.152.147. According to SiteAdvisor, noob.ninja is safe to visit. |
Purchase/Sale Value | US$334,194 |
Daily Ads Revenue | US$309 |
Monthly Ads Revenue | US$9,255 |
Yearly Ads Revenue | US$111,056 |
Daily Unique Visitors | 2,571 |
Note: All traffic and earnings values are estimates. |
Host | Type | TTL | Data |
noob.ninja. | A | 599 | IP: 3.33.152.147 |
noob.ninja. | A | 599 | IP: 15.197.142.173 |
noob.ninja. | NS | 3600 | NS Record: ns47.domaincontrol.com. |
noob.ninja. | NS | 3600 | NS Record: ns48.domaincontrol.com. |
Search Search This Blog Noob Ninja! - Infosec Writeups Posts Featured December 07, 2019 Spilling Local Files via XXE When HTTP OOB Fails REDIRECTING TO THE NEW BLOG ... Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was not allowed & only DNS requests reached but the application throw verbose error messages of XML Parsing Discovery so while browsing through the application in Burp I realized app uses REST API over JSON at each endpoint. Next, I tried converting the Content-Type to application/xml and replayed one of the requests and found that the Application threw verbose error which revealed the Application Server(JBoss) and some other error details and It was clear the application was expecting to parse some XML but |
HTTP/1.1 405 Not Allowed Server: awselb/2.0 Date: Sun, 24 Oct 2021 21:27:10 GMT Content-Length: 0 Connection: keep-alive WAFRule: HTTPMethodNOTAllowed |
Domain Name: noob.ninja Registry Domain ID: a54e03b3a4394c76ae35d8f4b8eaccb2-DONUTS Registrar WHOIS Server: whois.godaddy.com/ Registrar URL: http://www.godaddy.com/domains/search.aspx?ci=8990 Updated Date: 2020-11-03T10:04:42Z Creation Date: 2017-09-19T10:04:14Z Registry Expiry Date: 2022-09-19T10:04:14Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: abuse@godaddy.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: none Registrant State/Province: Tripura Registrant Country: IN Name Server: ns47.domaincontrol.com Name Server: ns48.domaincontrol.com DNSSEC: unsigned >>> Last update of WHOIS database: 2021-09-13T03:11:50Z <<< |