Web scan using Nikto!

Download : http://cirt.net/nikto2
windows need activeperl : http://www.activestate.com/activeperl/

$./nikto.pl -h www.****.my
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP: ***.***.***.***
+ Target Hostname: www.****.my
+ Target Port: 80
+ Start Time: 2009-09-23 4:46:04
---------------------------------------------------------------------------
+ Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
+ OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.9
+ mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082.
+ OSVDB-0: GET /index.php?module=My_eGallery : My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: GET /admin/ : This might be interesting...
+ OSVDB-3093: GET /admin/index.php : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?base=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?IDAdmin=test : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?pymembs=admin : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?SqlQuery=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?tampon=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?topic=<script>alert(document.cookie)</script>%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 16 item(s) reported on remote host
+ End Time: 2009-09-23 5:09:05 (1396 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -h www.****.my
---------------------------------------------------------------------------
This might be interesting

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)