Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > help with Nikto results...

Reply
Thread Tools

help with Nikto results...

 
 
Spaceman Spiff
Guest
Posts: n/a
 
      02-08-2004
Hi all,

I've been playing with Nikto and using it against my personal web
server. I get some results that I cannot find any information about in
my searching. Can anyone help give me an idea of what the /?Open line
indicates and help me understand why I'm seeing something for
MyWebServer when this is an apache web server. And one last thing, why
is there a hit for .htaccess/.htpasswd when I have those disabled in the
httpd.conf and there are no such files in any of my directory structure?
The results of the scan are;

+ Server: Apache/1.3.29 (Unix) mod_perl/1.28 PHP/4.3.4
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt - contains 19 'disallow' entries which should be manually
viewed (added to mutation file lists) (GET).
+ Apache/1.3.29 appears to be outdated (current is at least
Apache/2.0.47). Apache 1.3.28 is still maintained and considered secure.
+ mod_perl/1.28 appears to be outdated (current is at least 1.99_10)
+ PHP/4.3.4 appears to be outdated (current is at least 4.3.4RC2)
+ /.htaccess - Contains authorization information (GET)
+ /.htpasswd - Contains authorization information (GET)
+ /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow
remote file inclusions. Verify the current version is running. See
http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET)
+ /\"><img%20src=\"javascript:alert(document.domain)\ "> - The IBM Web
Traffic Express Caching Proxy is vulnerable to Cross Site Scripting
(XSS). CA-2000-02. (GET)
+ /?Open - This displays a list of all databases on the server. ĘDisable
this capability via server options. (GET)
+
/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx<font%20size=50>DEFACED<!--//--
- MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later
version. (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ 1987 items checked - 8 item(s) found on remote host(s)


Thanks
 
Reply With Quote
 
 
 
 
Doc
Guest
Posts: n/a
 
      02-13-2004
> I've been playing with Nikto and using it against my personal web
> server. I get some results that I cannot find any information about in
> my searching. Can anyone help give me an idea of what the /?Open line
> indicates and help me understand why I'm seeing something for
> MyWebServer when this is an apache web server. And one last thing, why
> is there a hit for .htaccess/.htpasswd when I have those disabled in the
> httpd.conf and there are no such files in any of my directory structure?




The /?Open line probably relates to one of the Domino tests. Grep
through the plugins and check. These kinds of web scanners are not
smart, they look for http 200 codes for successful downloads or http
40x codes for failed downloads and so do throw up the occasional false
positive, especially if the targets have customised non-rfc compliant
error pages.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Help Help Pentax S5i Help needed (Please) The Martian Digital Photography 14 06-20-2008 07:56 AM
HELP - HELP - HELP =?Utf-8?B?S2ltb24gSWZhbnRpZGlz?= ASP .Net 4 03-09-2006 12:46 PM
HELP WANTED HELP WANTED HELP WANTED Harvey ASP .Net 1 07-16-2004 01:12 PM
HELP WANTED HELP WANTED HELP WANTED Harvey ASP .Net 0 07-16-2004 10:00 AM
HELP! HELP! HELP! Opening Web Application Project Error =?Utf-8?B?dHJlbGxvdzQyMg==?= ASP .Net 0 02-20-2004 05:16 PM



Advertisments