Created
November 23, 2010 14:47
-
-
Save avances123/711867 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fabio@fa-casa:~$ nikto -host http://www.enricdurany.com/ | |
| - Nikto v2.1.1 | |
| --------------------------------------------------------------------------- | |
| + Target IP: 174.132.193.186 | |
| + Target Hostname: www.enricdurany.com | |
| + Target Port: 80 | |
| + Start Time: 2010-11-24 13:14:48 | |
| --------------------------------------------------------------------------- | |
| + Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 | |
| + robots.txt contains 2 entries which should be manually viewed. | |
| + No CGI Directories found (use '-C all' to force check all possible dirs) | |
| + Retrieved X-Powered-By header: PHP/5.2.14 | |
| + OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is "http://www.enricdurany.com./". | |
| + ETag header found on server, inode: 100308183, size: 43, mtime: 0x49231c5987b40 | |
| + FrontPage - http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html | |
| + Number of sections in the version string differ from those in the database, the server reports: frontpage/5.0.2.2635 while the database has: 5.0.4.3. This may cause false positives. | |
| + FrontPage/5.0.2.2635 appears to be outdated (current is at least 5.0.4.3) (may depend on server version) | |
| + ERROR: /vgn/asp/MetaDataUpdate returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /error/HTTP_NOT_FOUND.html.var returned an error: Total transaction timed out | |
| + ERROR: /webmail/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit. | |
| + ERROR: /sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script> returned an error: Total transaction timed out | |
| + /search.php?searchfor=\"><script>alert('Vulnerable');</script>: Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. | |
| + /phpimageview.php?pic=javascript:alert('Vulnerable'): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. | |
| + /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. | |
| + /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. | |
| + /forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. | |
| + ERROR: /_vti_pvt/botinfs.cnf returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + OSVDB-3233: /mailman/listinfo: Mailman was found on the server. | |
| + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content. | |
| + ERROR: /com/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. | |
| + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. | |
| + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. | |
| + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. | |
| + ERROR: /iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full returned an error: Total transaction timed out | |
| + OSVDB-3092: /cgi-sys/entropysearch.cgi: Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web | |
| + OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web | |
| + OSVDB-3092: /cgi-sys/mchat.cgi: Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web | |
| + OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web | |
| + ERROR: /pdf/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /certificado/ returned an error: error reading HTTP response | |
| + ERROR: /certificate returned an error: error reading HTTP response | |
| + ERROR: /cfdocs/exampleapp/email/application.cfm returned an error: error reading HTTP response | |
| + ERROR: /clientes/ returned an error: error reading HTTP response | |
| + ERROR: /cuenta/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + OSVDB-3092: /marketing/: This might be interesting... | |
| + ERROR: /pron/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing. | |
| + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing. | |
| + ERROR: /wksinst.nsf returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /infos/faq/index.asp returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /ldap.search.php3?ldap_serv=nonsense%20 returned an error: Total transaction timed out | |
| + ERROR: /screen.php returned an error: Total transaction timed out | |
| + ERROR: /admcgi/scripts/Fpadmcgi.exe returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /admin/db.php?dump_sql=1 returned an error: Total transaction timed out | |
| + ERROR: /syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script> returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + OSVDB-3093: /FCKeditor/editor/filemanager/browser/default/connectors/test.html: FCKeditor could allow files to be updated or edited by remote attackers. | |
| + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found. | |
| + /ampache/update.php: Ampache update page is visible. | |
| + ERROR: /re/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /ro/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /ru/ returned an error: opening stream: can't connect (timeout): Operación en curso | |
| + ERROR: /rw/ returned an error: error reading HTTP response | |
| + 3818 items checked: 29 item(s) reported on remote host | |
| + End Time: 2010-11-24 17:27:33 (15165 seconds) | |
| --------------------------------------------------------------------------- | |
| + 1 host(s) tested | |
| ********************************************************************* | |
| Portions of the server's ident string (mod_fcgid/2.3.5) are not in | |
| the Nikto database or is newer than the known string. Would you like | |
| to submit this information (*no server specific data*) to CIRT.net | |
| for a Nikto update (or you may email to [email protected]) (y/n)? | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment