API tools faq
paste
anhkiet2507

Bài tập 1 cho Hải

anhkiet2507
Oct 26th, 2017
34,916
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. Bài tập: Cho kết quả Scan bằng Nikto dưới đây
  2. - Nikto v2.1.6
  3. ---------------------------------------------------------------------------
  4. + Target IP: 103.255.237.87
  5. + Target Hostname: tocotocotea.com
  6. + Target Port: 80
  7. + Start Time: 2017-10-26 21:26:42 (GMT7)
  8. ---------------------------------------------------------------------------
  9. + Server: Apache
  10. + Cookie PHPSESSID created without the httponly flag
  11. + Cookie language created without the httponly flag
  12. + Cookie currency created without the httponly flag
  13. + The anti-clickjacking X-Frame-Options header is not present.
  14. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  15. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  16. + /admin/config.php: PHP Config file may contain database IDs and passwords.
  17. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  18. + /securecontrolpanel/: Web Server Control Panel
  19. + /webmail/: Web based mail package installed.
  20. + /config.php: PHP Config file may contain database IDs and passwords.
  21. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
  22. + OSVDB-2117: /cpanel/: Web-based control panel
  23. + OSVDB-3092: /admin/: This might be interesting...
  24. + OSVDB-3092: /download/: This might be interesting...
  25. + /error_log: PHP include error may indicate local or remote file inclusion is possible.
  26. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
  27. + OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.
  28. + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
  29. Câu hỏi:
  30. a. Liệt kê những đường dẫn nhạy cảm của web mà ta đã dò được
  31. b. Phân tích mức độ nhạy cảm của từng đường dẫn
  32. Ví du: Đường dẫn /webmail/ cho ta biết, có 1 dịch vụ thư điện tử được cài trên máy chủ này
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!