Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - Nikto v2.1.5
- ---------------------------------------------------------------------------
- + Target IP: 90.156.201.42
- + Target Hostname: rexant-shop.ru
- + Target Port: 80
- + Start Time: 2016-10-17 18:37:47 (GMT3)
- ---------------------------------------------------------------------------
- + Server: Apache
- + Cookie PHPSESSID created without the httponly flag
- + The anti-clickjacking X-Frame-Options header is not present.
- + Server banner has changed from 'Apache' to 'nginx' which may suggest a WAF, load balancer or proxy is in place
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
- + /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-2820: /index.php?dir=<script>alert('Vulnerable')</script>: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
- + OSVDB-50552: /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
- + /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-50553: /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-50553: /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-38019: /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-25497: /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
- + OSVDB-12606: /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
- + OSVDB-2790: /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-3092: /news: This might be interesting...
- + Server leaks inodes via ETags, header found with file /icons/README, fields: 0x13f4 0x438c034968a80
- + OSVDB-3233: /icons/README: Apache default file found.
- + /admin/login.php: Admin login page/section found.
- + Cookie 226776f356d7ecf58b60bab12a05d38f created without the httponly flag
- + Cookie 21e558d425bf38e4a2473c40a5b0b2b9 created without the httponly flag
- + 6545 items checked: 0 error(s) and 23 item(s) reported on remote host
- + End Time: 2016-10-17 18:43:10 (GMT3) (323 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement