Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 172.16.162.142
- + Target Hostname: 172.16.162.142
- + Target Port: 80
- + Start Time: 2017-05-29 14:51:28 (GMT0)
- ---------------------------------------------------------------------------
- + Server: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch mod_python/3.3.1 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1
- + Server leaks inodes via ETags, header found with file /, inode: 289297, size: 23832, mtime: Tue Jul 24 02:39:30 2012
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + OSVDB-3268: /cgi-bin/: Directory indexing found.
- + Uncommon header 'tcn' found, with contents: list
- + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.css, index.html
- + PHP/5.3.2-1ubuntu4.5 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
- + mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
- + Python/2.6.5 appears to be outdated (current is at least 2.7.5)
- + Perl/v5.10.1 appears to be outdated (current is at least v5.14.2)
- + mod_mono/2.4.3 appears to be outdated (current is at least 2.8)
- + Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
- + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
- + Cookie phpbb2owaspbwa_data created without the httponly flag
- + Cookie phpbb2owaspbwa_sid created without the httponly flag
- + Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.5
- + OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
- + OSVDB-3268: /test/: Directory indexing found.
- + OSVDB-3092: /test/: This might be interesting...
- + OSVDB-3092: /cgi-bin/: This might be interesting... possibly a system shell found.
- + OSVDB-3268: /icons/: Directory indexing found.
- + OSVDB-3268: /images/: Directory indexing found.
- + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
- + OSVDB-3233: /icons/README: Apache default file found.
- + Cookie PHPSESSID created without the httponly flag
- + /tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=http://cirt.net/rfiinc.txt?: Output from the phpinfo() function was found.
- + OSVDB-40478: /tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=http://cirt.net/rfiinc.txt?: TikiWiki contains a vulnerability which allows remote attackers to execute arbitrary PHP code.
- + /wordpress/: A Wordpress installation was found.
- + /phpmyadmin/: phpMyAdmin directory found
- + OSVDB-3092: /phpmyadmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
- + 8497 requests: 1 error(s) and 32 item(s) reported on remote host
- + End Time: 2017-05-29 14:52:03 (GMT0) (35 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement