Code-Bin #143

untitled PHP Code
Posted by: meh2 | March 16, 2008 @ 8:30am

PHP Code

bt nikto # ./nikto.pl -h www.skilled.com.au
---------------------------------------------------------------------------
- Nikto 2.01/2.01     -     cirt.net
+ Target IP:       144.140.33.197
+ Target Hostname: www.skilled.com.au
+ Target Port:     80
+ Start Time:      2008-03-17 21:14:09
---------------------------------------------------------------------------
+ Server: Microsoft-IIS/5.0
- Retrieved X-Powered-By header: ASP.NET
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and sho
uld be disabled. This message does not mean it is vulnerable to XST.
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ OSVDB-877: HTTP method ('Public' Header): 'TRACE' is typically only used for debugging and sh
ould be disabled. This message does not mean it is vulnerable to XST.
+ Microsoft-IIS/5.0 appears to be outdated (4.0 for NT 4, 5.0 for Win2k)
+ OSVDB-0: GET /servlet/com.unify.servletexec.UploadServlet : This servlet allows attackers to
upload files to the server.
+ OSVDB-0: GET /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter : Allaire Coldfusion allows
 jsp source viewed through a vulnerable SSI call.
+ OSVDB-0: GET /servlet/SchedulerTransfer : PeopleSoft SchedulerTransfer servlet found, which m
ay allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp
?oid=21999
+ OSVDB-0: GET /servlet/sunexamples.BBoardServlet : This default servlet lets attackers execute
 arbitrary commands.
+ OSVDB-0: GET /junk.aspx : ASP.net reveals its version in invalid .aspx error messages.
+ OSVDB-0: GET /servlet/SessionManager : IBM WebSphere reconfigure servlet (user=servlet, password=mana
ger). All default code should be removed from servers.
+ OSVDB-0: GET /servlet/allaire.jrun.ssi.SSIFilter : Allaire Coldfusion allows jsp source viewed throug
h a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-1
2.html.
+ OSVDB-3092: GET /_vti_pvt/deptodoc.btr : FrontPage file found. This may contain useful information.
+ OSVDB-3092: GET /_vti_pvt/doctodep.btr : FrontPage file found. This may contain useful information.
+ OSVDB-473: GET /_vti_pvt/access.cnf : Contains HTTP server-specific access control information, remov
e or ACL if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/service.cnf : Contains meta-information about the web server, remove or ACL
if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/services.cnf : Contains the list of subwebs, remove or ACL if FrontPage is n
ot being used. May reveal server version if Admin has changed it.
+ OSVDB-473: GET /_vti_pvt/linkinfo.cnf : IIS file shows http links on and off site. Might show host tr
ust relationships and other machines on network.
+ OSVDB-877: TRACK / : TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http:
//www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurit
y.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-3233: GET /servlet/Counter : JRun default servlet found. All default code should be removed fro
m servers.
+ OSVDB-3233: GET /servlet/DateServlet : JRun default servlet found. All default code should be removed
 from servers.
+ OSVDB-3233: GET /servlet/FingerServlet : JRun default servlet found. All default code should be remov      ed from servers.
+ OSVDB-3233: GET /servlet/HelloWorldServlet : JRun default servlet found. All default code should be r      emoved from servers.
+ OSVDB-3233: GET /servlet/SessionServlet : JRun or Netware WebSphere default servlet found. All defaul      t code should be removed from servers.
+ OSVDB-3233: GET /servlet/SimpleServlet : JRun default servlet found (possibly Websphere). All default       code should be removed from servers.
+ OSVDB-3233: GET /servlet/SnoopServlet : JRun, Netware Java Servlet Gateway, or WebSphere default serv      let found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/AdminServlet : Netware Web Search Server (adminservlet) found. All default c      ode should be removed from web servers.
+ OSVDB-3233: GET /servlet/gwmonitor : Netware Gateway monitor found. All default code should be remove      d from web servers.
+ OSVDB-3233: GET /servlet/PrintServlet : Novell Netware default servlet found. All default code should       be removed from the system.
+ OSVDB-3233: GET /servlet/SearchServlet : Novell Netware default servlet found. All default code shoul      d be removed from the system.
+ OSVDB-3233: GET /servlet/ServletManager : Netware Java Servlet Gateway found. Default user id is serv      let, default password is manager. All default code should be removed from Internet servers.
+ OSVDB-3233: GET /servlet/sq1cdsn : Novell Netware default servlet found. All default code should be r      emoved from the system.
+ OSVDB-3233: GET /servlet/sqlcdsn : Netware SQL connector found. All default code should be removed fr      om web servers.
+ OSVDB-3233: GET /servlet/webacc : Netware Enterprise and/or GroupWise web access found. All default c      ode should be removed from Internet servers.
+ OSVDB-3233: GET /servlet/webpub : Netware Web Publisher found. All default code should be removed fro      m web servers.
+ OSVDB-3233: GET /OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc : Oracle Applications help page found.
+ 4343 items checked: 38 item(s) reported on remote host
+ End Time:        2008-03-17 21:28:52 (883 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Syntax Highlighting

[Open in new window]

Author Comments

none

Rating

4.02 / 8
498 Votes