| # ./nikto.pl -h
http://192.168.2.107:8080 - Nikto v2.1.1 --------------------------------------------------------------------------- + Target IP: 192.168.2.107 + Target Hostname: 192.168.2.107 + Target Port: 8080 + Start Time: 2010-06-13 22:13:31 --------------------------------------------------------------------------- + Server: Apache-Coyote/1.1 - Root page / redirects to: http://dojo-vm.local:8080/index.html + No CGI Directories found (use '-C all' to force check all possible dirs) + ETag header found on server, fields: 0xW/261 0x1114607402000 + Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS + OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server. + OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server. + OSVDB-6659: /mjFX8brYX4XqE9G2BdzkDGJGyvcDzMQTShU3z5Cpdi4y8tcyQtA3CVVEfNrQQ9nhMJHe3xfEPehXTbNf2cWkbs 7JuVDsWBEbRlYkevS2iXw3BzH4oLs55NpPJP8bbmCUgcGWDkfaT60KyK1NU5Fo2RMBr6tGlptILvA3Lkh9441aY94UWxyDoXlTN AaHYGkGUgepwTILhLWFGky2lVOGiOzlMR8zr2Y<font%20size=50>DEFACED<!--//--: MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version. + ERROR: /phpinfo.php?cx[]=0wPWh8x1RITF6DMjETySQtsFqXJi0dHkZMlKCklXAfZuiuw9mVwUypCpsXIkOs0GxIgwBsQO8hcPRV0ior0q0Ui5 z8Mg5mAABeonchsulTrOMq2fnOj1U3LVFa6XjWS3yCiJty2K2oqWM0WzMDYnn7BxnH9t8giKw8SrF8TznhOesT3OWgDdBejRCxqXOBN3d2X 0IwkkChJmcP7mD7zugr63IcNFqNhCsHDCz6zZM4dbO59gI68RVL7xMr6AigWQ14TyUPCKU5R9Uce4mPyCeVH3NX9cgjzRliXbKw4X1Vu57cw skaSu09lWP7VX9SGpxHLosC4vMUZRSPu6QmgbhjshZVqTVGCdaLhFzDglSe8zf4g9qtjI8mLpCZsJcYxksFYx62JvY9GnbI50vETypcRa0JdnwolTb MXIzJ8kCYk2Og5KRqOroB3zvvLRKAoRXByyz3A9sX42gMXOJW61gHrfc4huoYpfjKje8oUavWkoqe8k8mchwwslPYiI1aSc8mugugGOU1r6kDL EpVEIc4s0key0zDPGPD2IH4ogsY49mL9KcqHg3uMtFT3tNV50TD3LDcGxHBSl8I9ALcv1wLZOiYuBycNQekIVVWxyXN4BkOQjpz6KGms4Qh 2CkkwfSRCFfGx0MLk1VDhIxT44XGceqyx3ogF3r4GInWh2jLusBjuiIS4CRf0xeuUStYjfUhtBOBvK8YKXAOvAiEKCoGRyJ83LTEoTed49c6HB3 3uynAN7b4RHEFFH98Vc8wxSllcXZMixiLF0cftJ2MC0Tmavzjep9WYdQdbVg6i5G8STgD7qGpcuUZjcgf5dP25f3iZRHcB8cSSEGIiz0FyzUYHhCY tVmyjiVO3Xu6CGyiVXf1IGUBn1AZA8tOALFvrnh3ntFsMgcqrYOZ4vSvo9NMOPTlWJOMidKEefiN7p8CyaFItOAfH8oMoUhptJsDXl6mer1pRIrr WKmAFh39xSBv3kamicce7yvRX1vJbZp4BKBqJeVh5ODRprbfx97SfsQ2YDgcKUqJTRCuFxflGiV520EhMo5wLj6ap6lSzVzXuGuYo6oR1XnD9tx hyxkLWVUIVfrmExNKzX5lFLp8PDkIp4QpxXKbW2Y4ivNtVPZw32U7nJFlAhIT1guJGwrjxzPGaRBiTus0WosHLkMxznH4a2Ch7p6L1lllIm70GX qTIsFq7nRDYswNJthN5Cz0FSzTl8oYN7SuVlLIiScty22OcdHZlz8lssvOdZEF95r8KYazCe0J4DeX0gKyUo7Dsj0uYq8SWDCwPaUYPUOXlhul1ud Geif4hdEh8hSMMz5LX10MnANwj4XPsI4esHfIiUOgPOPbBRfF9bowuEQvnbvPSkDvqpaaXdEN9lKHSETjwGMyUmwNU2TlJtMDAqXYKVnFIo Iby6i7xq9ikaJObOrrWYTBGZT5oeha8meSn23e6h9FkQlDb6WOXB2Qob78F3cMnHV1VqGa1VWHcHsI03bRV6KtEJ2QkTEFeG48XKP3d8emcEJ UctwXmK6c6sUZMBpNHwoDv5eWs0EqHichvBd2OspCZLgLQAP1cgUhlbjNMxaMIWf3HHLrbw8ujYtCe2vA9S1Sacuvl26zqD7lNmTbUVufyy9 m9BLGXdyR0qhB55XP0YsaeENnQ9crngMYBTrwyda3BHQ2MfY0sau6FWP46L3u497uLEthpKzkRPwBPewZOJbiwErgnjum2uPG7GSFXYfyiB MqDX2Wbr46bvJrr83BQDQMGoroAd0gwS98t04EmY107W261mSaqA11YeO7VjMNKlv17VBMbKHloOlSRTXHPOBf2ujvTyxZtco2T1GwstZ8il zLbCCzaxOgagdAT4qsWAJCtZeeBV6MkuIKhwCqXgeiSGJhKRLnQWtndS9pVrAUcf0Ez5ruQZAblafhW6wS16LL04HGzw4YkFHqOvpbEs0LfeB 0oiFV7jTkVy298jXaeH0yDiKOH8QQ02p1JEKMl0RgeccJY6KXwJFTlICnDiZrtCqpYcx3irLieg3PZHpZHWFL8s7nqKBDXW8DJcZbDaHYrZP4rT hxApxokh50WLwEKq3wRpZGaoAkGrCiYE7sF1LwbQ56xyZzZvBwBqCDtZlNqiiDFBDBO4XvKx3xkX3eXxu5dZd42BbJ23FRw58I9L0xgr9tAN eOPJJwYsQA2haYq5QQNyIRhhTlvjlWFg4CIx9RR1DQriR2m8QfJzygvVIZKO4j16JsiYv5okscZrhxnCwhh3IKuEg8OtJ4SPujGnewkIAlisU3kvHQ9 h4w1HIyufhCXAsANewAsNF8Q23dqPAyPYJC2N2U8BycSh3x8hmycQvcfRflYRodWdCDRhpRLaJTt8GwWMIUmkoTilYjEYgiDzz9FMow65BS WGe8MZBvGl95fkpPq1rJfKsuaV85nKSxV3NoyStoygD9ZpD31zHDXGW4xAfVQlh1eM9JQ4twr89RpnHG3uTBPeh5u3PO8LTyHStVORTVFq9w yca7Fw7IM2HZJU1EtlYezqT7jFw0FlST74FtRbB8V8N0pIRduQgx6t7rGojdLMpsH5KmlynySOxF2kAzYoGoyl3YBnQIqAsvkZPA3uN7p8mhpgbon HtSxnsbG47yOuKsMtqPaMCb3BMpXuwW66RtK1uJfs7TcA3YcDxTUz0B7G3o3iE1tV29VotOG9Myj9PutSc7DKdUBpvKVIEAKHFFl1lL4bGOLa uqW1gwUN4SvJPDmRHeyJMWoowfgC9lkejJNYlNNr3365VkXRJrstdESnjLrC2wfcZhSqXa5GtGxF0BqPaI6djJbuLE0wZSBVLteaWdONVDpSX9 ehrkeEhfjiaqRpoOr6gKPvQmCJ0ELy41lDp9lGN6NiPJfsJA73SiidNwBjhBUk4WidFWtfcakcAoL1HtpsPEGDicJSv7KHvOmdJMggZctzEi2oCeKlQy dfpWUU98ZmpUaj03nwWbTT5kAcKKiNvydt0bJT2YGecnd9Tl7RsuP1F1iIR0bX73STkjxcqbPD8wXsq7oiyp10no5yB8qNk0gLyntg8ZefLaO87b0f6 DOpetfugVbbgZ7OLNKKerob1SDPmW3SJUQNQUSvfjADs7ZrXOR6ufHTlq8C5zStVMOTcq620pZtb86hlX5RIkDclXWaSKYXMvTYigiuzqGBD qwWJaOyHTlZAllPnszs0X9ETp4LEa5Hxh6he1kmYp5eVpMocn7WEQF460pkpwu0CVLM1Ahfn37CRgaP3elYQOHCdpq6uk6ArXszqmHSgXwsw sGpsOosrPqNjnlW4mMd5pwo3SF4y5pdIiB4yWqGKARJ314U1L1xlkMfkkq5tP1ms1y6EZm5V4fPiRUdYmD7BYRaTUof96gMG4L0NA0yGfG7WD 6WJIEAhrrnAdoxPvaxpdJJYGlnvPgHuajfuP1IZWDNheOzWDHh7PZ4wQjzg4kOW3SFgGmEeBgV9x9rRyAOxZbq9TC8jZj5nmgFftEZPPoSVZhW wAouAIiNZS5uYeHuPc5lvxX2R8z1ABcPC5HEQ482ng3VzvDfPhloo80YlIsHV3xbJywUck1lJue7INrEpehgkPVarhfqGeq16KIEO6Ja7PMOiVZJAbt voLIgnOgkrrgZdcQ1ruE7NvFzA0ZSiMvjeuVCYpq6dLOd2FQu977tx7is8eVk2GNpPI6sJeXXFV3jd1bK7l0G0ox1NB8vHteOsCqjGrYj3owsLYS31d DiPiLduTmlfUIhE72bJ9erYYoMKlXbyFF3EbBu3DzoBLCtgDG4GzGJwD0GvdQGkrsn2HtPVhhZfScJzM08Z1p7tQ7xRt6D6kv0jwU5WpV4cVRKs D0jUaiVS6CgOl6Rj0dY5GG6NaVayenHG0quxbRXz1ZighaJRdJP06FhNDP1upWnc266h273ayfxeNx5pG98WsAR9z0nT3iGsYgs3IvO0Ryx7NK3G dRfxiqDDXrlfgxbZmRk7KGNoalMmK3Vpxfk9vHmNVe0j634O9OhtrGZ1rd7dj3LjuhC82uFrB2x51d55rhiTtHBFYalYQnmHLR8zZhEMhbGpc4SD3 OcJhiaPKGZctMCZ6LliUyWHoXBVITn<script>alert(foo)</script> returned an error: error reading HTTP response + 3818 items checked: 5 item(s) reported on remote host + End Time: 2010-06-13 22:14:53 (82 seconds) --------------------------------------------------------------------------- + 1 host(s) tested |
| # ./nikto.pl -h
http://192.168.2.107:3000 - Nikto v2.1.1 --------------------------------------------------------------------------- + Target IP: 192.168.2.107 + Target Hostname: dojo-vm.local + Target Port: 3000 + Start Time: 2010-06-13 22:22:44 --------------------------------------------------------------------------- + Server: WEBrick/1.3.1 (Ruby/1.8.7/2009-06-12) + robots.txt retrieved but it does not contain any 'disallow' entries (which is odd). + No CGI Directories found (use '-C all' to force check all possible dirs) + ETag header found on server, inode: 187690, size: 99, mtime: 0x461bf506 + Number of sections in the version string differ from those in the database, the server reports: webrick/1.3.1(ruby/1.8.7/2009-06-12) while the database has: 1.3.1. This may cause false positives. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS + /search.php?searchfor=\"><script>alert('Vulnerable');</script>: Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + /forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-3268: /docs/: Directory indexing is enabled: /docs + OSVDB-6659: /lQXd3Xte8ytxtKwsZl5HZEsNVjrcrGg2Tuh8iyrbE3Wr1Hg7WLpzu6Y7BQTexRmBYz5spzE2WKqTiT4tzP3LUPwDwj0yHANw7 e5wYw8Y9sBEVCPt3o0VCrzSUqfwVG2SD3NWHjP0sAeAw84tDUMrbWeGkx40UJFfGPohCSKdznThS0p3gnaA5NBFnoLurmXDA9CssltWwCa 7J0AwHeuF11UNJwNDtdE<font%20size=50>DEFACED<!--//--: MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version. Nested quantifiers in regex; marked by <-- HERE in m/^//pls/portal/owa_util.cellsprint?p_theQuery=select+* <-- HERE +from+sys.dba_users\??/ at /admin/tools/web/nikto-2.1.1/plugins/nikto_core.plugin line 332, <IN> line 451. |