free_kode freekode-mashine nikto -h worldwebstudio com Nikto v2 03 04

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
free_kode@freekode-mashine:~> nikto -h worldwebstudio.com
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP: 62.149.16.107
+ Target Hostname: worldwebstudio.com
+ Target Port: 80
+ Start Time: 2009-06-02 18:50:21
---------------------------------------------------------------------------
+ Server: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.7e-p1 PHP/4.4.9
- Root page / redirects to: http://worldwebstudio.com/index.php
- /robots.txt - retrieved but it does not contain any 'disallow' entries (which is odd). (GET)
- Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: Retrieved X-Powered-By header: PHP/4.4.9
+ OSVDB-0: ETag header found on server, inode: 2711519, size: 39, mtime: 0x48a188fc
+ Apache/1.3.41 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current.
+ OpenSSL/0.9.7e-p1 appears to be outdated (current is at least 0.9.8g) (may depend on server version)
+ PHP/4.4.9 appears to be outdated (current is at least 5.2.6RC4)
+ Default account found for 'Statistic for worldwebstudio.com' at @CGIDIRSawstats.pl (ID 'test', PW 'test'). Generic account discovered.
- Successfully authenticated to realm "Statistic for worldwebstudio.com".
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-12184: GET /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-12184: GET /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-12184: GET /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 16 item(s) reported on remote host
+ End Time: 2009-06-02 19:07:33 (1032 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Test Options: -h worldwebstudio.com
---------------------------------------------------------------------------
free_kode@freekode-mashine:~>