[Nikto-discuss] Nikto 2.02/2.03 behaving funny with authentication

Frank Breedijk FBreedijk at schubergphilis.com
Mon Oct 6 13:51:27 UTC 2008


Here is the Nikto report:
---------------------------------------------------------------------------
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 195.43.158.13
+ Target Hostname: 195.43.158.13
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Ciphers: DHE-RSA-AES256-SHA
Info: /C=NH/ST=NH/L=Amsterdam/O=Deloitte and Touche/OU=ERS/CN=INVision.deloitte.nl
Subject: /emailAddress=support at deloitteinvision.nl/C=NH/ST=NH/L=Amsterdam/O=Deloitte and Touche/OU=ERS/CN=invisionweb-s.deloitte.nl
+ Start Time: 2008-10-05 1:09:01
---------------------------------------------------------------------------
+ Server: Microsoft-IIS/6.0
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ ERROR: Authorization is required, but bogus auth test appeared to work. Server is a bit whacked.
+ /?mod=<script>alert(document.cookie)</script>&op=browse - Requires Authentication for realm ''
+ /?sql_debug=1 - Requires Authentication for realm ''
+ /// - Requires Authentication for realm ''
+ /?PageServices - Requires Authentication for realm ''
+ /?wp-cs-dump - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ / - Requires Authentication for realm ''
+ /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// - Requires Authentication for realm ''
+ /?pattern=/etc/*&sort=name - Requires Authentication for realm ''
+ /?D=A - Requires Authentication for realm ''
+ /?N=D - Requires Authentication for realm ''
+ /?S=A - Requires Authentication for realm ''
+ /?M=A - Requires Authentication for realm ''
+ /?\\"><script>alert('Vulnerable');</script> - Requires Authentication for realm ''
+ 2785 items checked: 0 item(s) reported on remote host
+ End Time: 2008-10-05 1:13:01 (233 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Frank Breedijk, CISSP
Mission Critical Engineer, Security
Schuberg Philis

phone:    +31 20 750 65 00
direct:   +31 20 750 65 38
mobile:   +31 6 438 22 637
email:    fbreedijk at schubergphilis.com

www.schubergphilis.com

Star Parc
Boeing Ave 271
1119 PD Schiphol-Rijk
THE NETHERLANDS





More information about the Nikto-discuss mailing list