[Nikto-discuss] Newbie needs help
davidkl at ivision.com.au
Thu Sep 17 22:20:47 UTC 2009
Thanks for emailing!
The first thing I want to draw your attention to is the OSVDB entries.
OSVDB stands for Open Source Vulnerability Database; it offers many
lists of current and past vulns.
The number that you see in Nikto's report (2799) is the unique OSVDB
vulnerability number. Go to the OSVDB website http://osvdb.org/ and type
"2799" in on the left hand side where it says OSVDB ID Lookup.
You will then arrive at the page http://osvdb.org/show/osvdb/2799 I also
recommend on clicking the security focus link within that report as they
often have PoC's of the vuln.
For example http://www.securityfocus.com/archive/1/344032
Bug is found in this script:
DailyDose v 1.1 (by www.onlinearts.net)
The script (dose.pl) does not check the input:
($command,$list,$temp, $id) = split ("&",$data,4);
. . .
local ($template) = "$tempdir/$temp";
open(TEMPL, "$template") || print "no file found $template!";
#open without check var. $temp
^ webserver ----------------------------^vuln
scrpt^req-----^anyfile--------^ unix command 'ls' for list directory.
If you have any further questions feel free to ask! :-)
P.S yes you are vulnerable, you should probably change the perl script
so that it validates (sanitizes) input.
From: nikto-discuss-bounces at attrition.org
[mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Tony Wasson
Sent: Friday, September 18, 2009 12:47 AM
To: nikto-discuss at attrition.org
Subject: [Nikto-discuss] Newbie needs help
I'm a newbie to nikto, have ran several scans and the output has items
like the ones below,
Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting
DailyDose 1.1 is vulnerable to a directory traversal attack in the
How does one interpret this? do I have an actual vulnerability?
Notice: This email message, including any attachments, contains
information belonging to Trinity Industries, Inc. and its business
units. It has been sent solely for the use of the intended recipients
and may be confidential, proprietary, copyrighted, and legally
privileged. If you are not an intended recipient, please advise the
sender of the error and permanently delete all copies of this email,
including any copies that may reside in your deleted box. The
unauthorized review, use, disclosure, distribution, or copying of this
email or its contents is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nikto-discuss