[Nikto-discuss] MyWebServer Vulnerability on RedHat q
Rudi Kramer
rudi.kramer at gmail.com
Mon Jan 18 07:29:05 UTC 2010
Good Morning,
A client's website has been hacked and I have been asked to help see how the
site was attacked. It looks like the attacked used some sort of HTML
injection method to replace certain pages.
The server is running Redhat 5.3, Apache 2.2.3 and PHP 5.1.6.
Here is the results after running Nikto:
# perl nikto.pl -C all -h localhost
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: 2010-01-19 9:12:09
---------------------------------------------------------------------------
+ Server: Apache/2.2.3 (Red Hat)
+ OSVDB-0: Apache/2.2.3 appears to be outdated (current is at least
Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable
to XST
+ OSVDB-6659:
/bLkjN0GcpsIVBsvYB4CcZLGBywbNJC4TDnAklbt4zTA8gLwJn25bpt5mEkS8SVr0I94eIYm4KAhngx6wEpUPzqIAz5wnbuvirLbw83LOxGlpUJ5yO2EZC0JwoOQZ8kM8viHbDXF7HEf2eQ1Bjixo675Ovds3ylcTXxJtQGALIFdagefzKMdhhHwGaSIXKXBIPOt8BLONllaTvmHfe1KNm0icfZEuiNO<font%20size=50>DEFACED<!--//--:
MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later
version.
+ 3582 items checked: 4 item(s) reported on remote host
+ End Time: 2010-01-19 9:13:09 (24 seconds)
---------------------------------------------------------------------------
As I suspected the server is vulnerable to HTML injection but as far as I
can tell MyWebServer is not running on the server and there is no Linux
version of the application.
Any ideas on why Nikto is reporting this?
Regards
Rudi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100118/8fa4f8b6/attachment.html
More information about the Nikto-discuss
mailing list