Maybe the responses from accessing a /scgi-bin/* folder, whether or not exists are completely different from any other 404.<br><br><div class="gmail_quote">On Fri, Jun 1, 2012 at 5:50 AM, Jeff Cheng <span dir="ltr"><<a href="mailto:iungltd@yahoo.com" target="_blank">iungltd@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:12pt;font-family:times new roman,new york,times,serif"><div>hello<br>can anyone help me with this: i use nikto to scan my site, and the output result show a lot of files that does not exist on my server, below are some of them:</div>
<div> i don't even have a scgi-bin folder.</div><div> </div><div><font face="新細明體">
</font></div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-11740: /scgi-bin/foxweb.dll: Foxweb
2.5 and below is vulnerable to a buffer overflow (not tested or confirmed).
Verify Foxweb is the latest available version.<u></u><u></u><u></u></font></span></div><div><font face="新細明體">
</font></div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-11741: /scgi-bin/foxweb.exe: Foxweb
2.5 and below is vulnerable to a buffer overflow (not tested or confirmed).
Verify Foxweb is the latest available version.<u></u><u></u></font></span></div><div><font face="新細明體">
</font></div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ /scgi-bin/mgrqcgi: This CGI from Magic
Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows.
Upgrade to 9.x.<u></u><u></u></font></span></div><div><font face="新細明體">
</font></div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/pollssi.cgi: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/postcards.cgi: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/profile.cgi: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/quikstore.cfg: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/register.cgi: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093:
/scgi-bin/replicator/webpage.cgi/: This might be interesting... has been seen
in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/rightfax/fuwww.dll/?:
This might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/rmp_query: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/robpoll.cgi: This
might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/scripts/*%<a href="http://0a.pl" target="_blank">0a.pl</a>:
This might be interesting... has been seen in web logs from an unknown scanner.<u></u><u></u></font></span></div><div>
</div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang">+ OSVDB-3093: /scgi-bin/simplestguest.cgi:
This might be interesting... has been seen in web logs from an unknown scanner.</font></span></div><div style="margin:0cm 0cm 0pt"><span lang="EN-US"><font face="Batang"></font></span> </div><div style="margin:0cm 0cm 0pt">
<span lang="EN-US"><font face="Batang">thanks!!!<var></var></font></span></div><div>
</div></div></div><br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Atte:<br>Matías Aereal Aeón<br>