<div dir="ltr"><div><div><div>This looks like its a false positive off test 818; which is testing for a XSS in the pic parameter of phpimageview.php. <br>There should be an exception case to catch this.<br><br></div>Is there any chance you could do a test with -D dvs on this. To cut down the size of the debug file, you can edit db_tests and alter the 3rd column of test 818 and put in a "z", then run Nikto like:<br>
<br></div><a href="http://nikto.pl">nikto.pl</a> -host vulnerable -D dvs -Tuning z -Plugins tests -no404<br><br></div>One of these days I'll put in a way of doing this easily, probably something like "-Plugins tests(tids:818)", suggestions would be appreciated.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 7 February 2013 14:24, Frank Breedijk <span dir="ltr"><<a href="mailto:FBreedijk@schubergphilis.com" target="_blank">FBreedijk@schubergphilis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Recently we got some results from Nikto which we regard as false positives.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">>telnet xxx.xxx.xxx.xxx 80<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Trying xxx.xxx.xxx.xxx...<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Connected to xxx.xxx.xxx.xxx
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Escape character is '^]'.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">GET /phpimageview.php?pic=javascript:alert('Vulnerable') HTTP/1.1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"" lang="NL">Host: xxxxxxxxxxxxxxxxxxxx<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"" lang="NL"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"" lang="NL">HTTP/1.1 301 Moved Permanently<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Set-Cookie: ARPT=PZUZILSpws1CKIOL; path=/<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Date: Thu, 07 Feb 2013 14:19:39 GMT<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Server: Microsoft-IIS/6.0<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">X-Powered-By: <a href="http://ASP.NET" target="_blank">ASP.NET</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Location: <a href="https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable" target="_blank">https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable</a>')<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Content-Length: 297<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">Content-type: text/html<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><html><head><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><title>301 Moved Permanently</title><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""></head><body><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><h1>Moved Permanently</h1><p>The document has moved <a href="<a href="https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')" target="_blank">https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')</a>">here</a>.</p><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""></body></html>Connection closed by foreign host.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif"">I understand my the rule triggers, the URL is echoed back apparently unescaped. However the double quotes neutralize the XSS and if you insert a “ in the URL the webserver
 actually returns a 400 Bad Request.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Times New Roman","serif""><u></u> <u></u></span></p>
<p class="MsoNormal" style="line-height:normal"><span style="font-size:11.0pt">Kind regards,
<br>
Frank Breedijk<br>
<br>
<br>
Schuberg Philis<br>
Boeing Avenue 271<br>
1119 PD Schiphol-Rijk<br>
<a href="http://schubergphilis.com" target="_blank">schubergphilis.com</a> <br>
<br>
<a href="tel:%2B31%2020%20750%2065%2038" value="+31207506538" target="_blank">+31 20 750 65 38</a><br>
<a href="tel:%2B31%206%204382%202637" value="+31643822637" target="_blank">+31 6 4382 2637</a><br>
_____________________ </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:normal"><a href="http://frank.sbpad6.nl/" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";text-decoration:none"><img alt="Description: http://widget.sbpad6.nl/alpe_email.pl?nick=frank" border="0" height="120" width="600"></span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>

<br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><br></div>