[Nikto-discuss] False positives ?
titans team
titansteamadmin at gmail.com
Mon May 11 13:41:30 UTC 2009
Hi guys,
running a scan against my apache web server shows that.
+ OSVDB-0: GET /scripts/banner.cgi : This CGI may allow attackers to read
any file on the system.
+ OSVDB-0: GET /scripts/bannereditor.cgi : This CGI may allow attackers to
read any file on the system.
+ OSVDB-0: GET /sips/sipssys/users/a/admin/user : SIPS v0.2.2 allows user
account info (including password) to be retrieved remotely.
+ OSVDB-0: GET /scripts/addbanner.cgi : This CGI may allow attackers to read
any file on the system.
+ OSVDB-0: GET /scripts/ans.pl?p=../../../../../usr/bin/id|&blah : Avenger's
News System allows commands to be issued remotely.
+ OSVDB-0: GET /scripts/ans/ans.pl?p=../../../../../usr/bin/id|&blah :
Avenger's News System allows commands to be issued remotely.
+ OSVDB-0: GET /admentor/adminadmin.asp : Version 2.11 of AdMentor is
vulnerable to SQL injection during login, in the style of: ' or =
+ OSVDB-0: GET /index.php?module=My_eGallery : My_eGallery prior to 3.1.1.g
are vulnerable to a remote execution bug via SQL command injection.
+ OSVDB-0: GET /scripts/Count.cgi : This may allow attackers to execute
arbitrary commands on the server
+ OSVDB-0: GET /isapi/count.pl? : AN HTTPd default script may allow writing
over arbitrary files with a new content of '1', which could allow a trivial
DoS. Append /../../../../../ctr.dll to replac
e this file's contents, for example.
+ OSVDB-376: GET /admin/contextAdmin/contextAdmin.html : Tomcat may be
configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-3092: GET /cgi-bin/textcounter.pl : This might be interesting...
+ OSVDB-13483: GET /adsamples/config/site.csc : Contains SQL
username/password
+ OSVDB-3092: GET /advworks/equipment/catalog_type.asp : This might be
interesting...
+ OSVDB-3092: GET /scripts/counter.exe : This might be interesting...
+ OSVDB-3233: GET /scripts/fpcount.exe : Default FrontPage CGI found.
The thing is that none of these files exist on the server.
Any idea why this shows up ?
Best Regards,
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20090511/1d7126ac/attachment.html
More information about the Nikto-discuss
mailing list