[Nikto-discuss] MyWebServer Vulnerability on RedHat q

david lodge resident.deity at gmail.com
Mon Jan 18 13:01:59 UTC 2010


> + OSVDB-6659:
> /bLkjN0GcpsIVBsvYB4CcZLGBywbNJC4TDnAklbt4zTA8gLwJn25bpt5mEkS8SVr0I94eIYm4KAhngx6wEpUPzqIAz5wnbuvirLbw83LOxGlpUJ5yO2EZC0JwoOQZ8kM8viHbDXF7HEf2eQ1Bjixo675Ovds3ylcTXxJtQGALIFdagefzKMdhhHwGaSIXKXBIPOt8BLONllaTvmHfe1KNm0icfZEuiNO<font%20size=50>DEFACED<!--//--:
> MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later
> version.

> As I suspected the server is vulnerable to HTML injection but as far as I
> can tell MyWebServer is not running on the server and there is no Linux
> version of the application.
>
> Any ideas on why Nikto is reporting this?

Basically Nikto sends the above URL and then checks whether the
response has DEFACED on it. It sounds like your 404 page (or whatever
error page you use for a file not found) has some flavour of HTML
injection vulnerability.

Have you tried running the above URL manually? URL:
http://server/bLkjN0GcpsIVBsvYB4CcZLGBywbNJC4TDnAklbt4zTA8gLwJn25bpt5mEkS8SVr0I94eIYm4KAhngx6wEpUPzqIAz5wnbuvirLbw83LOxGlpUJ5yO2EZC0JwoOQZ8kM8viHbDXF7HEf2eQ1Bjixo675Ovds3ylcTXxJtQGALIFdagefzKMdhhHwGaSIXKXBIPOt8BLONllaTvmHfe1KNm0icfZEuiNO<font%20size=50>DEFACED<!--//--

I hate to say it as well, but you should really look at the server
logs to see where the attack has come in from - these'll generally be
much more specific than using a vulnerability assessment tool.


More information about the Nikto-discuss mailing list