[Nikto-discuss] False positives
Frank Breedijk
FBreedijk at schubergphilis.com
Wed Mar 31 12:32:51 UTC 2010
Encountered a few false positives
Test 3120
Query /?pattern=/etc/*&sort=name will return OK even if the system is not vulnerable. Default apache install will return ok and disregard query parameters
Maybe we should look if the returned value contains passwd and shadow
Test 999972 from nikto_httpoptions.plugin
Apache servers will handle the DEBUG normally like an GET or POST (haven't been able to found out which) so it's not vulnerable.
seccubus at agent ~ $ telnet seccubus.com 80|head
Trying 79.141.36.205...
Connected to seccubus.com.
Escape character is '^]'.
DEBUG / HTTP/1.1
Host: seccubus.com
HTTP/1.1 200 OK
Date: Wed, 31 Mar 2010 12:28:33 GMT
Server: Apache
Set-Cookie: 652a57d4ecf6fbbfc14c76b1a9f31619=0541bf502c1a793e28db4cf6a0b9b8a5; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 31 Mar 2010 12:28:37 GMT
Frank
More information about the Nikto-discuss
mailing list