[Nikto-discuss] False positives
Sullo
csullo at gmail.com
Wed Mar 31 12:40:48 UTC 2010
I added 'hosts' along with 'passwd' as both required matches. Not all
*nix systems have /etc/passwd...
On Wed, Mar 31, 2010 at 8:32 AM, Frank Breedijk
<FBreedijk at schubergphilis.com> wrote:
> Encountered a few false positives
>
> Test 3120
> Query /?pattern=/etc/*&sort=name will return OK even if the system is not vulnerable. Default apache install will return ok and disregard query parameters
> Maybe we should look if the returned value contains passwd and shadow
>
> Test 999972 from nikto_httpoptions.plugin
> Apache servers will handle the DEBUG normally like an GET or POST (haven't been able to found out which) so it's not vulnerable.
> seccubus at agent ~ $ telnet seccubus.com 80|head
> Trying 79.141.36.205...
> Connected to seccubus.com.
> Escape character is '^]'.
> DEBUG / HTTP/1.1
> Host: seccubus.com
>
> HTTP/1.1 200 OK
> Date: Wed, 31 Mar 2010 12:28:33 GMT
> Server: Apache
> Set-Cookie: 652a57d4ecf6fbbfc14c76b1a9f31619=0541bf502c1a793e28db4cf6a0b9b8a5; path=/
> P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
> Expires: Mon, 1 Jan 2001 00:00:00 GMT
> Last-Modified: Wed, 31 Mar 2010 12:28:37 GMT
>
> Frank
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
--
http://www.cirt.net | http://www.osvdb.org/
More information about the Nikto-discuss
mailing list