[Nikto-discuss] an issue with OSVDB-10902
martinmickael at free.fr
martinmickael at free.fr
Mon May 2 09:01:18 CDT 2011
Hi all,
I'm a new user of Nikto. I like this software for his simplicity, so big thank you to developers.
But I have an issue (or maybe my error) :
I make : perl nikto.pl -h http://172.31.4.200
and I obtain "OSVDB-10902: /cgi-bin/nbmember.cgi?cmd=list_all_users: Netbilling ndmember.cgi reveals sensitive information.".
I haven't the cgi script ndmember on my web server. My cgi-bin directory exits but is empty !
No I don't understand why Nikto display this information.
Some informations :
An vim
return by nikto : Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
uname -a : Linux debian 2.6.26-2-amd64
perl nikto.pl -Version :
---------------------------------------------------------------------------
Nikto Versions
---------------------------------------------------------------------------
File Version Last Mod
----------------------------- -------- ----------
Nikto main 2.1.4
LibWhisker 2.5
db_404_strings 2.003 2011-02-19
db_content_search 2.000 2011-02-19
db_embedded 2.004 2011-02-19
db_favicon 2.006 2011-02-19
db_headers 2.007 2011-02-19
db_httpoptions 2.002 2011-02-19
db_multiple_index 2.005 2011-02-19
db_outdated 2.014 2011-02-19
db_realms 2.002 2011-02-19
db_server_msgs 2.005 2011-02-19
db_subdomains 2.005 2011-02-19
db_tests 2.017 2011-02-19
db_variables 2.003 2011-02-19
nikto_apache_expect_xss.plugin 2.03 2011-02-19
nikto_apacheusers.plugin 2.05 2011-02-19
nikto_auth.plugin 2.03 2011-02-19
nikto_cgi.plugin 2.05 2011-02-19
nikto_content_search.plugin 2.04 2011-02-19
nikto_cookies.plugin 2.01 2011-03-06
nikto_core.plugin 2.1.5 2011-02-19
nikto_core.plugin.debug 2.1.4 2011-02-19
nikto_dictionary_attack.plugin 2.03 2011-02-19
nikto_embedded.plugin 2.06 2011-02-19
nikto_favicon.plugin 2.08 2011-02-19
nikto_headers.plugin 2.09 2011-02-19
nikto_httpoptions.plugin 2.09 2011-02-19
nikto_msgs.plugin 2.06 2011-02-19
nikto_multiple_index.plugin 2.02 2011-02-19
nikto_outdated.plugin 2.08 2011-02-19
nikto_put_del_test.plugin 2.04 2011-02-19
nikto_report_csv.plugin 2.05 2011-02-19
nikto_report_html.plugin 2.05 2011-02-19
nikto_report_msf.plugin 1.00 2011-02-19
nikto_report_nbe.plugin 2.01 2011-02-19
nikto_report_text.plugin 2.05 2011-02-19
nikto_report_xml.plugin 2.05 2011-02-19
nikto_robots.plugin 2.04 2011-02-19
nikto_single.plugin 2.03 2011-02-19
nikto_ssl.plugin 2.00 2011-02-19
nikto_subdomain.plugin 2.01 2011-02-19
nikto_tests.plugin 2.03 2011-02-19
---------------------------------------------------------------------------
Module RPC::XML missing. Logging to Metasploit is disabled.
Module RPC::XML::Client missing. Logging to Metasploit is disabled.
SSL: Net::SSLeay 1.35
---------------------------------------------------------------------------
PS : when I re-launch Nikto after removing the directory cgi-bin of my apache2, the information disappears.
More information about the Nikto-discuss
mailing list