[Nikto-discuss] cPanel issues
aaron bishop
abishop at linux.com
Wed Jun 20 18:03:12 CDT 2012
Hello All. I've bene using nikto for a few months now and I absolutely
love it. I have come across an issue when I scan a site that has cpanel
installed. When I scan port 2095, which is a cpanel webmail login page, it
gets dozens of false positives reported because everything on 2095 gets
redirected to the login page and the URI sent is included in the body, or
in the case of plugin 000294 which looks for
www.example.com/sips/sipssys/users/a/admin/user and falis if Password is
returned it fails because it's a login page and it has Password as one of
the fields for the login. Is there a good way to handle this without
modifying db_tests to require 200 ok for everything which I don't think is
the best solution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20120620/646bedf4/attachment.html>
More information about the Nikto-discuss
mailing list