[Nikto-discuss] db_404_strings processing

Geoff Galitz geoff at galitz.org
Mon Nov 19 11:51:44 CST 2012 

If I use curl -v to inspect it, it shows as a 404, though we return a
pretty big page with that.

It seems like all of these false positives are XSS related.  When I issue
that URL manually (in a web browser or via curl) I get the expected custom
404 page.

Among the vast volume of output from nikto are lines like this:

+ OSVDB-651:
/cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
This CGI is vulnerable to Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-651:
/cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
This CGI is vulnerable to Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7022:
/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.

It could be that my theory on why this is happening is just plain wrong.

-G


> That should work. what is the response code you're sending for 404s, is it
> 200 or something else?
>
> Also, you can put them in udb_404_strings so an update won't step on your
> own changes.
>
> -Sullo
>
> On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org> wrote:
>
>>
>>
>> Hi all.
>>
>> I am getting what seem to be false positives.  I suspect nikto is not
>> recognizing the custom 404s we send out.  I've added some of the text
>> and
>> some of the unique code of our 404 to db_404_strings but it does not
>> seem
>> to help.
>>
>> I am wondering if I need to do anything special after simply adding some
>> text to that file?  Currently I have this:  <div id="not-found-content"
>> style="bottom: 98px;">
>>
>> Would special punctuation cause a problem?
>>
>> -G
>>
>>
>>
>> ------------------------------
>> Geoff Galitz
>> http://www.galitz.org
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>
>
>
> --
>
> http://www.cirt.net     |      http://richsec.com/
>


------------------------------
Geoff Galitz
http://www.galitz.org

More information about the Nikto-discuss mailing list