July 21st, 2008 05:33 PM
Nikto Result Interpretation
I'm new here and I'm not sure if my question might seems so dummy to you so excuse me if it's not a right place to ask it.
I used nikto for a site (not mine). I paste some lines here:
+ OSVDB-0: GET /scripts/samples/details.idc : See RFP 9901; www.wiretrip.net
+ OSVDB-396: GET /_vti_bin/shtml.exe : Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
+ OSVDB-0: GET /cgi-perl/handler.cgi : Variation of Irix Handler? Has been seen from other CGI scanners.
+ OSVDB-0: GET /cgi-perl/finger.pl : finger other users, may be other commands?
+ OSVDB-0: GET /cgi-perl/get32.exe : This can allow attackers to execute arbitrary commands remotely.
+ OSVDB-0: GET /cgi-perl/gm-authors.cgi : GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/wo...reymatter.html for more info.
+ OSVDB-0: GET /cgi-perl/photo/protected/manage.cgi : My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ OSVDB-0: GET /cgi-perl/wrap.cgi : possible variation: comes with IRIX 6.2; allows to view directories
+ OSVDB-0: GET /forums/@ADMINconfig.php : PHP Config file may contain database IDs and passwords.
and much more.....Now think that the site is:www.mmm.biz
I tried:www.mmm.biz/cgi-perl/gm-authors.cgi after I saw this result:
"+ OSVDB-0: GET /cgi-perl/gm-authors.cgi ....."
but the site says:
"The page you requested could not be found...
Click here to continue"
Now my question is that what's the interpretation of nikto results? Where did he get /cgi-perl/gm-authors.cgi if it does not exists? or where can I access to this directory or others?
I searched a lot for an interpretation example of nikto results but I didn't found anything. Please let me if you know any.
Thanks a lot
By Irongeek in forum The Security Tutorials Forum
Last Post: December 6th, 2005, 09:35 AM
By Egaladeist in forum Spyware / Adware
Last Post: April 15th, 2005, 11:30 PM
By Tiger Shark in forum Microsoft Security Discussions
Last Post: January 14th, 2005, 07:47 PM
By geepod in forum AntiOnline's General Chit Chat
Last Post: June 21st, 2003, 11:07 AM
By t2k2 in forum IDS & Scanner Discussions
Last Post: June 11th, 2003, 08:39 PM