False positives

Bug #1067540 reported by Pierre Rudloff on 2012-10-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nikto
Won't Fix
Unknown
nikto (Ubuntu)
Undecided
Unassigned

Bug Description

These are all false positives (pages return a 404 error):

pierre@pierre-MacBook:~$ nikto -h http://www.conseil-national.medecin.fr/
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 93.188.172.108
+ Target Hostname: www.conseil-national.medecin.fr
+ Target Port: 80
+ Start Time: 2012-10-17 23:00:48
---------------------------------------------------------------------------
+ Server: Apache
+ Retrieved x-powered-by header: PHP/5.3.6
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
+ OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ 6456 items checked: 48 error(s) and 8 item(s) reported on remote host
+ End Time: 2012-10-18 00:17:01 (4573 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nikto 1:2.1.4-2 [modified: var/lib/nikto/plugins/db_favicon var/lib/nikto/plugins/db_outdated var/lib/nikto/plugins/db_server_msgs var/lib/nikto/plugins/db_tests var/lib/nikto/plugins/db_variables var/lib/nikto/plugins/nikto_cookies.plugin var/lib/nikto/plugins/nikto_robots.plugin]
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic-pae 3.2.30
Uname: Linux 3.2.0-32-generic-pae i686
ApportVersion: 2.0.1-0ubuntu13
Architecture: i386
Date: Tue Oct 16 23:58:39 2012
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=fr_FR:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
SourcePackage: nikto
UpgradeStatus: Upgraded to precise on 2012-04-27 (172 days ago)

Pierre Rudloff (rudloff) wrote :
Changed in nikto:
status: Unknown → New
Changed in nikto:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.