Ubuntu
nikto package

False positives

Bug #1067540 reported by Pierre Rudloff
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nikto
Won't Fix
Unknown
nikto (Ubuntu)
New
Undecided
Unassigned

Bug Description

These are all false positives (pages return a 404 error):

pierre@pierre-MacBook:~$ nikto -h http://www.conseil-national.medecin.fr/
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 93.188.172.108
+ Target Hostname: www.conseil-national.medecin.fr
+ Target Port: 80
+ Start Time: 2012-10-17 23:00:48
---------------------------------------------------------------------------
+ Server: Apache
+ Retrieved x-powered-by header: PHP/5.3.6
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
+ OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ 6456 items checked: 48 error(s) and 8 item(s) reported on remote host
+ End Time: 2012-10-18 00:17:01 (4573 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nikto 1:2.1.4-2 [modified: var/lib/nikto/plugins/db_favicon var/lib/nikto/plugins/db_outdated var/lib/nikto/plugins/db_server_msgs var/lib/nikto/plugins/db_tests var/lib/nikto/plugins/db_variables var/lib/nikto/plugins/nikto_cookies.plugin var/lib/nikto/plugins/nikto_robots.plugin]
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic-pae 3.2.30
Uname: Linux 3.2.0-32-generic-pae i686
ApportVersion: 2.0.1-0ubuntu13
Architecture: i386
Date: Tue Oct 16 23:58:39 2012
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=fr_FR:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
SourcePackage: nikto
UpgradeStatus: Upgraded to precise on 2012-04-27 (172 days ago)

Revision history for this message
Pierre Rudloff (rudloff) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in nikto:
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in nikto:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.