[Solar-tecnica] Re[2]: consulta iptables

josx josx en interorganic.com.ar
Lun Mar 27 14:58:59 CEST 2006 

El Jueves 23 Marzo 2006 16:22, Ricardo Frydman Eureka! escribió:
> Que significa josx? Debo admitir que no conocia nikto...

Nikto es una herramienta basada en libwhisker (http://www.wiretrip.net/, 
pequeña/gran base de datos de testeos para encontrar errores/warnings o lo 
que sea en el puerto 80)..

Aquí les envió lo que sale con solar.
Algunos son falsos positivos pero a veces saca cosas interesantes....



---------------------------------------------------------------------------
- Nikto 1.35/1.35     -     www.cirt.net
+ Target IP:       200.32.3.166
+ Target Hostname: www.solar.org.ar
+ Target Port:     80
+ Start Time:      Mon Mar 27 09:46:02 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_mono/0.8 mod_jk/1.2.5 
Chili!Soft-ASP/3.6.2 PHP/4.3.4 mod_perl/1.26 FrontPage/5.0.2.2510 
mod_auth_pgsql/0.9.12
- Retrieved X-Powered-By header: PHP/4.3.4
+ PHP/4.3.4 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.27 appears to be outdated (current is at least Apache/2.0.54). 
Apache 1.3.33 is still maintained and considered secure.
+ mod_mono/0.8 appears to be outdated (current is at least 0.11)
+ mod_jk/1.2.5 appears to be outdated (current is at least 1.2.6)
+ PHP/4.3.4 appears to be outdated (current is at least 5.0.3)
+ mod_perl/1.26 appears to be outdated (current is at least 5.8)
+ FrontPage/5.0.2.2510 appears to be outdated (current is at least 5.0.4.3) 
(may depend on server version)
+ mod_auth_pgsql/0.9.12 appears to be outdated (current is at least 2.0.2b1)
+ mod_auth_pgsql/0.9.12 - This version allows an SQL insertion attack that 
could allow attackers to execute arbitrary SQL commands.
+ Apache/1.3.27 - Windows and OS/2 version vulnerable to remote exploit. 
CAN-2003-0460
+ FrontPage - 
http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html
+ Apache/1.3.27 - Apache 1.3 below 1.3.29 are vulnerable to overflows in 
mod_rewrite and mod_cgi. CAN-2003-0542.
+ /~root - Enumeration of users is possible by requesting ~username (responds 
with Forbidden for real users, not found for non-existent users) (GET).
+ /icons/ - Directory indexing is enabled, it should only be enabled for 
specific directories (if required). If indexing is not used all, the /icons 
directory should be removed. (GET)
+ / - TRACE option appears to allow XSS or credential theft. See 
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details 
(TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals 
potentially sensitive information via certain HTTP requests which contain 
specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals 
potentially sensitive information via certain HTTP requests which contain 
specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals 
potentially sensitive information via certain HTTP requests which contain 
specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals 
potentially sensitive information via certain HTTP requests which contain 
specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable 
to a remote execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script>  
- Led-Forums allows any user to change the welcome message, and it is 
vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc 
- Needs Auth: (realm "phpMyAdmin running on localhost-0")
+ /index.php?base=test%20 - This might be interesting... has been seen in web 
logs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web 
logs from an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web 
logs from an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in 
web logs from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in 
web logs from an unknown scanner. (GET)
+ /index.php?topic=<script>alert(document.cookie)</script>
%20 - This might be interesting... has been seen in web logs from an unknown 
scanner. (GET)
+ 2658 items checked - 15 item(s) found on remote host(s)
+ End Time:        Mon Mar 27 09:56:35 2006 (633 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested





-- 
Ing. Di Biase José Luis
Contactos -->[ <http://www.joseluisdibiase.com.ar> - Blog]
Contactos -->[ <http://www.interorganic.com.ar/josx/> - Info Personal]
Contactos --> Tel: +54-11-4382-9533
GnuPG Public Key: 0xF6396FCC

Más información sobre la lista de distribución Solar-tecnica