What attacks is possible for below, any help as how exactly that can be done.
- Nikto v2.1.6
Target IP: 10.11.1.24
Target Hostname: 10.11.1.24
Target Port: 80
+ Start Time: 2016-05-30 10:51:04 (GMT-4)
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
Retrieved x-powered-by header: PHP/5.2.3-1ubuntu6
The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Cookie csid created without the httponly flag
Cookie cart_languageC created without the httponly flag
Cookie secondary_currencyC created without the httponly flag
Uncommon header 'tcn' found, with contents: list
Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
PHP/5.2.3-1ubuntu6 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
Apache/2.2.4 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://127.0.0.1/images/".
Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
Web Server returns a valid response with junk HTTP methods, this may cause false positives.
DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
Cookie acsid created without the httponly flag
Cookie cart_languageA created without the httponly flag
Cookie secondary_currencyA created without the httponly flag
/admin/config.php: PHP Config file may contain database IDs and passwords.
/admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.
/admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
/config.php: PHP Config file may contain database IDs and passwords.
/config/: Configuration information may be available remotely.
OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
OSVDB-3233: /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
OSVDB-376: /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
OSVDB-4804: //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs.
OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-2813: /admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
OSVDB-2842: //admin/aindex.htm: FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt
OSVDB-2922: /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords.
OSVDB-3092: /admin.php: This might be interesting...
OSVDB-3092: /admin/: This might be interesting...
OSVDB-3092: /config/checks.txt: This might be interesting...
OSVDB-3092: /install/: This might be interesting...
OSVDB-3093: /admin/auth.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/cfg/configscreen.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/cfg/configsite.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/cfg/configsql.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/cfg/configtache.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/cms/htmltags.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/credit_card_info.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/exec.php3: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/modules/cache.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/objects.inc.php4: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/script.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/settings.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/templates/header.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /admin/upload.php: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3093: /config/html/cnf_gi.htm: This might be interesting... has been seen in web logs from an unknown scanner.
OSVDB-3268: /icons/: Directory indexing found.
OSVDB-4238: /admin/adminproc.asp: Xpede administration page may be available. The /admin directory should be protected.
OSVDB-4239: /admin/datasource.asp: Xpede page reveals SQL account name. The /admin directory should be protected.
OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.
OSVDB-3092: /install/install.php: Install file found.
OSVDB-3092: /install.php: install.php file found.
Server leaks inodes via ETags, header found with file /icons/README, inode: 67942, size: 4872, mtime: Thu Jun 24 15:46:08 2010
OSVDB-3233: /icons/README: Apache default file found.
/classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://cirt.net/rfiinc.txt?: PHP include error may indicate local or remote file inclusion is possible.
/install.php?install_dir=http://cirt.net/rfiinc.txt?: PHP include error may indicate local or remote file inclusion is possible.
/config/config.txt: Configuration file found.
/config/readme.txt: Readme file found.
/admin/account.asp: Admin login page/section found.
/admin/account.html: Admin login page/section found.
/admin/account.php: Admin login page/section found.
/admin/controlpanel.asp: Admin login page/section found.
/admin/controlpanel.html: Admin login page/section found.
/admin/controlpanel.php: Admin login page/section found.
/admin/cp.asp: Admin login page/section found.
/admin/cp.html: Admin login page/section found.
/admin/cp.php: Admin login page/section found.
/admin/home.asp: Admin login page/section found.
/admin/home.php: Admin login page/section found.
/admin/index.asp: Admin login page/section found.
/admin/index.html: Admin login page/section found.
/admin/login.asp: Admin login page/section found.
/admin/login.html: Admin login page/section found.
/admin/login.php: Admin login page/section found.
/admin/html: Tomcat Manager / Host Manager interface found (pass protected)
/admin/status: Tomcat Server Status interface found (pass protected)
8348 requests: 2 error(s) and 87 item(s) reported on remote host
+ End Time: 2016-05-30 11:59:24 (GMT-4) (4100 seconds)
1 host(s) tested