Security.stackexchange.com

What kind of attacks can be used on below nikto scanned server

2016-07-10

What attacks is possible for below, any help as how exactly that can be done.

- Nikto v2.1.6

Target IP: 10.11.1.24

Target Hostname: 10.11.1.24

Target Port: 80

+ Start Time: 2016-05-30 10:51:04 (GMT-4)

Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6

Retrieved x-powered-by header: PHP/5.2.3-1ubuntu6

The anti-clickjacking X-Frame-Options header is not present.

The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS

The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type

Cookie csid created without the httponly flag

Cookie cart_languageC created without the httponly flag

Cookie secondary_currencyC created without the httponly flag

Uncommon header 'tcn' found, with contents: list

Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php

PHP/5.2.3-1ubuntu6 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.

Apache/2.2.4 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.

OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://127.0.0.1/images/".

Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE

Web Server returns a valid response with junk HTTP methods, this may cause false positives.

DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.

OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST

Cookie acsid created without the httponly flag

Cookie cart_languageA created without the httponly flag

Cookie secondary_currencyA created without the httponly flag

/admin/config.php: PHP Config file may contain database IDs and passwords.

/admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.

/admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.

/config.php: PHP Config file may contain database IDs and passwords.

/config/: Configuration information may be available remotely.

OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.

OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.

OSVDB-3233: /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.

OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.

OSVDB-376: /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.

OSVDB-4804: //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs.

OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.

OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.

OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.

OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.

OSVDB-2813: /admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein

OSVDB-2842: //admin/aindex.htm: FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt

OSVDB-2922: /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords.

OSVDB-3092: /admin.php: This might be interesting...

OSVDB-3092: /admin/: This might be interesting...

OSVDB-3092: /config/checks.txt: This might be interesting...

OSVDB-3092: /install/: This might be interesting...

OSVDB-3093: /admin/auth.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/cfg/configscreen.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/cfg/configsite.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/cfg/configsql.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/cfg/configtache.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/cms/htmltags.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/credit_card_info.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/exec.php3: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/modules/cache.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/objects.inc.php4: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/script.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/settings.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/templates/header.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /admin/upload.php: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3093: /config/html/cnf_gi.htm: This might be interesting... has been seen in web logs from an unknown scanner.

OSVDB-3268: /icons/: Directory indexing found.

OSVDB-4238: /admin/adminproc.asp: Xpede administration page may be available. The /admin directory should be protected.

OSVDB-4239: /admin/datasource.asp: Xpede page reveals SQL account name. The /admin directory should be protected.

OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.

OSVDB-3092: /install/install.php: Install file found.

OSVDB-3092: /install.php: install.php file found.

Server leaks inodes via ETags, header found with file /icons/README, inode: 67942, size: 4872, mtime: Thu Jun 24 15:46:08 2010

OSVDB-3233: /icons/README: Apache default file found.

/classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://cirt.net/rfiinc.txt?: PHP include error may indicate local or remote file inclusion is possible.

/install.php?install_dir=http://cirt.net/rfiinc.txt?: PHP include error may indicate local or remote file inclusion is possible.

/config/config.txt: Configuration file found.

/config/readme.txt: Readme file found.

/admin/account.asp: Admin login page/section found.

/admin/account.html: Admin login page/section found.

/admin/account.php: Admin login page/section found.

/admin/controlpanel.asp: Admin login page/section found.

/admin/controlpanel.html: Admin login page/section found.

/admin/controlpanel.php: Admin login page/section found.

/admin/cp.asp: Admin login page/section found.

/admin/cp.html: Admin login page/section found.

/admin/cp.php: Admin login page/section found.

/admin/home.asp: Admin login page/section found.

/admin/home.php: Admin login page/section found.

/admin/index.asp: Admin login page/section found.

/admin/index.html: Admin login page/section found.

/admin/login.asp: Admin login page/section found.

/admin/login.html: Admin login page/section found.

/admin/login.php: Admin login page/section found.

/admin/html: Tomcat Manager / Host Manager interface found (pass protected)

/admin/status: Tomcat Server Status interface found (pass protected)

8348 requests: 2 error(s) and 87 item(s) reported on remote host

+ End Time: 2016-05-30 11:59:24 (GMT-4) (4100 seconds)

1 host(s) tested