Public bug reported: These are all false positives (pages return a 404 error):
pierre@pierre-MacBook:~$ nikto -h http://www.conseil-national.medecin.fr/ - Nikto v2.1.4 --------------------------------------------------------------------------- + Target IP: 93.188.172.108 + Target Hostname: www.conseil-national.medecin.fr + Target Port: 80 + Start Time: 2012-10-17 23:00:48 --------------------------------------------------------------------------- + Server: Apache + Retrieved x-powered-by header: PHP/5.3.6 + No CGI Directories found (use '-C all' to force check all possible dirs) + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit. + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + 6456 items checked: 48 error(s) and 8 item(s) reported on remote host + End Time: 2012-10-18 00:17:01 (4573 seconds) --------------------------------------------------------------------------- + 1 host(s) tested ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: nikto 1:2.1.4-2 [modified: var/lib/nikto/plugins/db_favicon var/lib/nikto/plugins/db_outdated var/lib/nikto/plugins/db_server_msgs var/lib/nikto/plugins/db_tests var/lib/nikto/plugins/db_variables var/lib/nikto/plugins/nikto_cookies.plugin var/lib/nikto/plugins/nikto_robots.plugin] ProcVersionSignature: Ubuntu 3.2.0-32.51-generic-pae 3.2.30 Uname: Linux 3.2.0-32-generic-pae i686 ApportVersion: 2.0.1-0ubuntu13 Architecture: i386 Date: Tue Oct 16 23:58:39 2012 PackageArchitecture: all ProcEnviron: LANGUAGE=fr_FR:en TERM=xterm PATH=(custom, no user) LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: nikto UpgradeStatus: Upgraded to precise on 2012-04-27 (172 days ago) ** Affects: nikto (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1067540 Title: False positives To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nikto/+bug/1067540/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
