0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
68 visualizzazioni2 pagine
The document summarizes the results of a scan of the server at 127.0.0.1 port 80 using the Nikto vulnerability scanner. The scan found that the server is Microsoft IIS 5.1, allows several HTTP methods that could pose security risks like DELETE, PUT and TRACE, and found evidence that FrontPage and additional Microsoft technologies may be installed based on files and responses returned. Several potential vulnerabilities were identified relating to older versions of Microsoft software that could allow attacks like file retrieval or server information disclosure.
The document summarizes the results of a scan of the server at 127.0.0.1 port 80 using the Nikto vulnerability scanner. The scan found that the server is Microsoft IIS 5.1, allows several HTTP methods that could pose security risks like DELETE, PUT and TRACE, and found evidence that FrontPage and additional Microsoft technologies may be installed based on files and responses returned. Several potential vulnerabilities were identified relating to older versions of Microsoft software that could allow attacks like file retrieval or server information disclosure.
The document summarizes the results of a scan of the server at 127.0.0.1 port 80 using the Nikto vulnerability scanner. The scan found that the server is Microsoft IIS 5.1, allows several HTTP methods that could pose security risks like DELETE, PUT and TRACE, and found evidence that FrontPage and additional Microsoft technologies may be installed based on files and responses returned. Several potential vulnerabilities were identified relating to older versions of Microsoft software that could allow attacks like file retrieval or server information disclosure.
- ***** SSL support not available (see docs for SSL install instructions) *****
--------------------------------------------------------------------------- Nikto 2.02/2.03
cirt.net + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2008-04-29 7:30:07 --------------------------------------------------------------------------+ Server: Microsoft-IIS/5.1 - Root page / redirects to: localstart.asp - Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE , MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for de bugging and should be disabled. This message does not mean it is vulnerable to X ST. + OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server. + OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to s ave files on the web server. + OSVDB-5647: HTTP method ('Allow' Header): 'MOVE' may allow clients to change f ile locations on the web server. + OSVDB-13431: HTTP method ('Allow' Header): 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allowed but a default page exists. + OSVDB-425: HTTP method ('Allow' Header): 'PROPPATCH' indicates DAV/WebDAV is i nstalled. + OSVDB-: HTTP method ('Allow' Header): 'SEARCH' indicates DAV/WebDAV is install ed, and may be used to get directory listings if Index Server is running. - Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH + OSVDB-877: HTTP method ('Public' Header): 'TRACE' is typically only used for d ebugging and should be disabled. This message does not mean it is vulnerable to XST. + OSVDB-5646: HTTP method ('Public' Header): 'DELETE' may allow clients to remov e files on the web server. + OSVDB-397: HTTP method ('Public' Header): 'PUT' method could allow clients to save files on the web server. + OSVDB-5647: HTTP method ('Public' Header): 'MOVE' may allow clients to change file locations on the web server. + OSVDB-13431: HTTP method ('Public' Header): 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allowed but a default page exists. + OSVDB-425: HTTP method ('Public' Header): 'PROPPATCH' indicates DAV/WebDAV is installed. + OSVDB-: HTTP method ('Public' Header): 'SEARCH' indicates DAV/WebDAV is instal led, and may be used to get directory listings if Index Server is running. + OSVDB-0: Retrieved X-Powered-By header: ASP.NET + Microsoft-IIS/5.1 appears to be outdated (4.0 for NT 4, 5.0 for Win2k) + OSVDB-396: GET /_vti_bin/shtml.exe : Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. + OSVDB-0: GET /junk.aspx : ASP.net reveals its version in invalid .aspx error m essages. + OSVDB-3092: POST /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e 2%2e2611 : Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2 000-0710, BID-1608, BID-1174. + OSVDB-3092: POST /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e 2%2e2611 : Gives info about server settings. + OSVDB-3233: GET /postinfo.html : Microsoft FrontPage default file found. + OSVDB-1210: GET /scripts/samples/search/qfullhit.htw : Server may be vulnerabl e to a Webhits.dll arbitrary file retrieval. MS00-006.
+ OSVDB-1210: GET /scripts/samples/search/qsumrhit.htw : Server may be vulnerabl
e to a Webhits.dll arbitrary file retrieval. MS00-006. + OSVDB-1210: GET /Nxjw9.htw : Server may be vulnerable to a Webhits.dll arbitra ry file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. + OSVDB-877: TRACK / : TRACK option ('TRACE' alias) appears to allow XSS or cred ential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.p df for details + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. Se e http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details + Default account found for 'localhost' at /localstart.asp (ID 'administrator', PW '1234'). IntelliTouch Voip Broadband phone - Successfully authenticated to realm "localhost". + OSVDB-3092: GET /localstart.asp : This may be interesting... + OSVDB-3233: GET /_vti_bin/shtml.exe/_vti_rpc : FrontPage may be installed. + OSVDB-3233: GET /_vti_inf.html : FrontPage is installed and reveals its versio n number (check HTML source for more information). + 2967 items checked: 32 item(s) reported on remote host + End Time: 2008-04-29 7:30:07 (14 seconds) --------------------------------------------------------------------------+ 1 host(s) tested