Forum Thread: Hack a Site with Below Scan Results:-

I wanted to ask if a website can be hacked when a nikto scan gives the following results If it can be hacked then how -

  • Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  • OSVDB-4806: /support/messages: Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html
  • OSVDB-3092: /bank/: This might be interesting...
  • OSVDB-3092: /library/: This might be interesting...
  • OSVDB-3092: /login/: This might be interesting...
  • OSVDB-3092: /mail/: This might be interesting...
  • OSVDB-3092: /news: This might be interesting...
  • OSVDB-3092: /reports/: This might be interesting...
  • OSVDB-3092: /support/: This might be interesting...
  • OSVDB-3092: /mail/adminisist.nsf: This database can be read without authentication, which may reveal sensitive information.
  • OSVDB-3093: /mail/include.html: This might be interesting... has been seen in web logs from an unknown scanner.
  • OSVDB-3093: /mail/settings.html: This might be interesting... has been seen in web logs from an unknown scanner.
  • OSVDB-18114: /reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF: Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution
  • OSVDB-3233: /reports/rwservlet: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/showenv: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/showmap: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/showjobs: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/getjobid7?server=myrep: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/getjobid4?server=myrep: Oracle Reports
  • OSVDB-3233: /reports/rwservlet/showmap?server=myserver: Oracle Reports
  • OSVDB-3092: /hr/: This might be interesting... potential country code (Croatia)

1 Response

See if there are any vulnerable software versions and check for user sanitisation

Share Your Thoughts

  • Hot
  • Active