Forum Thread: Hack a Site with Below Scan Results:-

I wanted to ask if a website can be hacked when a nikto scan gives the following results If it can be hacked then how -

• Web Server returns a valid response with junk HTTP methods, this may cause false positives.
• OSVDB-4806: /support/messages: Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html
• OSVDB-3092: /bank/: This might be interesting...
• OSVDB-3092: /library/: This might be interesting...
• OSVDB-3092: /login/: This might be interesting...
• OSVDB-3092: /mail/: This might be interesting...
• OSVDB-3092: /news: This might be interesting...
• OSVDB-3092: /reports/: This might be interesting...
• OSVDB-3092: /support/: This might be interesting...
• OSVDB-3092: /mail/adminisist.nsf: This database can be read without authentication, which may reveal sensitive information.
• OSVDB-3093: /mail/include.html: This might be interesting... has been seen in web logs from an unknown scanner.
• OSVDB-3093: /mail/settings.html: This might be interesting... has been seen in web logs from an unknown scanner.
• OSVDB-18114: /reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF: Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution
• OSVDB-3233: /reports/rwservlet: Oracle Reports
• OSVDB-3233: /reports/rwservlet/showenv: Oracle Reports
• OSVDB-3233: /reports/rwservlet/showmap: Oracle Reports
• OSVDB-3233: /reports/rwservlet/showjobs: Oracle Reports
• OSVDB-3233: /reports/rwservlet/getjobid7?server=myrep: Oracle Reports
• OSVDB-3233: /reports/rwservlet/getjobid4?server=myrep: Oracle Reports
• OSVDB-3233: /reports/rwservlet/showmap?server=myserver: Oracle Reports
• OSVDB-3092: /hr/: This might be interesting... potential country code (Croatia)