What can i do with this?
I Found Following Vulnerabilities Using Nikto Script:
- Server: Apache/2.2.14 (Ubuntu)
- Cookie PHPSESSID created without the httponly flag
- Retrieved x-powered-by header: PHP/5.2.17
- The anti-clickjacking X-Frame-Options header is not present.
- The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- No CGI Directories found
- Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
- Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- OSVDB-12184
4 Responses
https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-vulnerabilities-for-any-website-using-nikto-0151729/
Check this out.You should get what you need.
You can check exploit DB for Apache server related exploits.
https://www.exploit-db.com
Thanks a lot, but how can i use these exploits ? :D Can you give me simple example?
Based on what I can see, they have an outdated Apache version (2.2.14). I looked this version up on CVE and saw this: https://www.cvedetails.com/version/87506/Apache-Http-Server-2.2.14.html 2 code execution, 2 privilege escalation and a couple of XSS exploits as well. One of the code executions had danger level 10 on CVE, so I personally would look into exploiting this vulnerability. Searching for the exploit I found auxiliary/dos/http/apache mod isapi
Other than that, there is a MAJOR DoS exploit CVE-2011-3192 399 which could also cause some damage. There are MANY more vulnerabilities on CVE which you can try.
Share Your Thoughts