Hacking with Nikto
What can i do with this?
- Server: Apache/2.2.14 (Ubuntu)
- Cookie PHPSESSID created without the httponly flag
- Retrieved x-powered-by header: PHP/5.2.17
- The anti-clickjacking X-Frame-Options header is not present.
- The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- No CGI Directories found
- Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
- Web Server returns a valid response with junk HTTP methods, this may cause false positives.