For my work i'm trying to test the security of a web application were thinking about making available from the outside.
I ran a nikto scan on it an got back 2347 items. Not a great sign.
The one weird thing in the results though is the following.
I'm getting php errors like:
"+ /testosaveris/forums//admin/config.php: PHP Config file may contain database IDs and passwords."
But as far as I know it is not running a forum and the system uses .asp and not .php.
I also ran a search of the web root but no php files are found.
My question is, how come the scan sees those files and if they do exist where would I find them on the server.
Thanks,
Max.
3 Responses
Have you tried going to the specified path? "/testosaveris/forums//admin/config.php"
Yeah, tried that to but I get a 404 as expected.
If there's no sign if php at all, i could only think that it was a false positive. Have you tried: "locate php"?
Share Your Thoughts