Forum Thread: Noob Question

For my work i'm trying to test the security of a web application were thinking about making available from the outside.
I ran a nikto scan on it an got back 2347 items. Not a great sign.
The one weird thing in the results though is the following.
I'm getting php errors like:

"+ /testosaveris/forums//admin/config.php: PHP Config file may contain database IDs and passwords."

But as far as I know it is not running a forum and the system uses .asp and not .php.
I also ran a search of the web root but no php files are found.

My question is, how come the scan sees those files and if they do exist where would I find them on the server.

Thanks,
Max.

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

3 Responses

Have you tried going to the specified path? "/testosaveris/forums//admin/config.php"

Yeah, tried that to but I get a 404 as expected.

If there's no sign if php at all, i could only think that it was a false positive. Have you tried: "locate php"?

Share Your Thoughts

  • Hot
  • Active