For my work i'm trying to test the security of a web application were thinking about making available from the outside.
I ran a nikto scan on it an got back 2347 items. Not a great sign.
The one weird thing in the results though is the following.
I'm getting php errors like:
"+ /testosaveris/forums//admin/config.php: PHP Config file may contain database IDs and passwords."
But as far as I know it is not running a forum and the system uses .asp and not .php.
I also ran a search of the web root but no php files are found.
My question is, how come the scan sees those files and if they do exist where would I find them on the server.