17. root@kali:
- Nikto v2.1.4 :
--------------------------------------------------------------------------- :
+ Target IP: 192.168.56.2 :
+ Target Hostname: 192.168.56.2 :
+ Target Port: 80 :
+ Start Time: 2013-05-25 23:06:27 :
--------------------------------------------------------------------------- :
+ Server: Apache/1.3.28 (Unix) mod_ssl/2.8.15 OpenSSL/0.9.7c :
$ :
:
:
+ No CGI Directories found (use '-C all' to force check all possible dirs) :
+ robots.txt contains 6 entries which should be manually viewed. :
+ ETag header found on server, inode: 333, size: 3583, mtime: 0x44679e27 :
+ OSVDB-27487: Apache is vulnerable to XSS via the Expect header :
+ OpenSSL/0.9.7c appears to be outdated (current is at least 1.0.0d). OpenSSL 0.9.8r is also current. :
+ mod_ssl/2.8.15 appears to be outdated (current is at least 2.8.31) (may depend on server version) :
+ Apache/1.3.28 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are
also current. :
+ Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE :
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST :
+ OSVDB-2733: Apache/1.3.28 - Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and mod_cgi. CAN-
2003-0542. :
+ OSVDB-59658: /?mod=some_thing&op=browse: Sage 1.0b3 reveals system paths with invalid module names. :
+ OSVDB-2799: dose.pl?daily&somefile.txt&|ls|: DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list'
parameter. :
+ OSVDB-3268: /backup/: Directory indexing found. :
+ OSVDB-3092: /backup/: This might be interesting... :
+ OSVDB-3092: : This might be interesting... possibly a system shell found. :
+ OSVDB-3092: /cgi-bin/test.cgi: This might be interesting... :
+ OSVDB-3268: /icons/: Directory indexing found. :
+ OSVDB-3268: /images/: Directory indexing found. :
+ OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found. :
+ 6448 items checked: 29 error(s) and 18 item(s) reported on remote host :
+ End Time: 2013-05-25 23:16:25 (598 seconds) :
--------------------------------------------------------------------------- :
+ 1 host(s) tested :
18. まず覚えておくと良い表示
● OSVDB
● Open Sourced Vulnerability Database
● http://www.osvdb.org
● * appears to be outdated (current is …
● 最新版じゃないからアップデートしろ!
19. いくつかピックアップ
● + OSVDB-27487: Apache is vulnerable to XSS
via the Expect header :
● http://www.osvdb.org/27487
● 予期せぬヘッダーによるXSSの脆弱性がある
● apache1.3や2.2以前のバージョンのapacheではエラー
メッセージのサニタイズをしていないため
20. いくつかピックアップ
● + OSVDB-877: HTTP TRACE method is active,
suggesting the host is vulnerable to XST :
● http://www.osvdb.org/877
● CrossSiteTracing
● http://www.atmarkit.co.jp/ait/articles/0308/21/news001.ht
ml
● Cross Site Scriptingの一種
● TRACEメソッドを利用する事で、Basic認証のIDとPASS
が盗まれる
● TRACEメソッドを使うアプリはあまりないので、オフに
しておけば、脅威はなくなるが、根本的には、XSSを治
すべき