![]() ![]() + OSVDB-119: /?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. + OSVDB-3268: /?wp-cs-dump: Directory indexing found. + OSVDB-119: /?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. + OSVDB-3268: /?PageServices: Directory indexing found. + OSVDB-3268: ///: Directory indexing found. + OSVDB-3268: /?sql_debug=1: Directory indexing found. + OSVDB-3268: /?mod=alert(okie)&op=browse: Directory indexing found. + OSVDB-576: /%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. + OSVDB-3268: /%2e/: Directory indexing found. + OSVDB-3268: /?OpenServer: Directory indexing found. + OSVDB-3268: /?Open: Directory indexing found. + //: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page. + OSVDB-3268: //: Directory indexing found. + /./: Appending '/./' to a directory allows indexing + OSVDB-3268: /?mod=some_thing&op=browse: Directory indexing found. + OSVDB-3268: /?mod=node&nid=some_thing&op=view: Directory indexing found. + OSVDB-3268: /./: Directory indexing found. + OSVDB-3268: /: Directory indexing found. One thing that I noticed right away was the USERAGENT option: I decided to have a look at nf and see if I could tweak it a little. Scanning seemed really slow, which led me to wonder if there might be something filtering out suspicious traffic that might be giving me incomplete information. I then tried running wfuzz to look for hidden directories but came up with nothing. + 22376 requests: 0 error(s) and 7 item(s) reported on remote host + All CGI directories 'found', use '-C none' to test none I ran nikto against port 8080 and came up with similar results: The same bug was actually exploitable in the first Kioptrix challenge, but not so much in this one as it’s using an updated Apache webserver. One of the more interesting entries that caught my eye in the results was CVE-2002-0082 a remote buffer overflow. + 7354 requests: 0 error(s) and 9 item(s) reported on remote host + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. Apache 2.0.65 (final release) and 2.2.26 are also current. + Apache/2.2.21 appears to be outdated (current is at least Apache/2.4.7). + OpenSSL/0.9.8q appears to be outdated (current is at least 1.0.1e). + PHP/5.3.8 appears to be outdated (current is at least 5.4.26) + mod_ssl/2.2.21 appears to be outdated (current is at least 2.8.31) (may depend on server version) + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /, inode: 67014, size: 152, mtime: Sat Mar 29 13:22:52 2014 This process would need to be automated with dirb or wfuzz, but first, I wanted to run nikto to see if anything interesting popped up. I tried manually typing in common directory and file names but nothing was working. Loading them up on Iceweasel showed nothing remarkable: The port scan revealed only two open ports. ![]() Nmap done: 1 IP address (1 host up) scanned in 6.40 seconds obtaining all open TCP ports using unicornscan.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |