Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nikto scan results

From: Marco <gramill () tin it>
Date: Thu, 2 Dec 2004 10:05:00 +0100
Alle 00:40, mercoledì 1 dicembre 2004, Times Enemy ha scritto:

Greetings.

For the MS's (just use the search feature):
http://www.microsoft.com/

For the CVE's:
http://www.cve.mitre.org/cve/

For the SNS's (if you know japanese, it is helpful ;) :
http://www.lac.co.jp/security/
http://www.attrition.org/security/advisory/sns/

For the CA's:
http://search.cert.org/


For all of these:
http://www.google.com/


ciao
.te


Hi,

I scan my web server  (IIS)with nikto,

this is the results I got:


Exploit: /?"><script>alert("Vulnerable");</script>
Description: IIS is vulnerable to Cross Site Scriptin
(XSS). Apply MS02-018.


 IIS is vulnerable to Cross Site Scriptin :-)
so some one could view your cookies
ex :
<script>alert(document.cookie);</script>

or try to enter if your site use cookie

ex:

<img src=javascript:void(document.cookie="va_name=true" );>




Exploit: /?\"><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Exploit: /?\><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Can someone please explain whats does mean? how I
check if this is not a faulse alarm? maybe there are
links which can explain what does it mean?

thanks !!!

JB


sorry for my bad eng.

Marco Ramilli
www.rrsecurity.info
Previous By Date Next
Previous By Thread Next

Current thread: