Security Basics mailing list archives
Re: nikto scan results
From: Marco <gramill () tin it>
Date: Thu, 2 Dec 2004 10:05:00 +0100
Alle 00:40, mercoledì 1 dicembre 2004, Times Enemy ha scritto:
Greetings. For the MS's (just use the search feature): http://www.microsoft.com/ For the CVE's: http://www.cve.mitre.org/cve/ For the SNS's (if you know japanese, it is helpful ;) : http://www.lac.co.jp/security/ http://www.attrition.org/security/advisory/sns/ For the CA's: http://search.cert.org/ For all of these: http://www.google.com/ ciao .teHi, I scan my web server (IIS)with nikto, this is the results I got: Exploit: /?"><script>alert("Vulnerable");</script> Description: IIS is vulnerable to Cross Site Scriptin (XSS). Apply MS02-018.
IIS is vulnerable to Cross Site Scriptin :-) so some one could view your cookies ex : <script>alert(document.cookie);</script> or try to enter if your site use cookie ex: <img src=javascript:void(document.cookie="va_name=true" );>
Exploit: /?\"><script>alert('Vulnerable');</script> Description: IIS is vulnerable to Cross Site Scripting (XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 Exploit: /?\><script>alert('Vulnerable');</script> Description: IIS is vulnerable to Cross Site Scripting (XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 Can someone please explain whats does mean? how I check if this is not a faulse alarm? maybe there are links which can explain what does it mean? thanks !!! JB
sorry for my bad eng. Marco Ramilli www.rrsecurity.info
Current thread:
- RE: nikto scan results Harshul Nayak (Dec 01)
- <Possible follow-ups>
- Re: nikto scan results Times Enemy (Dec 01)
- Re: nikto scan results Marco (Dec 02)