192.168.247.132 / 192.168.247.132 port 80
Target IP 192.168.247.132
Target hostname 192.168.247.132
Target Port 80
HTTP Server Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/3.0.17 mod_perl/2.0.4 Perl/v5.10.1
Site Link (Name) http://192.168.247.132:80/WackoPicko/
Site Link (IP) http://192.168.247.132:80/WackoPicko/

URI /WackoPicko/
HTTP Method GET
Description Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.5
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method GET
Description The anti-clickjacking X-Frame-Options header is not present.
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method GET
Description Cookie PHPSESSID created without the httponly flag
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/images
HTTP Method GET
Description IP address found in the 'location' header. The IP is "127.0.1.1".
Test Links http://192.168.247.132:80/WackoPicko/images
http://192.168.247.132:80/WackoPicko/images
OSVDB Entries OSVDB-0
URI /WackoPicko/images
HTTP Method GET
Description IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://127.0.1.1/WackoPicko/images/".
Test Links http://192.168.247.132:80/WackoPicko/images
http://192.168.247.132:80/WackoPicko/images
OSVDB Entries OSVDB-630
URI /WackoPicko/
HTTP Method HEAD
Description Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.7). Apache 2.0.65 (final release) and 2.2.26 are also current.
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description mod_ssl/2.2.14 appears to be outdated (current is at least 2.8.31) (may depend on server version)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description mod_mono/2.4.3 appears to be outdated (current is at least 2.8)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1e). OpenSSL 0.9.8r is also current.
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description Python/2.6.5 appears to be outdated (current is at least 2.7.5)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description PHP/5.3.2-1ubuntu4.5 appears to be outdated (current is at least 5.4.26)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description Perl/v5.10.1 appears to be outdated (current is at least v5.14.2)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method HEAD
Description proxy_html/3.0.1 appears to be outdated (current is at least 3.1.2)
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/index
HTTP Method GET
Description Uncommon header 'tcn' found, with contents: list
Test Links http://192.168.247.132:80/WackoPicko/index
http://192.168.247.132:80/WackoPicko/index
OSVDB Entries OSVDB-0
URI /WackoPicko/index
HTTP Method GET
Description Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
Test Links http://192.168.247.132:80/WackoPicko/index
http://192.168.247.132:80/WackoPicko/index
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method GET
Description mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/3.0.17 mod_perl/2.0.4 Perl/v5.10.1 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. CVE-2002-0082, OSVDB-756.
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method OPTIONS
Description Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method WMJKMRHB
Description Web Server returns a valid response with junk HTTP methods, this may cause false positives.
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-0
URI /WackoPicko/
HTTP Method TRACE
Description HTTP TRACE method is active, suggesting the host is vulnerable to XST
Test Links http://192.168.247.132:80/WackoPicko/
http://192.168.247.132:80/WackoPicko/
OSVDB Entries OSVDB-877
URI /WackoPicko/guestbook/guestbookdat
HTTP Method GET
Description /WackoPicko/guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
Test Links http://192.168.247.132:80/WackoPicko/guestbook/guestbookdat
http://192.168.247.132:80/WackoPicko/guestbook/guestbookdat
OSVDB Entries OSVDB-0
URI /WackoPicko/guestbook/pwd
HTTP Method GET
Description /WackoPicko/guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
Test Links http://192.168.247.132:80/WackoPicko/guestbook/pwd
http://192.168.247.132:80/WackoPicko/guestbook/pwd
OSVDB Entries OSVDB-0
URI /WackoPicko/guestbook/admin.php
HTTP Method GET
Description /WackoPicko/guestbook/admin.php: Guestbook admin page available without authentication.
Test Links http://192.168.247.132:80/WackoPicko/guestbook/admin.php
http://192.168.247.132:80/WackoPicko/guestbook/admin.php
OSVDB Entries OSVDB-0
URI /WackoPicko/guestbook/admin/o12guest.mdb
HTTP Method GET
Description /WackoPicko/guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
Test Links http://192.168.247.132:80/WackoPicko/guestbook/admin/o12guest.mdb
http://192.168.247.132:80/WackoPicko/guestbook/admin/o12guest.mdb
OSVDB Entries OSVDB-52975
URI /WackoPicko/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
HTTP Method GET
Description /WackoPicko/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
Test Links http://192.168.247.132:80/WackoPicko/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
http://192.168.247.132:80/WackoPicko/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
OSVDB Entries OSVDB-2754
URI /WackoPicko/admin/login.php?action=insert&username=test&password=test
HTTP Method GET
Description /WackoPicko/admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
Test Links http://192.168.247.132:80/WackoPicko/admin/login.php?action=insert&username=test&password=test
http://192.168.247.132:80/WackoPicko/admin/login.php?action=insert&username=test&password=test
OSVDB Entries OSVDB-5034
URI /WackoPicko/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
HTTP Method GET
Description /WackoPicko/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Test Links http://192.168.247.132:80/WackoPicko/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
http://192.168.247.132:80/WackoPicko/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
OSVDB Entries OSVDB-12184
URI /WackoPicko/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
HTTP Method GET
Description /WackoPicko/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Test Links http://192.168.247.132:80/WackoPicko/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
http://192.168.247.132:80/WackoPicko/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
OSVDB Entries OSVDB-12184
URI /WackoPicko/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
HTTP Method GET
Description /WackoPicko/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Test Links http://192.168.247.132:80/WackoPicko/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
http://192.168.247.132:80/WackoPicko/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
OSVDB Entries OSVDB-12184
URI /WackoPicko/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
HTTP Method GET
Description /WackoPicko/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Test Links http://192.168.247.132:80/WackoPicko/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
http://192.168.247.132:80/WackoPicko/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
OSVDB Entries OSVDB-12184
URI /WackoPicko/cart/
HTTP Method GET
Description /WackoPicko/cart/: Directory indexing found.
Test Links http://192.168.247.132:80/WackoPicko/cart/
http://192.168.247.132:80/WackoPicko/cart/
OSVDB Entries OSVDB-3268
URI /WackoPicko/cart/
HTTP Method GET
Description /WackoPicko/cart/: This might be interesting...
Test Links http://192.168.247.132:80/WackoPicko/cart/
http://192.168.247.132:80/WackoPicko/cart/
OSVDB Entries OSVDB-3092
URI /WackoPicko/guestbook/
HTTP Method GET
Description /WackoPicko/guestbook/: This might be interesting...
Test Links http://192.168.247.132:80/WackoPicko/guestbook/
http://192.168.247.132:80/WackoPicko/guestbook/
OSVDB Entries OSVDB-3092
URI /WackoPicko/test/
HTTP Method GET
Description /WackoPicko/test/: This might be interesting...
Test Links http://192.168.247.132:80/WackoPicko/test/
http://192.168.247.132:80/WackoPicko/test/
OSVDB Entries OSVDB-3092
URI /WackoPicko/users/
HTTP Method GET
Description /WackoPicko/users/: Directory indexing found.
Test Links http://192.168.247.132:80/WackoPicko/users/
http://192.168.247.132:80/WackoPicko/users/
OSVDB Entries OSVDB-3268
URI /WackoPicko/users/
HTTP Method GET
Description /WackoPicko/users/: This might be interesting...
Test Links http://192.168.247.132:80/WackoPicko/users/
http://192.168.247.132:80/WackoPicko/users/
OSVDB Entries OSVDB-3092
URI /WackoPicko/images/
HTTP Method GET
Description /WackoPicko/images/: Directory indexing found.
Test Links http://192.168.247.132:80/WackoPicko/images/
http://192.168.247.132:80/WackoPicko/images/
OSVDB Entries OSVDB-3268
URI /WackoPicko/images/?pattern=/etc/*&sort=name
HTTP Method GET
Description /WackoPicko/images/?pattern=/etc/*&sort=name: Directory indexing found.
Test Links http://192.168.247.132:80/WackoPicko/images/?pattern=/etc/*&sort=name
http://192.168.247.132:80/WackoPicko/images/?pattern=/etc/*&sort=name
OSVDB Entries OSVDB-3268
URI /WackoPicko/admin/login.php
HTTP Method GET
Description /WackoPicko/admin/login.php: Admin login page/section found.
Test Links http://192.168.247.132:80/WackoPicko/admin/login.php
http://192.168.247.132:80/WackoPicko/admin/login.php
OSVDB Entries OSVDB-0
URI /WackoPicko/test.php
HTTP Method GET
Description /WackoPicko/test.php: This might be interesting...
Test Links http://192.168.247.132:80/WackoPicko/test.php
http://192.168.247.132:80/WackoPicko/test.php
OSVDB Entries OSVDB-3092

Host Summary
Start Time 2015-06-11 23:03:05
End Time 2015-06-11 23:04:54
Elapsed Time 109 seconds
Statistics 6605 requests, 0 errors, 40 findings

Scan Summary
Software Details Nikto 2.1.6
CLI Options -host http://192.168.247.132/WackoPicko/ -o NiktoWacko.htm -Format htm -id scanner1:****
Hosts Tested 1
Start Time Thu Jun 11 23:03:02 2015
End Time Thu Jun 11 23:04:54 2015
Elapsed Time 112 seconds