- Nikto v2.03/2.04 --------------------------------------------------------------------------- + Target IP: 208.66.16.113 + Target Hostname: cayu.com.ar + Target Port: 80 + Start Time: 2008-10-10 14:33:47 --------------------------------------------------------------------------- + Server: Apache + No CGI Directories found (use '-C all' to force check all possible dirs) + OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.0-8+etch11 + OSVDB-0: GET /index.php?module=My_eGallery : My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. + OSVDB-3233: GET /phpinfo.php : Contains PHP configuration information + OSVDB-0: GET /modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid : PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version. + OSVDB-0: GET /nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid : PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version. + OSVDB-0: GET /phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid : PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version. + OSVDB-0: GET /phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid : PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version. + OSVDB-3092: GET /sitemap.xml : This gives a nice listing of the site content. + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details + OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.