- Nikto --------------------------------------------------------------------------- + Target IP: 44.228.249.3 + Target Hostname: testphp.vulnweb.com + Target Port: 80 + Start Time: 2024-09-24 18:49:37 (GMT-4) --------------------------------------------------------------------------- + Server: nginx/1.19.0 + /: Retrieved x-powered-by header: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1. + /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + /clientaccesspolicy.xml contains a full wildcard entry. See: https://docs.microsoft.com/en-us/previous-versions/windows/silverlight/dotnet-windows-silverlight/cc197955(v=vs.95)?redirectedfrom=MSDN + /clientaccesspolicy.xml contains 12 lines which should be manually viewed for improper domains or wildcards. See: https://www.acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file/ + /crossdomain.xml contains a full wildcard entry. See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html + Scan terminated: 20 error(s) and 5 item(s) reported on remote host + End Time: 2024-09-24 18:50:06 (GMT-4) (29 seconds) --------------------------------------------------------------------------- + 1 host(s) tested