- Nikto --------------------------------------------------------------------------- + Multiple IPs found: 172.67.27.149, 104.22.72.243, 104.22.73.243, 2606:4700:10::6816:49f3, 2606:4700:10::6816:48f3, 2606:4700:10::ac43:1b95 + Target IP: 172.67.27.149 + Target Hostname: cyber.net.pk + Target Port: 80 + Start Time: 2024-09-16 02:40:39 (GMT-4) --------------------------------------------------------------------------- + Server: cloudflare + /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1". + /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist. + /mpcgi/cart32.exe: request cart32.exe/cart32cl+ Scan terminated: 0 error(s) and 2 item(s) reported on remote host + End Time: 2024-09-16 02:41:40 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested art32.exe/cart32clientlist. + /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-sys/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /htbin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgibin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-perl/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /mpcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-sys/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-914/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-win/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/finger: finger other users, may be other commands?. + /cgi-bin/finger: finger other users, may be other commands?. + /cgi-sys/finger: finger other users, may be other commands?. + /cgi-win/finger: finger other users, may be other commands?. + /fcgi-bin/finger: finger other users, may be other commands?. + /cgi-bin-sdb/finger: finger other users, may be other commands?. + /cgi-914/finger.pl: finger other users, may be other commands?. + /mpcgi/finger.pl: finger other users, may be other commands?. + /cgi-bin/finger.pl: finger other users, may be other commands?. + /htbin/finger.pl: finger other users, may be other commands?. + /cgibin/finger.pl: finger other users, may be other commands?. + /fcgi-bin/finger.pl: finger other users, may be other commands?. + /cgi-perl/finger.pl: finger other users, may be other commands?. + /cgi-bin-sdb/finger.pl: finger other users, may be other commands?. + /cgi-914/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-sys/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-win/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi.cgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /mpcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-sys/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /fcgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-bin-sdb/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password. + /cgi-914/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-sys/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-win/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /fcgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-perl/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi.cgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /mpcgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-sys/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /htbin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgibin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-win/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-perl/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-bin-sdb/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon. + /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /htbin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgibin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-perl/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-bin-sdb/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-914/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-sys/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /htbin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /fcgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-perl/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /mpcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-bin-sdb/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available. + /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available. + /vgn/vr/Select: Vignette CMS admin/maintenance script available. + /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401 + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source. + /scripts/tools/dsnform: Allows creation of ODBC Data Source. + /scripts/httpodbc.dll: Possible IIS backdoor found. + /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed. + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent. + /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc + /cgi.cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-914/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /htbin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /fcgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-perl/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-bin-sdb/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi.cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-914/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /htbin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-win/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi.cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /htbin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgibin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-win/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-perl/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /htbin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /cgibin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /cgi-win/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /fcgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /cgi-perl/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /cgi-bin-sdb/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data. + /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094 + /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /htbin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgibin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-win/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-perl/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-bin-sdb/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files. + /wa.exe: An ASP page that allows attackers to upload files to server. + /cgi-914/fpsrvadm.exe: Potentially vulnerable CGI program. + /mpcgi/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi-win/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi-bin-sdb/fpsrvadm.exe: Potentially vulnerable CGI program. + /vgn/ac/edit: Vignette CMS admin/maintenance script available. + /vgn/ac/index: Vignette CMS admin/maintenance script available. + /vgn/asp/style: Vignette CMS admin/maintenance script available. + /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available. + /vgn/jsp/initialize: Vignette CMS admin/maintenance script available. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available. + /vgn/jsp/style: Vignette CMS admin/maintenance script available. + /vgn/legacy/edit: Vignette CMS admin/maintenance script available. + /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file. + /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi-sys/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /htbin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /fcgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi-bin-sdb/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cms/typo3conf/database.sql: TYPO3 SQL file found. + /ws_ftp.ini: Can contain saved passwords for FTP sites. + /mpcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-perl/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-bin-sdb/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details. + /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063 + /cgi-914/shtml.dll: This may allow attackers to retrieve document source. + /htbin/shtml.dll: This may allow attackers to retrieve document source. + /fcgi-bin/shtml.dll: This may allow attackers to retrieve document source. + /cgi-bin-sdb/shtml.dll: This may allow attackers to retrieve document source. + /cgi.cgi/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi-914/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi-sys/aglimpse: This CGI may allow attackers to execute remote commands. + /fcgi-bin/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi-perl/aglimpse: This CGI may allow attackers to execute remote commands. + /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104 + /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands. + /cgi.cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /mpcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgibin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-win/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-bin-sdb/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-sys/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-bin-sdb/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-sys/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgibin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /fcgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-perl/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value. + /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration. + /siteminder: This may be an indication that the server is running Siteminder for SSO. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'. + /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /cgi-sys/archie: Gateway to the unix command, may be able to submit extra commands. + /htbin/archie: Gateway to the unix command, may be able to submit extra commands. + /cgibin/archie: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /htbin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgibin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-win/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi-sys/calendar: Gateway to the unix command, may be able to submit extra commands. + /htbin/calendar: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/calendar: Gateway to the unix command, may be able to submit extra commands. + /mpcgi/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-sys/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/date: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/fortune: Gateway to the unix command, may be able to submit extra commands. + /mpcgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /htbin/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/redirect: Redirects via URL from form. + /mpcgi/redirect: Redirects via URL from form. + /cgi-bin/redirect: Redirects via URL from form. + /cgibin/redirect: Redirects via URL from form. + /cgi-win/redirect: Redirects via URL from form. + /fcgi-bin/redirect: Redirects via URL from form. + /cgi-perl/redirect: Redirects via URL from form. + /cgi-sys/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /mpcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /htbin/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /cgibin/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /CVS/Entries: CVS Entries file may contain directory listing information. + /cgi.cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /mpcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgibin/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi.cgi/nph-error.pl: Gives more information in error messages. + /cgi-914/nph-error.pl: Gives more information in error messages. + /cgi-sys/nph-error.pl: Gives more information in error messages. + /htbin/nph-error.pl: Gives more information in error messages. + /cgibin/nph-error.pl: Gives more information in error messages. + /cgi-win/nph-error.pl: Gives more information in error messages. + /fcgi-bin/nph-error.pl: Gives more information in error messages. + /cgi-perl/nph-error.pl: Gives more information in error messages. + /cgi-bin-sdb/nph-error.pl: Gives more information in error messages. + /cgi.cgi/query: Echoes back result of your GET. + /cgi-914/query: Echoes back result of your GET. + /mpcgi/query: Echoes back result of your GET. + /cgi-bin/query: Echoes back result of your GET. + /htbin/query: Echoes back result of your GET. + /fcgi-bin/query: Echoes back result of your GET. + /cgi-perl/query: Echoes back result of your GET. + /cgi.cgi/test-env: May echo environment variables or give directory listings. + /mpcgi/test-env: May echo environment variables or give directory listings. + /cgi-bin/test-env: May echo environment variables or give directory listings. + /cgi-sys/test-env: May echo environment variables or give directory listings. + /fcgi-bin/test-env: May echo environment variables or give directory listings. + /cgi-bin-sdb/test-env: May echo environment variables or give directory listings. + /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed. + /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /htbin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file. + /cgi.cgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /mpcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /fcgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-bin-sdb/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See: https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018 + /cgi.cgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /htbin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgibin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-bin-sdb/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /mpcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /htbin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /fcgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-perl/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-bin-sdb/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /mpcgi/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgibin/snorkerz.bat: Arguments passed to DOS CGI without checking. + /fcgi-bin/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgi-perl/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgi-bin-sdb/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgi-914/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /mpcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-sys/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /htbin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgibin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-bin-sdb/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded. + /openautoclassifieds/friendmail.php?listing=: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1145 + /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks. See: OSVDB-2754 + /cgi-914/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /mpcgi/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /htbin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgibin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi-win/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi-perl/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi-bin-sdb/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi.cgi/wwwadmin.pl: Administration CGI?. + /cgi-sys/wwwadmin.pl: Administration CGI?. + /htbin/wwwadmin.pl: Administration CGI?. + /cgi-win/wwwadmin.pl: Administration CGI?. + /fcgi-bin/wwwadmin.pl: Administration CGI?. + /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next BadBlue test (B) for possible exploit. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0595 + /cgi.cgi/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgi-914/dumpenv.pl: This CGI gives a lot of information to attackers. + /mpcgi/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgibin/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgi-win/dumpenv.pl: This CGI gives a lot of information to attackers. + /fcgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgi-bin-sdb/dumpenv.pl: This CGI gives a lot of information to attackers. + /cgi.cgi/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi-bin/mkilog.exe: This CGI can give an attacker a lot of information. + /fcgi-bin/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi-perl/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi-bin-sdb/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi.cgi/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi-914/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi-bin/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi-sys/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi-bin-sdb/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi.cgi/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi-914/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi-sys/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /htbin/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi-perl/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs. + /htbin/rpm_query: This CGI allows anyone to see the installed RPMs. + /cgibin/rpm_query: This CGI allows anyone to see the installed RPMs. + /cgi-bin-sdb/rpm_query: This CGI allows anyone to see the installed RPMs. + /cgi.cgi/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi-sys/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgibin/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi-win/ws_ftp.ini: Can contain saved passwords for ftp sites. + /fcgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi-perl/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi-bin-sdb/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi.cgi/WS_FTP.ini: Can contain saved passwords for ftp sites. + /mpcgi/WS_FTP.ini: Can contain saved passwords for ftp sites. + /cgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites. + /cgi-sys/WS_FTP.ini: Can contain saved passwords for ftp sites. + /htbin/WS_FTP.ini: Can contain saved passwords for ftp sites. + /cgi-bin/MachineInfo: Gives out information on the machine. + /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information. See: OSVDB-53304 + /cgi.cgi/view-source?view-source: This allows remote users to view source code. + /mpcgi/view-source?view-source: This allows remote users to view source code. + /htbin/view-source?view-source: This allows remote users to view source code. + /cgibin/view-source?view-source: This allows remote users to view source code. + /cgi-win/view-source?view-source: This allows remote users to view source code. + /fcgi-bin/view-source?view-source: This allows remote users to view source code. + /cgi.cgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /mpcgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /cgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /htbin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /cgibin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /cgi.cgi/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-914/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /htbin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgibin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-perl/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-bin-sdb/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-914/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgi-sys/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /htbin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgibin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /fcgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /mpcgi/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /htbin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgibin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgi-win/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgi-perl/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgi-bin-sdb/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411 + /cgi-914/view-source: This may allow remote arbitrary file retrieval. + /mpcgi/view-source: This may allow remote arbitrary file retrieval. + /cgi-bin/view-source: This may allow remote arbitrary file retrieval. + /cgi-sys/view-source: This may allow remote arbitrary file retrieval. + /cgi-bin-sdb/view-source: This may allow remote arbitrary file retrieval. + /cgi.cgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-sys/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-win/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /fcgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-perl/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-bin-sdb/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi-914/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /mpcgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi-sys/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgibin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi-win/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi-bin-sdb/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /mpcgi/echo.bat: This CGI may allow attackers to execute remote commands. + /fcgi-bin/echo.bat: This CGI may allow attackers to execute remote commands. + /cgi-bin-sdb/echo.bat: This CGI may allow attackers to execute remote commands. + /cgi.cgi/info2www: This CGI allows attackers to execute commands. + /cgi-914/info2www: This CGI allows attackers to execute commands. + /mpcgi/info2www: This CGI allows attackers to execute commands. + /cgibin/info2www: This CGI allows attackers to execute commands. + /cgi-win/info2www: This CGI allows attackers to execute commands. + /cgi-perl/info2www: This CGI allows attackers to execute commands. + /cgi-bin-sdb/info2www: This CGI allows attackers to execute commands. + /cgi.cgi/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host. + /htbin/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgi-win/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgi-bin-sdb/listrec.pl: This CGI allows attackers to execute commands on the host. + Scan terminated: 0 error(s) and 412 item(s) reported on remote host + End Time: 2024-09-16 02:41:40 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested