- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.168.218, 104.18.169.218, 2606:4700::6812:a8da, 2606:4700::6812:a9da
+ Target IP:          104.18.168.218
+ Target Hostname:    simple.ripley.cl
+ Target Port:        80
+ Start Time:         2024-11-14 12:36:36 (GMT-5)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ All CGI directories 'found', use '-C none' to test none
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /cgi-915/finger.pl: finger other users, may be other commands?.
+ /cgi/finger.pl: finger other users, may be other commands?.
+ /cgi-bin/finger.pl: finger other users, may be other commands?.
+ /ows-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-local/finger.pl: finger other users, may be other commands?.
+ /htbin/finger.pl: finger other users, may be other commands?.
+ /cgibin/finger.pl: finger other users, may be other commands?.
+ /cgi-win/finger.pl: finger other users, may be other commands?.
+ /cgi-exe/finger.pl: finger other users, may be other commands?.
+ /cgi-home/finger.pl: finger other users, may be other commands?.
+ /scgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger.pl: finger other users, may be other commands?.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /webcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-915/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /ows-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /htbin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgibin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgis/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /fcgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-home/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-perl/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /scgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-mod/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /guestbook/admin.php: Guestbook admin page available without authentication.
+ /cgi-915/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /ows-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-local/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgis/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin-sdb/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-915/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /ows-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-local/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgibin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /fcgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-home/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin-sdb/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /prd.i/pgen/: Has MS Merchant Server 1.0.
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ Scan terminated: 0 error(s) and 63 item(s) reported on remote host
+ End Time:           2024-11-14 12:37:37 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested