Nikto scan (max 60 sec) (nikto -host www.g2g.com -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 18.173.132.53, 18.173.132.120, 18.173.132.35, 18.173.132.56
+ Target IP: 18.173.132.53
+ Target Hostname: www.g2g.com
+ Target Port: 80
+ Start Time: 2024-09-12 10:24:10 (GMT-4)
---------------------------------------------------------------------------
+ Server: CloudFront
+ /: Retrieved via header: 1.1 e2730004afe9197a527c2569a0e0d39a.cloudfront.net (CloudFront).
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://www.g2g.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ : Server banner changed from 'CloudFront' to 'AmazonS3'.
+ /: Web Server returns a valid response with junk HTTP methods which may cause false positives.
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0926
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
+ /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI. See: https://seclists.org/fulldisclosure/2014/Feb/171
+ /wordpress/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI. See: https://seclists.org/fulldisclosure/2014/Feb/171
+ 8073 requests: 0 error(s) and 13 item(s) reported on remote host
+ End Time: 2024-09-12 10:24:34 (GMT-4) (24 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested