Scan report for "php.testsparker.com"

  1. Nikto Online
  2. Scan report for "php.testsparker.com"
Membership level: Free member
Summary

Found

13

Duration

1min 1sec

Date

2025-07-03

IP

107.20.213.223

Report
Nikto scan (max 60 sec) (nikto -host php.testsparker.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Target IP:          107.20.213.223
+ Target Hostname:    php.testsparker.com
+ Target Port:        80
+ Start Time:         2025-07-03 18:06:09 (GMT-7)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Win32) PHP/5.2.6
+ /: Retrieved x-powered-by header: PHP/5.2.6.
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt: Server may leak inodes via ETags, header found with file /robots.txt, inode: 4785074604194406, size: 25, mtime: Thu Jul 30 01:09:20 2020. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ /clientaccesspolicy.xml contains a full wildcard entry. See: https://docs.microsoft.com/en-us/previous-versions/windows/silverlight/dotnet-windows-silverlight/cc197955(v=vs.95)?redirectedfrom=MSDN
+ /clientaccesspolicy.xml contains 10 lines which should be manually viewed for improper domains or wildcards. See: https://www.acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file/
+ /crossdomain.xml contains a full wildcard entry. See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html
+ Apache/2.2.8 appears to be outdated (current is at least 2.4.58). Apache 2.2.34 is the EOL for the 2.x branch.
+ PHP/5.2.6 appears to be outdated (current is at least 8.3.0).
+ /index: Uncommon header 'tcn' found, with contents: list.
+ /index: Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. The following alternatives for 'index' were found: index.php. See: http://www.wisec.it/sectou.php?id=4698ebdc59d15,https://exchange.xforce.ibmcloud.com/vulnerabilities/8275
+ PHP/5.2 - PHP 3/4/5 and 7.0 are End of Life products without support.
+ /: Web Server returns a valid response with junk HTTP methods which may cause false positives.
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing
+ Scan terminated: 0 error(s) and 13 item(s) reported on remote host
+ End Time:           2025-07-03 18:07:10 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
php.testsparker.com
Target IP
107.20.213.223
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host php.testsparker.com -maxtime 60
Duration
Quick report
Scan date
03 Jul 2025 21:07
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID