Scan report for "backend.zyro.com"

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 104.18.43.53, 172.64.144.203, 2606:4700:4400::ac40:90cb, 2606:4700:4400::6812:2b35
+ Target IP:          104.18.43.53
+ Target Hostname:    backend.zyro.com
+ Target Port:        80
+ Start Time:         2024-04-15 08:21:50 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'x-hostinger-datacenter' found, with contents: gcp.
+ /: Uncommon header 'x-hostinger-node' found, with contents: us-central1.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://backend.zyro.com
+ /teUrF7Tv.lock: Uncommon header 'cf-chl-out' found, with contents: oj0VT3Zz+Q7g18KHX3k1bk/aneIxeW3AXpaxD1UPWnPAu10s6FxePUAQ23S3WstMyJUkoP1adHuVvnUPU5HSpUTk2nqouvMIM2bpsKad3Dg+kQ6+Q41nUYkxJ479ie+0/yNOwvPh8ntPYQNOx3ck8w==$BTSVRn/n/noNENKK3LytkQ==.
+ /teUrF7Tv.lock: Uncommon header 'origin-agent-cluster' found, with contents: ?1.
+ /teUrF7Tv.lock: Uncommon header 'cf-mitigated' found, with contents: challenge.
+ /teUrF7Tv.lock: Uncommon header 'accept-ch' found, with contents: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1724
+ /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ /members.asp?SF=%22;}alert(223344);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-4598
+ /forum_members.asp?find=%22;}alert(9823);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-2946
+ /cdn-cgi/trace: Retrieved access-control-allow-origin header: *.
+ /cdn-cgi/trace:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /cdn-cgi/trace: Cloudflare trace CGI found, which may leak some system information.
+ 8053 requests: 0 error(s) and 15 item(s) reported on remote host
+ End Time:           2024-04-15 08:26:41 (GMT-4) (291 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Target

backend.zyro.com

Scan method

Nikto no limit scan

Run command

nikto -host backend.zyro.com

Scan time

291s

Scan date

15 Apr 2024 08:26

Copy scan report

Download report

Remove scan result

$