Scan report for "bch.games"

  1. Nikto Online
  2. Scan report for "bch.games"
Membership level: Free member
Summary

Found

245

Duration

1min 1sec

Date

2025-01-03

IP

172.66.43.53

Report
Nikto scan (max 60 sec) (nikto -host bch.games -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.66.43.53, 172.66.40.203, 2606:4700:3108::ac42:2b35, 2606:4700:3108::ac42:28cb
+ Target IP:          172.66.43.53
+ Target Hostname:    bch.games
+ Target Port:        80
+ Start Time:         2025-01-03 22:37:20 (GMT-5)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=1734&min_rtt=1574&rtt_var=620&sent=8&recv=7&lost=0&retrans=0&sent_bytes=7369&recv_bytes=564&delivery_rate=4438994&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ All CGI directories 'found', use '-C none' to test none
+ /webcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-915/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-sys/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-local/cart32.exe: request cart32.exe/cart32clientlist.
+ /scripts/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-win/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-exe/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-home/cart32.exe: request cart32.exe/cart32clientlist.
+ /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin-sdb/cart32.exe: request cart32.exe/cart32clientlist.
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /cgi.cgi/finger.pl: finger other users, may be other commands?.
+ /webcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-914/finger.pl: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /mpcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-bin/finger.pl: finger other users, may be other commands?.
+ /ows-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-sys/finger.pl: finger other users, may be other commands?.
+ /htbin/finger.pl: finger other users, may be other commands?.
+ /cgibin/finger.pl: finger other users, may be other commands?.
+ /cgis/finger.pl: finger other users, may be other commands?.
+ /scripts/finger.pl: finger other users, may be other commands?.
+ /cgi-win/finger.pl: finger other users, may be other commands?.
+ /fcgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger.pl: finger other users, may be other commands?.
+ /cgi-mod/finger.pl: finger other users, may be other commands?.
+ /cgi.cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /webcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-915/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-sys/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /htbin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgibin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgis/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-win/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-bin-sdb/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /cgi.cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /webcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgis/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-win/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /fcgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-exe/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-home/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin-sdb/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-915/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /ows-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-sys/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /htbin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgis/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /scripts/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-exe/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-home/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /scgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin-sdb/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgis/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-win/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-home/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin-sdb/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-mod/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi.cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /webcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-915/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /mpcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /ows-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-sys/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgis/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scripts/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-win/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-perl/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin-sdb/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-mod/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-915/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-sys/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-local/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgibin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-exe/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-perl/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-mod/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page.
+ /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page.
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source.
+ /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ /webcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-915/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-sys/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-local/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgibin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scripts/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /fcgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-exe/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-perl/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin-sdb/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi.cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /webcgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /ows-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-local/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /htbin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgibin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scripts/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-exe/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-perl/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /upload.asp: An ASP page that allows attackers to upload files to server.
+ /wa.exe: An ASP page that allows attackers to upload files to server.
+ /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ /cgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /ows-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /htbin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgibin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgis/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /fcgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-bin-sdb/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi/.cobalt: May allow remote admin of CGI scripts.
+ /mpcgi/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-local/.cobalt: May allow remote admin of CGI scripts.
+ /cgibin/.cobalt: May allow remote admin of CGI scripts.
+ /cgis/.cobalt: May allow remote admin of CGI scripts.
+ /scripts/.cobalt: May allow remote admin of CGI scripts.
+ /fcgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-exe/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-perl/.cobalt: May allow remote admin of CGI scripts.
+ /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-bin-sdb/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-914/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-915/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-sys/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-local/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /htbin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /scripts/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-exe/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-home/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-bin-sdb/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi.cgi/.access: Contains authorization information.
+ /webcgi/.access: Contains authorization information.
+ /cgi-915/.access: Contains authorization information.
+ /bin/.access: Contains authorization information.
+ /ows-bin/.access: Contains authorization information.
+ /cgi-local/.access: Contains authorization information.
+ /cgis/.access: Contains authorization information.
+ /cgi-win/.access: Contains authorization information.
+ /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /webcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-915/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /mpcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /ows-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-sys/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-local/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgis/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /scripts/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-home/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /scgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /site/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo3/typo3conf/: This may contain sensitive TYPO3 files.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /webcart/carts/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /WS_FTP.ini: Can contain saved passwords for FTP sites.
+ /cgi-914/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /mpcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /ows-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /htbin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgis/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-home/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-perl/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /scgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-mod/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17661
+ /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17662
+ /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
+ /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
+ /cgi.cgi/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-914/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-915/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /ows-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-local/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgibin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgis/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /scripts/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-exe/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-perl/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /scgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin-sdb/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-mod/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi.cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-915/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /mpcgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /ows-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /htbin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgibin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /scripts/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-win/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /scgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-bin-sdb/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ Scan terminated: 0 error(s) and 245 item(s) reported on remote host
+ End Time:           2025-01-03 22:38:21 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
bch.games
Target IP
172.66.43.53
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host bch.games -maxtime 60
Duration
Quick report
Scan date
03 Jan 2025 22:38
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID