Scan report for "cyber.net.pk"

  1. Nikto Online
  2. Scan report for "cyber.net.pk"
Membership level: Free member
Summary

Found

-

Duration

1min 1sec

Date

2024-09-16

IP

-

Report
Nikto scan (max 60 sec) (nikto -host cyber.net.pk -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.67.27.149, 104.22.72.243, 104.22.73.243, 2606:4700:10::6816:49f3, 2606:4700:10::6816:48f3, 2606:4700:10::ac43:1b95
+ Target IP:          172.67.27.149
+ Target Hostname:    cyber.net.pk
+ Target Port:        80
+ Start Time:         2024-09-16 02:40:39 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /mpcgi/cart32.exe: request cart32.exe/cart32cl+ Scan terminated: 0 error(s) and 2 item(s) reported on remote host
+ End Time:           2024-09-16 02:41:40 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
art32.exe/cart32clientlist.
+ /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /htbin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/finger: finger other users, may be other commands?.
+ /cgi-bin/finger: finger other users, may be other commands?.
+ /cgi-sys/finger: finger other users, may be other commands?.
+ /cgi-win/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger: finger other users, may be other commands?.
+ /cgi-914/finger.pl: finger other users, may be other commands?.
+ /mpcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-bin/finger.pl: finger other users, may be other commands?.
+ /htbin/finger.pl: finger other users, may be other commands?.
+ /cgibin/finger.pl: finger other users, may be other commands?.
+ /fcgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-perl/finger.pl: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger.pl: finger other users, may be other commands?.
+ /cgi-914/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-sys/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-win/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi.cgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /mpcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-sys/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /fcgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-bin-sdb/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /cgi-914/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-sys/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-win/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /fcgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-perl/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi.cgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /mpcgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-sys/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /htbin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgibin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-win/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-perl/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin-sdb/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /htbin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgibin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-perl/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin-sdb/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-914/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-sys/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /htbin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /fcgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-perl/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /mpcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin-sdb/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source.
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source.
+ /scripts/httpodbc.dll: Possible IIS backdoor found.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
+ /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ /cgi.cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /htbin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /fcgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-perl/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin-sdb/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi.cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /htbin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi.cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /htbin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgibin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-win/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-perl/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /htbin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgibin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-win/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /fcgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-perl/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin-sdb/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094
+ /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /htbin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgibin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-win/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-perl/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin-sdb/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files.
+ /wa.exe: An ASP page that allows attackers to upload files to server.
+ /cgi-914/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /mpcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-win/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-bin-sdb/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /vgn/ac/edit: Vignette CMS admin/maintenance script available.
+ /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /vgn/asp/style: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/style: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-sys/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /htbin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /fcgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-bin-sdb/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /mpcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-perl/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-bin-sdb/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /cgi-914/shtml.dll: This may allow attackers to retrieve document source.
+ /htbin/shtml.dll: This may allow attackers to retrieve document source.
+ /fcgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-bin-sdb/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi.cgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-914/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-sys/aglimpse: This CGI may allow attackers to execute remote commands.
+ /fcgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-perl/aglimpse: This CGI may allow attackers to execute remote commands.
+ /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /cgi.cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /mpcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgibin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-win/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-bin-sdb/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-sys/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin-sdb/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-sys/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgibin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /fcgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-perl/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
+ /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /cgi-sys/archie: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/redirect: Redirects via URL from form.
+ /mpcgi/redirect: Redirects via URL from form.
+ /cgi-bin/redirect: Redirects via URL from form.
+ /cgibin/redirect: Redirects via URL from form.
+ /cgi-win/redirect: Redirects via URL from form.
+ /fcgi-bin/redirect: Redirects via URL from form.
+ /cgi-perl/redirect: Redirects via URL from form.
+ /cgi-sys/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /CVS/Entries: CVS Entries file may contain directory listing information.
+ /cgi.cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /mpcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgibin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi.cgi/nph-error.pl: Gives more information in error messages.
+ /cgi-914/nph-error.pl: Gives more information in error messages.
+ /cgi-sys/nph-error.pl: Gives more information in error messages.
+ /htbin/nph-error.pl: Gives more information in error messages.
+ /cgibin/nph-error.pl: Gives more information in error messages.
+ /cgi-win/nph-error.pl: Gives more information in error messages.
+ /fcgi-bin/nph-error.pl: Gives more information in error messages.
+ /cgi-perl/nph-error.pl: Gives more information in error messages.
+ /cgi-bin-sdb/nph-error.pl: Gives more information in error messages.
+ /cgi.cgi/query: Echoes back result of your GET.
+ /cgi-914/query: Echoes back result of your GET.
+ /mpcgi/query: Echoes back result of your GET.
+ /cgi-bin/query: Echoes back result of your GET.
+ /htbin/query: Echoes back result of your GET.
+ /fcgi-bin/query: Echoes back result of your GET.
+ /cgi-perl/query: Echoes back result of your GET.
+ /cgi.cgi/test-env: May echo environment variables or give directory listings.
+ /mpcgi/test-env: May echo environment variables or give directory listings.
+ /cgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-sys/test-env: May echo environment variables or give directory listings.
+ /fcgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-bin-sdb/test-env: May echo environment variables or give directory listings.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /htbin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /cgi.cgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /mpcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /fcgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-bin-sdb/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See: https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt
+ /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018
+ /cgi.cgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /htbin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgibin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-bin-sdb/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /htbin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /fcgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-perl/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-bin-sdb/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgibin/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /fcgi-bin/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-perl/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-bin-sdb/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-914/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /mpcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-sys/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /htbin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgibin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-bin-sdb/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow.
+ /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1145
+ /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks. See: OSVDB-2754
+ /cgi-914/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /mpcgi/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /htbin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /cgibin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /cgi-win/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /cgi-perl/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /cgi-bin-sdb/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226
+ /cgi.cgi/wwwadmin.pl: Administration CGI?.
+ /cgi-sys/wwwadmin.pl: Administration CGI?.
+ /htbin/wwwadmin.pl: Administration CGI?.
+ /cgi-win/wwwadmin.pl: Administration CGI?.
+ /fcgi-bin/wwwadmin.pl: Administration CGI?.
+ /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next BadBlue test (B) for possible exploit. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0595
+ /cgi.cgi/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgi-914/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /mpcgi/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgibin/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgi-win/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /fcgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgi-bin-sdb/dumpenv.pl: This CGI gives a lot of information to attackers.
+ /cgi.cgi/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
+ /fcgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi-perl/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi-bin-sdb/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi.cgi/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-914/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-bin/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-sys/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-bin-sdb/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi.cgi/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /cgi-914/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /cgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /cgi-sys/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /htbin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /cgi-perl/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ /cgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /htbin/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /cgibin/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /cgi-bin-sdb/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /cgi.cgi/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-sys/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgibin/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-win/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /fcgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-perl/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-bin-sdb/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi.cgi/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /mpcgi/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /cgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /cgi-sys/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /htbin/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /cgi-bin/MachineInfo: Gives out information on the machine.
+ /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information. See: OSVDB-53304
+ /cgi.cgi/view-source?view-source: This allows remote users to view source code.
+ /mpcgi/view-source?view-source: This allows remote users to view source code.
+ /htbin/view-source?view-source: This allows remote users to view source code.
+ /cgibin/view-source?view-source: This allows remote users to view source code.
+ /cgi-win/view-source?view-source: This allows remote users to view source code.
+ /fcgi-bin/view-source?view-source: This allows remote users to view source code.
+ /cgi.cgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /mpcgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /htbin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgibin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgi.cgi/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-914/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /htbin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgibin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-perl/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-bin-sdb/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-914/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /cgi-sys/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /htbin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /cgibin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /fcgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /mpcgi/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /htbin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgibin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-win/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-perl/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-bin-sdb/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-914/view-source: This may allow remote arbitrary file retrieval.
+ /mpcgi/view-source: This may allow remote arbitrary file retrieval.
+ /cgi-bin/view-source: This may allow remote arbitrary file retrieval.
+ /cgi-sys/view-source: This may allow remote arbitrary file retrieval.
+ /cgi-bin-sdb/view-source: This may allow remote arbitrary file retrieval.
+ /cgi.cgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-sys/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-win/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /fcgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-perl/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-bin-sdb/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-914/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /mpcgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-sys/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgibin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-win/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-bin-sdb/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /mpcgi/echo.bat: This CGI may allow attackers to execute remote commands.
+ /fcgi-bin/echo.bat: This CGI may allow attackers to execute remote commands.
+ /cgi-bin-sdb/echo.bat: This CGI may allow attackers to execute remote commands.
+ /cgi.cgi/info2www: This CGI allows attackers to execute commands.
+ /cgi-914/info2www: This CGI allows attackers to execute commands.
+ /mpcgi/info2www: This CGI allows attackers to execute commands.
+ /cgibin/info2www: This CGI allows attackers to execute commands.
+ /cgi-win/info2www: This CGI allows attackers to execute commands.
+ /cgi-perl/info2www: This CGI allows attackers to execute commands.
+ /cgi-bin-sdb/info2www: This CGI allows attackers to execute commands.
+ /cgi.cgi/listrec.pl: This CGI allows attackers to execute commands on the host.
+ /cgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host.
+ /htbin/listrec.pl: This CGI allows attackers to execute commands on the host.
+ /cgi-win/listrec.pl: This CGI allows attackers to execute commands on the host.
+ /cgi-bin-sdb/listrec.pl: This CGI allows attackers to execute commands on the host.
+ Scan terminated: 0 error(s) and 412 item(s) reported on remote host
+ End Time:           2024-09-16 02:41:40 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
cyber.net.pk
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host cyber.net.pk -maxtime 60
Duration
Quick report
Scan date
16 Sep 2024 02:41
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID