Scan report for "www.glbitm.org"

Membership level: Free member
Summary

Found

36

Duration

1min 1sec

Date

2025-01-05

IP

172.67.163.174

Report
Nikto scan (max 60 sec) (nikto -host www.glbitm.org -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.67.163.174, 104.21.42.165, 2606:4700:3031::6815:2aa5, 2606:4700:3035::ac43:a3ae
+ Target IP:          172.67.163.174
+ Target Hostname:    www.glbitm.org
+ Target Port:        80
+ Start Time:         2025-01-05 12:51:03 (GMT-5)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Retrieved x-powered-by header: ASP.NET.
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=1137&min_rtt=1110&rtt_var=256&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2159&recv_bytes=579&delivery_rate=2496551&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: Uncommon header 'x-powered-by-plesk' found, with contents: PleskWin.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://www.glbitm.org/
+ /w5rfqNfu.xml+: Retrieved x-aspnet-version header: 4.0.30319.
+ /w5rfqNfu.xml+: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /bin/finger: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/wrap.cgi: Allows viewing of directories.
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /bin/gH.cgi: Web backdoor by gH.
+ /bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/AT-admin.cgi: Admin interface.
+ /bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html
+ Scan terminated: 0 error(s) and 36 item(s) reported on remote host
+ End Time:           2025-01-05 12:52:04 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Detailed report
Target
www.glbitm.org
Target IP
172.67.163.174
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host www.glbitm.org -maxtime 60
Duration
Quick report
Scan date
05 Jan 2025 12:52
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID