Home page logo
/

basics logo Security Basics mailing list archives

Re: nikto scan results
From: Marco <gramill () tin it>
Date: Thu, 2 Dec 2004 10:05:00 +0100

Alle 00:40, mercoledì 1 dicembre 2004, Times Enemy ha scritto:
Greetings.

For the MS's (just use the search feature):
http://www.microsoft.com/

For the CVE's:
http://www.cve.mitre.org/cve/

For the SNS's (if you know japanese, it is helpful ;) :
http://www.lac.co.jp/security/
http://www.attrition.org/security/advisory/sns/

For the CA's:
http://search.cert.org/


For all of these:
http://www.google.com/


ciao
.te

Hi,

I scan my web server  (IIS)with nikto,

this is the results I got:


Exploit: /?"><script>alert("Vulnerable");</script>
Description: IIS is vulnerable to Cross Site Scriptin
(XSS). Apply MS02-018.

 IIS is vulnerable to Cross Site Scriptin :-)
so some one could view your cookies
ex :
<script>alert(document.cookie);</script>

or try to enter if your site use cookie

ex:

<img src=javascript:void(document.cookie="va_name=true" );>



Exploit: /?\"><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Exploit: /?\><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Can someone please explain whats does mean? how I
check if this is not a faulse alarm? maybe there are
links which can explain what does it mean?

thanks !!!

JB

sorry for my bad eng.

Marco Ramilli
www.rrsecurity.info


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]